Skip to content

SSL – IETF drops RSA key from TLS 1.3


THE INTERNET ENGINEERING TASK FORCE (IETF) has dropped RSA code from TLS 1.3, the next version of SSL.

An email from the IETF had the subject line, “Confirming Consensus on removing RSA key Transport from TLS 1.3” and contained a short note.

The note said that discussions within the IETF working group found that Transport Layer Security (TLS) system have included RSA code for some time. It explained that over the years confidence in RSA has been shaken, adding that the consensus decision is to remove RSA code.

“TLS has had cipher suites based on RSA key transport (aka “static RSA”, TLS_RSA_WITH_*) since the days of SSL 2.0. These cipher suites have several drawbacks including lack of PFS, pre-master secret contributed only by the client, and the general weakening of RSA over time,” said the note.

“It would make the security analysis simpler to remove this option from TLS 1.3. RSA certificates would still be allowed, but the key establishment would be via DHE or ECDHE. The consensus in the room at IETF-89 was to remove RSA key transport from TLS 1.3. If you have concerns about this decision please respond on the TLS list by April 11, 2014.”

Responses were sent, and there was a suggestion that this was a bold move, however the last few messages on the mailing list drove the decision forward. The last note added, “The discussion on this list and others supports the consensus in IETF 89 to remove RSA key transport cipher suites from TLS 1.3. The Editor is requested to make the appropriate changes to the draft on Github.”

RSA’s standing in the security industry has been a little shaken recently. Edward Snowden’s revelations exposed that RSA was influenced by the US National Security Agency (NSA).

The firm has been accused to selling access to the NSA, and faced an embarrassing exodus of speakers from its security conference.

RSA has admitted to being somewhat burned by the relationship, and said that mistakes were made.

We could have been more skeptical of NSA’s intentions,” RSA chief technologist Sam Curry told the Reuters news agency in early April. “We trusted them because they are charged with security for the US government and US critical infrastructure.”

  1. Reblogged this on oogenhand.


  2. Reblogged this on XeroCrypt Blog and commented:
    I rarely reblog another’s posts, but this is big news, the main reason being RSA is/was the default cipher for exchanging TLS/SSL session keys.
    An HTTPS connection actually uses symmetric encryption, but obviously the symmetric (session) key must be exchanged during the TLS/SSL handshake, and that’s the job of the asymmetric cipher.
    Obviously this means the security of HTTPS often rests almost entirely on RSA – if that’s broken, the attacker has the session key and the connection is compromised.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: