[TLS] Deprecating more (DSA?) (was Re: Deprecating RC4 (was: draft-ietf-tls-encrypt-then-mac))
Hanno Böck <hanno@hboeck.de> Tue, 15 April 2014 13:34 UTC
Return-Path: <hanno@hboeck.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14F681A046C for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 06:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.898
X-Spam-Level: *
X-Spam-Status: No, score=1.898 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tVLosB1BHXL8 for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 06:34:48 -0700 (PDT)
Received: from zucker.schokokeks.org (zucker.schokokeks.org [178.63.68.96]) by ietfa.amsl.com (Postfix) with ESMTP id AF90D1A0430 for <tls@ietf.org>; Tue, 15 Apr 2014 06:34:48 -0700 (PDT)
Received: from localhost (91-64-50-86-dynip.superkabel.de [::ffff:91.64.50.86]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3, 128bits, AES128-GCM-SHA256) by zucker.schokokeks.org with ESMTPSA; Tue, 15 Apr 2014 15:34:43 +0200 id 0000000000020007.00000000534D3573.00004F36
Date: Tue, 15 Apr 2014 15:34:35 +0200
From: Hanno Böck <hanno@hboeck.de>
To: tls@ietf.org
Message-ID: <20140415153435.7f82b3a0@hboeck.de>
In-Reply-To: <CABcZeBOvxL7Zws0UNowViBWGaVBgfm3zXt8=dNPKffGfN3q2gA@mail.gmail.com>
References: <CABcZeBOvxL7Zws0UNowViBWGaVBgfm3zXt8=dNPKffGfN3q2gA@mail.gmail.com>
X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.23; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-20278-1397568883-0001-2"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/-cisCc7VuC3CbjTHfg41PbhXLYg
Subject: [TLS] Deprecating more (DSA?) (was Re: Deprecating RC4 (was: draft-ietf-tls-encrypt-then-mac))
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 13:34:53 -0000
On Fri, 11 Apr 2014 11:50:22 -0700 Eric Rescorla <ekr@rtfm.com> wrote: > Andrei Popov has refreshed his draft on deprecating RC4: +1 from me. But: I think we should have this discussion more broadly. What other algorithms exist in the TLS spec that should see deprecation? I think there is a bunch of cruft that really shouldn't be deployed anywhere, because we should have learned from heartbleed that code laying around that nobody uses can be a problem. E.g. what about deprecating DSA? Quick facts that let me believe it is ready: * DSA is only widely supported with 1024 bit and there is wide agreement that this is bad (RSA keys with 1024 bit are almost extinct) * Everyone uses RSA anyway, DSA keys on real world websites are basically nonexistent (someone with fast access to one of the latest internet-wide scan datasets could check that). * DSA is very weak if used with bad random numbers, see e.g. latest dual ec research, where they got the DSA private keys easily (this argument is also true for ecdsa, but I'm aware that deprecating ecdsa is probably much more controversial, so I say lets start with the easy one and deprecate DSA). * Removing DSA suites would reduce size of TLS handshake. I never wrote an RFC before, but if there is reasonable agreement that DSA removal makes sense I could think of going ahead and writing a draft similar to the RC4 one on DSA. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: BBB51E42
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Matt Caswell
- [TLS] Deprecating RC4 (was: draft-ietf-tls-encryp… Eric Rescorla
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Martin Thomson
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Kurt Roeckx
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Daniel Kahn Gillmor
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Peter Yee
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Andrei Popov
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Stephen Checkoway
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Yoav Nir
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Geoffrey Keating
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Jim Schaad
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Manuel Pégourié-Gonnard
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Johannes Merkle
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Stephen Farrell
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Richard Hartmann
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Yoav Nir
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Warren Kumari
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Eric Rescorla
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Martin Rex
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Martin Thomson
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Martin Rex
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Watson Ladd
- Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-en… Bill Frantz
- [TLS] Deprecating more (DSA?) (was Re: Deprecatin… Hanno Böck
- Re: [TLS] Deprecating more (DSA?) (was Re: Deprec… Yoav Nir
- Re: [TLS] Deprecating more (DSA?) (was Re: Deprec… Hanno Böck
- Re: [TLS] Deprecating more (DSA?) (was Re: Deprec… Daniel Kahn Gillmor
- Re: [TLS] Deprecating more (DSA?) (was Re: Deprec… Hanno Böck
- Re: [TLS] Deprecating more (DSA?) (was Re: Deprec… Tom Ritter
- Re: [TLS] Deprecating more (DSA?) Alyssa Rowan
- Re: [TLS] Deprecating more (DSA?) Joseph Salowey (jsalowey)
- Re: [TLS] Deprecating more (DSA?) Watson Ladd
- Re: [TLS] Deprecating more (DSA?) Alyssa Rowan
- Re: [TLS] Deprecating more (DSA?) Johannes Merkle
- Re: [TLS] Deprecating more (DSA?) Brian Sniffen
- Re: [TLS] Deprecating more (DSA?) Bill Frantz
- Re: [TLS] Deprecating more (DSA?) Watson Ladd
- Re: [TLS] Deprecating more (DSA?) Samuel Neves
- Re: [TLS] Deprecating more (DSA?) Bill Frantz