Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx

Kurt Roeckx <kurt@roeckx.be> Thu, 13 March 2014 20:00 UTC

Return-Path: <kurt@roeckx.be>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD2B11A072A for <tls@ietfa.amsl.com>; Thu, 13 Mar 2014 13:00:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ypo3g4bz5EkX for <tls@ietfa.amsl.com>; Thu, 13 Mar 2014 13:00:57 -0700 (PDT)
Received: from defiant.e-webshops.eu (defiant.e-webshops.eu [82.146.122.140]) by ietfa.amsl.com (Postfix) with ESMTP id 90CEC1A07D9 for <tls@ietf.org>; Thu, 13 Mar 2014 13:00:57 -0700 (PDT)
Received: from intrepid.roeckx.be (localhost [127.0.0.1]) by defiant.e-webshops.eu (Postfix) with ESMTP id C3C8D1C21FA; Thu, 13 Mar 2014 21:00:49 +0100 (CET)
Received: by intrepid.roeckx.be (Postfix, from userid 1000) id A26461FE01C3; Thu, 13 Mar 2014 21:00:49 +0100 (CET)
Date: Thu, 13 Mar 2014 21:00:49 +0100
From: Kurt Roeckx <kurt@roeckx.be>
To: mrex@sap.com
Message-ID: <20140313200049.GA28402@roeckx.be>
References: <5321FAB1.2070309@gmail.com> <20140313192345.5F4D91AC4A@ld9781.wdf.sap.corp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20140313192345.5F4D91AC4A@ld9781.wdf.sap.corp>
User-Agent: Mutt/1.5.22 (2013-10-16)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/zyy5XMBmpkSS_g1IqRmup3wD2-Y
Cc: "Pégourié-Gonnard <mpg@polarssl.org>"@roeckx.be, Manuel@roeckx.be, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Mar 2014 20:00:59 -0000

On Thu, Mar 13, 2014 at 08:23:45PM +0100, Martin Rex wrote:
> I strongly frown upon the idea of resurrecting DH_anon cipher suites
> from their cold grave, let alone adding new cruft.
> 
> Generate Server Keys on the fly just like SSH does.  Resurrecting
> DH_anon turns an initial-leap-of-faith into eternal-leaps-of-faith.

You can't do authenticated encryption with SMTP in most of the
cases.  DANE is currently about the best way to move to
authenticated encrypted SMTP, however there are very few sites
that bother to set up DNSSEC and DANE.

Since it's SMTP is now not authenticated it makes perfect sense to
use anonymous DH.  The best option for that is currently
TLS_DH_anon_WITH_AES_XXX-GCM-SHAXXX, and this would add the ECDH
version.

I would agree that moving to authenticated encryption would be the
best, but since we can't do authenticated encryption we should go
for the best thing we can do without authentication, and that
would be this proposal.

I'm not sure what you mean with your comment about SSH, but I do
hope that you actually check the fingerprint of the host you're
connecting to.


Kurt