[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[rtcweb] Security architecture: Making ECDSA mandatory

From: Martin Thomson <martin.thomson at gmail.com>
To: "rtcweb at ietf.org" <rtcweb at ietf.org>
Date: Fri, 12 Jun 2015 15:06:43 -0700
List-id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>

I've opened https://github.com/rtcweb-wg/security-arch/pull/33

This changes the MTI cipher suites to ECDSA and does a little cleanup
on the corresponding API requirements to more closely match what has
just landed in the W3C specification.

We discussed ECDSA and the only concerns raised were with
compatibility.  I've done some testing with other implementations with
no issues, and ECDSA seems to be well supported on all those
hard-to-upgrade PSTN gateways (thanks to Cullen and Ethan for helping
out with checks there and to NIST for creating certification pressure
with FIPS-2).

I have an implementation that switches Firefox to ECDSA with P-256 by
default.  It's much, much faster.  http://bench.cr.yp.to/ claims that
it's 150 times faster on mobile devices for keygen.

Follow-Ups:
- Re: [rtcweb] Security architecture: Making ECDSA mandatory
  - From: Alfred E. Heggestad
- Re: [rtcweb] Security architecture: Making ECDSA mandatory
  - From: Harald Alvestrand

Prev by Date: Re: [rtcweb] Ben Campbell's Yes on draft-ietf-rtcweb-rtp-usage-24: (with COMMENT)
Next by Date: [rtcweb] Updated WG Last call for draft-ietf-rtcweb-stun-consent-freshness
Previous by thread: [rtcweb] I-D Action: draft-ietf-rtcweb-video-06.txt
Next by thread: Re: [rtcweb] Security architecture: Making ECDSA mandatory
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.