openscreenprotocol
openscreenprotocol copied to clipboard
w3c
Adjust cipher and signature algorithm preference list for hardware
We added a list of recommended ciphers and signature algorithms for TLS 1.3 from PR #206. But we should find a benchmark referencing the hardware requirements to prioritize the list and determine the mandatory ciphers/algorithms.
From https://www.w3.org/2019/09/15-webscreens-minutes.html#x06:
ACTION: mfoltzgoogle to fill in benchmark for ciphers.
ACTION: mfoltzgoogle to fill in benchmark for signature algorithms. Also check for signature and verification. ECDSA is usually faster for signature, but slower to verify.
For ciphers, there is basically nothing to do here. The required ciphers for TLS 1.3 cover both newer and older hardware:
- For anything with ARMv8 and newer (i.e. anything since ~2016, basically) hardware accelerated AES is going to be best. TLS 1.3 makes AES-128 and AES-256 mandatory to implement.
- For anything older ChaCha20 is going to be faster and is also mandatory to implement for TLS 1.3.
https://www.rfc-editor.org/rfc/rfc8446.html#page-102
For key signing and signature verification in TLS, there are some tradeoffs between the mandatory to implement algorithms (which include ecdsa_secp256r1_sha256). However signing and verification happen less often than use of the ciphers; only when creating new certificates, or executing a TLS handshake.
Since we are already requiring ECDSA for the agent certificate, it would make sense to just say the certificate's signing algorithm must be ecdsa_secp256r1_sha256 which would be compatible with every TLS implementation.