Re: [TLS] Correction: early codepoint assignment for Curve25519, Curve448, Ed25519 and Ed448

2016-01-14 Thread Brian Smith
Simon Josefsson wrote: > Allocating a code point for X25519 could be done and is long overdue > (first draft September 2013). X448 is also stable. Code points for > Ed25519 and Ed448 is more problematic since TLS authentication has > historically had interaction with PKIX certs. I agree with Y

Re: [TLS] Correction: early codepoint assignment for Curve25519, Curve448, Ed25519 and Ed448

2016-01-14 Thread Eric Rescorla
I concur. -Ekr On Thu, Jan 14, 2016 at 7:14 AM, Simon Josefsson wrote: > Allocating a code point for X25519 could be done and is long overdue > (first draft September 2013). X448 is also stable. Code points for > Ed25519 and Ed448 is more problematic since TLS authentication has > historical

Re: [TLS] Correction: early codepoint assignment for Curve25519, Curve448, Ed25519 and Ed448

2016-01-14 Thread Simon Josefsson
Allocating a code point for X25519 could be done and is long overdue (first draft September 2013). X448 is also stable. Code points for Ed25519 and Ed448 is more problematic since TLS authentication has historically had interaction with PKIX certs. I agree with Yoav's assertion that the curve po

Re: [TLS] Fixing TLS

2016-01-14 Thread Martin Rex
Ilari Liusvaara wrote: > Martin Rex wrote: >> Ilari Liusvaara wrote: > >>> Then there's also similar problems with RSA. And then RSA PKCS #1 >>> v1.5 encryption is on just about every "do not use!" list. Get it >>> wrong (good luck getting it right) and it is game over. >> >> Getting PKCS#1 v1.5

Re: [TLS] Fixing TLS

2016-01-14 Thread Ilari Liusvaara
On Thu, Jan 14, 2016 at 12:27:07PM +0100, Martin Rex wrote: > Ilari Liusvaara wrote: > [ Charset UTF-8 unsupported, converting... ] Pfft... > > Then there's also similar problems with RSA. And then RSA PKCS #1 > > v1.5 encryption is on just about every "do not use!" list. Get it > > wrong (good l

Re: [TLS] Fixing TLS

2016-01-14 Thread Martin Rex
Ilari Liusvaara wrote: [ Charset UTF-8 unsupported, converting... ] > On Thu, Jan 14, 2016 at 10:40:44AM +0100, Martin Rex wrote: > > Ilari Liusvaara wrote: > > > > > > To actually fix the known problems with TLS 1.2, you would at minimum > > > need a new extension, since there is currently no way

Re: [TLS] Fixing TLS

2016-01-14 Thread Ilari Liusvaara
On Thu, Jan 14, 2016 at 10:40:44AM +0100, Martin Rex wrote: > Ilari Liusvaara wrote: > > > > To actually fix the known problems with TLS 1.2, you would at minimum > > need a new extension, since there is currently no way to fix the broken > > server authentication. > > One Boolean signaling is suf

Re: [TLS] Fixing TLS

2016-01-14 Thread Martin Rex
Ilari Liusvaara wrote: > > Peter Gutmann wrote: > >> Salz, Rich writes: >> TLS needs an LTS version that you can just push out and leave to its own devices >>> >>>So don't you have that with TLS 1.1 and appropriate cipher and option >>>choices? >> >> Based on the feedback I've had, I'm