IETF Logo Mail Archive

[TLS] Deprecating more (DSA?) (was Re: Deprecating RC4 (was: draft-ietf-tls-encrypt-then-mac))

Hanno Böck <hanno@hboeck.de> Tue, 15 April 2014 13:34 UTC

Return-Path: <hanno@hboeck.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14F681A046C for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 06:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.898
X-Spam-Level: *
X-Spam-Status: No, score=1.898 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tVLosB1BHXL8 for <tls@ietfa.amsl.com>; Tue, 15 Apr 2014 06:34:48 -0700 (PDT)
Received: from zucker.schokokeks.org (zucker.schokokeks.org [178.63.68.96]) by ietfa.amsl.com (Postfix) with ESMTP id AF90D1A0430 for <tls@ietf.org>; Tue, 15 Apr 2014 06:34:48 -0700 (PDT)
Received: from localhost (91-64-50-86-dynip.superkabel.de [::ffff:91.64.50.86]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3, 128bits, AES128-GCM-SHA256) by zucker.schokokeks.org with ESMTPSA; Tue, 15 Apr 2014 15:34:43 +0200 id 0000000000020007.00000000534D3573.00004F36
Date: Tue, 15 Apr 2014 15:34:35 +0200
From: Hanno Böck <hanno@hboeck.de>
To: tls@ietf.org
Message-ID: <20140415153435.7f82b3a0@hboeck.de>
In-Reply-To: <CABcZeBOvxL7Zws0UNowViBWGaVBgfm3zXt8=dNPKffGfN3q2gA@mail.gmail.com>
References: <CABcZeBOvxL7Zws0UNowViBWGaVBgfm3zXt8=dNPKffGfN3q2gA@mail.gmail.com>
X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.23; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-20278-1397568883-0001-2"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/-cisCc7VuC3CbjTHfg41PbhXLYg
Subject: [TLS] Deprecating more (DSA?) (was Re: Deprecating RC4 (was: draft-ietf-tls-encrypt-then-mac))
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Apr 2014 13:34:53 -0000

On Fri, 11 Apr 2014 11:50:22 -0700
Eric Rescorla <ekr@rtfm.com> wrote:

> Andrei Popov has refreshed his draft on deprecating RC4:

+1 from me.

But: I think we should have this discussion more broadly. What
other algorithms exist in the TLS spec that should see deprecation? I
think there is a bunch of cruft that really shouldn't be deployed
anywhere, because we should have learned from heartbleed that code
laying around that nobody uses can be a problem.

E.g. what about deprecating DSA? Quick facts that let me believe it is
ready:
* DSA is only widely supported with 1024 bit and there is wide
  agreement that this is bad (RSA keys with 1024 bit are almost extinct)
* Everyone uses RSA anyway, DSA keys on real world websites are
  basically nonexistent (someone with fast access to one of the latest
  internet-wide scan datasets could check that).
* DSA is very weak if used with bad random numbers, see e.g. latest
  dual ec research, where they got the DSA private keys easily (this
  argument is also true for ecdsa, but I'm aware that deprecating ecdsa
  is probably much more controversial, so I say lets start with the
  easy one and deprecate DSA).
* Removing DSA suites would reduce size of TLS handshake.


I never wrote an RFC before, but if there is reasonable agreement that
DSA removal makes sense I could think of going ahead and writing a
draft similar to the RC4 one on DSA.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42

v2.23.0 | Report a Bug | By Email