Re: [Secdispatch] Clarification Question for the Comment from Eric Rescorla (

Douglas Stebila <dstebila@gmail.com> Fri, 03 January 2020 01:13 UTC

Return-Path: <dstebila@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F289C12006F for <secdispatch@ietfa.amsl.com>; Thu, 2 Jan 2020 17:13:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id brT1GOGbbzUI for <secdispatch@ietfa.amsl.com>; Thu, 2 Jan 2020 17:13:45 -0800 (PST)
Received: from mail-qv1-xf2d.google.com (mail-qv1-xf2d.google.com [IPv6:2607:f8b0:4864:20::f2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B101812006B for <secdispatch@ietf.org>; Thu, 2 Jan 2020 17:13:45 -0800 (PST)
Received: by mail-qv1-xf2d.google.com with SMTP id u1so14840603qvk.13 for <secdispatch@ietf.org>; Thu, 02 Jan 2020 17:13:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=61eD2Uttkn8qN/2yzTnuL/Djw2YYPhjMwuDkVoc0BZI=; b=tZZoSjAxL1Me8NtD2UQqOhkBx3HQsUysYG4LZ9dCfdbRbBOWmJuEktc0XRnAEFFc84 6b/e0Gc2jSijOAKL/9DEzLzJNrn+AcQvO5bNT8jlDBaxWMwtwYRM7VYO4LMkMcITsPDK KtgfZnxu9dInOU4hSoA5CboZZpJ+Z3Wt5Ufn3wM/a4tor3sIMp07XHmDEUzKUjEHNvyt mBtHLDSa55U5EaxNan9ffTcNwPl0W0PfprdL1fFYuoz5+D/HfivTIKkl/nVx5LJPSn/Z p08gXjky24mmdX4+rcU15o6ddUGG6lr8yAry3Tre7BAfVp4hJLr7bbwXAhh52Jpnueiz oGZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=61eD2Uttkn8qN/2yzTnuL/Djw2YYPhjMwuDkVoc0BZI=; b=R+AByhRnVygAIutb2P2dDN/awANJr/0SPvTIcMjyEYPRNmj+D94gd2voCIS72Vq+EJ wR4qf2V4IJnU/M09FcWhRr5QHtW1/4pKbRSkCZfrxWEaAUADb6JYc1wbiWFv2Jx5UCFh 1IVwFs6uYwlllZF0IcV8vmT/wKZdyYuRUSVx+PPxLFHUSPLf3OJ/16khffTGyOv6zdoc D4qXKKzX2To/AtX0XopTiOq9Sk/Yh/AezWfcGtbS0aTFt47sOlPl+ypMaiONaMJ8bWXb e/8FuznyzuwgyJZ8pEM0Vk9ZqPYYfLC3nrPcI0hmYE+CgVcS9Uuv+2sZLl96GTCFVl7P 7sLw==
X-Gm-Message-State: APjAAAV0fBKTLHJzt3M1k6pw3b2u2saX8m1+UtDv9DEA4Mt4sL39QjlB SgleEnjkf6ZUcOjz4Mt4TWQ=
X-Google-Smtp-Source: APXvYqwgUG3DZMVu9PmAOaWeafBhbJGvEuxNpkwWvjYynpmka/vHQGzsFQS9OQ1N372EOQCWc4Ib9Q==
X-Received: by 2002:a05:6214:1150:: with SMTP id b16mr66318474qvt.71.1578014024923; Thu, 02 Jan 2020 17:13:44 -0800 (PST)
Received: from laptop-ethernet.coleridge (CPE881fa12cf37b-CMa84e3fc93e50.cpe.net.cable.rogers.com. [99.250.203.26]) by smtp.gmail.com with ESMTPSA id n129sm15771669qkf.64.2020.01.02.17.13.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Jan 2020 17:13:44 -0800 (PST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
From: Douglas Stebila <dstebila@gmail.com>
In-Reply-To: <CABcZeBOCwqhZjDmVqFUK4CmYX-=-BxT6sjrj4AUUFtZ_ZAw_aQ@mail.gmail.com>
Date: Thu, 2 Jan 2020 20:13:42 -0500
Cc: Carrick Bartle <cbartle891@icloud.com>, "Dr. Pala" <madwolf@openca.org>, "Salz, Rich" <rsalz@akamai.com>, IETF SecDispatch <secdispatch@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8EB3BE1E-44A0-4440-A62B-AEA38406E2E2@gmail.com>
References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <CABcZeBPbAgBfC6Et+OKQi2=GwsyeyKEKfW5GG=StUepQwy+f0g@mail.gmail.com> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <CABcZeBM5WgpcBP4axBvzWaxKU=JA-K-4qiVxhhO1+HzFf246aw@mail.gmail.com> <95B2FAB7-66FA-44F2-84F8-FA23737AA38F@akamai.com> <CABcZeBM06FEiMkDVhOPnQggHCG7DeOVkNLNn1w2wDnhy6rJuhg@mail.gmail.com> <07119213-1702-4742-A34F-EDEDBF294FCF@icloud.com> <CABcZeBO7DSn3vaghfk5ADSEM-Wx50HtQHtN_OKNk5zeWkuXJ0Q@mail.gmail.com> <3FFD9FD4-10E3-41B5-B086-A0AF17EF6899@icloud.com> <CABcZeBOCwqhZjDmVqFUK4CmYX-=-BxT6sjrj4AUUFtZ_ZAw_aQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/vlZPC8sBgHCFftrULdGaXMM8Bx4>
Subject: Re: [Secdispatch] Clarification Question for the Comment from Eric Rescorla (
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2020 01:13:47 -0000

On Jan 2, 2020, at 1:50 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> I think not, at least for TLS. The consensus of implementors seems to be that it's better to just cast composite algorithms as if they were new DH groups, so there's not a huge amount of leverage in a generic mechanism.

We'll soon be pushing a revision of https://tools.ietf.org/html/draft-stebila-tls-hybrid-design-01 that focuses on doing composite algorithms as new DH groups.

Douglas