IETF Logo Mail Archive

Re: [Uta] [art] Artart last call review of draft-ietf-uta-rfc7525bis-09

Cullen Jennings <fluffy@iii.ca> Mon, 01 August 2022 20:58 UTC

Return-Path: <fluffy@iii.ca>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D2DDC14EB1E for <uta@ietfa.amsl.com>; Mon, 1 Aug 2022 13:58:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XUSaNEkTm5QX for <uta@ietfa.amsl.com>; Mon, 1 Aug 2022 13:58:48 -0700 (PDT)
Received: from smtp101.iad3b.emailsrvr.com (smtp101.iad3b.emailsrvr.com [146.20.161.101]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7ADFC15C521 for <uta@ietf.org>; Mon, 1 Aug 2022 13:58:10 -0700 (PDT)
X-Auth-ID: fluffy@iii.ca
Received: by smtp13.relay.iad3b.emailsrvr.com (Authenticated sender: fluffy-AT-iii.ca) with ESMTPSA id 6A0D660185; Mon, 1 Aug 2022 16:58:09 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <e7b17bbe-0b6b-2a54-2100-b220a9afa92e@stpeter.im>
Date: Mon, 01 Aug 2022 14:58:08 -0600
Cc: draft-ietf-uta-rfc7525bis.all@ietf.org, "art@ietf.org" <art@ietf.org>, last-call@ietf.org, uta@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <B186BFAC-6584-4395-837E-C8F09FE6AEC7@iii.ca>
References: <165728991008.45773.10659091812976572509@ietfa.amsl.com> <4c7fcbfe-5055-d33d-e1d1-27e85592551a@stpeter.im> <A0DD6035-C9D1-4FEC-A5E7-7D95FFC55602@iii.ca> <9c9922a8-93b5-611f-6433-dbac122dcc4f@stpeter.im> <e7b17bbe-0b6b-2a54-2100-b220a9afa92e@stpeter.im>
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
X-Classification-ID: 2f0189f5-1ef6-4721-9a76-e1c3b75e517c-1-1
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/4z4xW2ckdNoyrViU4eGAAzqhYZI>
Subject: Re: [Uta] [art] Artart last call review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2022 20:58:49 -0000


> On Jul 30, 2022, at 1:40 PM, Peter Saint-Andre <stpeter@stpeter.im> wrote:
> 
> Hi again,
> 
> The authors have conferred on this and at this time we don't think that we can recommend anything other than EC ciphers, for several reasons:
> 
> 1. DHE negotiation is broken.

Perhaps a bit more explanation in the draft about the issues with DHE-RSA (in context of 7919) would help. I was under the perhaps mistaken perception that the RFC 7919 was not subject to the Raccoon attack and that there were mitigation for the Racoon timing attacks. Given the reliance on a single class of algorithms, I think it would be worth highlighting the risks and provide good info on why alternatives don’t work. 
 
> 
> 2. Static RSA is out of the question.

I agree but would prefer that was phrased as things don’t provide PFS are out of the question, not that RSA is not usable. I see lots of confusion of those two. I will note that, if EC was broken by quantum or optical computers but RSA was not, I’m pretty sure I would be switching to something with no PFS vs something that was broken. 

> 
> 3. Post-quantum (PQ) methods aren't ready yet.

agree (thought I think they are getting surprising close and probably plan to ship them well ahead of any schedule I imagine the IETF getting around to agreeing on )

> 
> Our forecast is that a few years from now the PQ methods will be ready for recommending in 7525ter, but for now EC is the best we can do.
> 
> Peter

v2.23.0 | Report a Bug | By Email