[TLS] Explicit curve parameters in Server Key Exchange messages

Juraj Somorovsky <juraj.somorovsky@rub.de> Fri, 17 January 2020 13:08 UTC

Return-Path: <juraj.somorovsky@rub.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86A0C12002E for <tls@ietfa.amsl.com>; Fri, 17 Jan 2020 05:08:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rub.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aWFfib7dfWsl for <tls@ietfa.amsl.com>; Fri, 17 Jan 2020 05:08:01 -0800 (PST)
Received: from out1.mail.ruhr-uni-bochum.de (out1.mail.ruhr-uni-bochum.de [IPv6:2a05:3e00:8:1001::8693:3595]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E067D120013 for <tls@ietf.org>; Fri, 17 Jan 2020 05:08:00 -0800 (PST)
Received: from mx1.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by out1.mail.ruhr-uni-bochum.de (Postfix mo-ext) with ESMTP id 47zhFB3jG5z8S8t; Fri, 17 Jan 2020 14:07:58 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=rub.de; s=mail-2017; t=1579266478; bh=93NgFOr8EEP99XLk5JpTD2JNtiBtoTPoeT5EwfCgxro=; h=To:Cc:From:Subject:Date:From; b=0SwYO1ki2XGf8mwKIdNHhkGBTJfcVZrUA2joWym5ZpFTNCLv/Lcph8qnq+7bKyufw gNmaJn3vuG58ijDs2tkvRMsewdBD8lO/tXeMzMBO6eHwGfCdfVEfwtdgOX1yHxjKHm REtrNYfGz9GzbevE2dEYGVvEOC20ouM+ntygm/CY=
Received: from out1.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by mx1.mail.ruhr-uni-bochum.de (Postfix idis) with ESMTP id 47zhFB2C2mz8S69; Fri, 17 Jan 2020 14:07:58 +0100 (CET)
X-Envelope-Sender: <juraj.somorovsky@rub.de>
X-RUB-Notes: Internal origin=134.147.42.227
Received: from mail1.mail.ruhr-uni-bochum.de (mail1.mail.ruhr-uni-bochum.de [134.147.42.227]) by out1.mail.ruhr-uni-bochum.de (Postfix mi-int) with ESMTP id 47zhFB034Yz8S64; Fri, 17 Jan 2020 14:07:58 +0100 (CET)
Received: from [IPv6:2a05:3e00:1:5a:21a5:8c2:451e:be2f] (dyn-f2ebe1542c805a12a5001000.eduroam.ipv6.ruhr-uni-bochum.de [IPv6:2a05:3e00:1:5a:21a5:8c2:451e:be2f]) by mail1.mail.ruhr-uni-bochum.de (Postfix) with ESMTPSA id 47zhF85LmvzyqW; Fri, 17 Jan 2020 14:07:56 +0100 (CET)
To: "tls@ietf.org" <tls@ietf.org>
Cc: Robert Merget <Robert.Merget@ruhr-uni-bochum.de>, Nimrod Aviram <nimrod.aviram@gmail.com>
From: Juraj Somorovsky <juraj.somorovsky@rub.de>
Autocrypt: addr=juraj.somorovsky@rub.de; prefer-encrypt=mutual; keydata= xsBNBE1AsMoBCADdRN5g2ao2nYx+avPr0U4a2TrZAsQC6MBSuNZVUrb8Qi0AbaSDvEaflncf /xGvuzmHCswiIGhiWuYywZl5QM9LfHtwopUY8dlNKuDAoqJgG1KYigQmmkBq3DYVU8H6nnXS s6iVaaY4j2GwfEs2ptgSmbRXhgvyaiuGD2kC2q160FyeRZhSlIIK8zTwa/19MfetlpHTEBzg vC6LrDjDuLi3FW6aD1E0IG4SUID3Ea/Rs9aNv/oc+uvv+vHQIeempSBeW5Zgt8AMkOhXBrGn meWz6Th935GFiDi+PZkoGXk2a8Qxfh+fV8DMb+h7d8veaqA2JVGXCJu2UQLhygdEiq7LABEB AAHNKkp1cmFqIFNvbW9yb3Zza3kgPGp1cmFqLnNvbW9yb3Zza3lAcnViLmRlPsLAgQQTAQIA KwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4ACGQEFAlpUn2cFCRK3iR0ACgkQPXvsNZyy +ABmwAgAxqUtbR+woZghy9d11lUHQOT8o2tPG0GSRKZWirvRS6TSDOfJtJgPtJy+1vtq9JqA sWawfmFMf6nNtHjWwkLOe8WQKc4oJy5ndPHL0v3XJzytLWKJejJ5nsOWRK/EE6reotiJ/F+3 L5WpFoPtS1RvJoCih1OkiURGZjQYEWoEekLLuQEu4iC/feLj5b6WitWCajQAQfVBr0Onzwja WsDBT9aHB71nGTXBx+944fxzEHv334/Jhf2wF0G2rLnV2IIrE4QfSP5bdBfxa6B80YFPfZDv lKVtp1MSlJl5Pr21c1HFUJ308az3tXGo10Xe+7BVueiDCEkMxTi+/R22uASxUs7ATQRNQLDK AQgAzgWN/w8LmQsq4OuZaHK3GrD3unqmLDlixV+a2L6oOdAqORPbfmCJx0wkm+289Xxtq0tc WsT1ZwBU/21Q+mvO9feBNfHJMfWQlSfcSQEH98+FQwqGke85NQatmSI9+2sifIx+tXuUJe8x LLiQFze9zoRIS/IZTMn8hOcWX5r6NewTBloTk0B+kqTtFKIBeWKsgl68C7NlT0WsdaSAbCgp VHzR6WG7TFKfMh8KiIhEn+vyE0EX87aUqfX8G3pH+4C2j4GbPqbz8dC++xhrzjrgJYXX5Ee6 tQYE5TqXnwxI/Gv++NLMYwxCHxVBVN9F5LnWHH8hhI+58sA1tJyU2dPHKQARAQABwsBlBBgB AgAPAhsMBQJaVJ9nBQkSt4kdAAoJED177DWcsvgAnbAH/0CGQxwYa5nJtY7cknwjkb5dji5P /6lUljIn9YM4XutYb9CRvHpaIG6KCEEG1I+zOsmCFJqH4tL2YkBHT1rjhHQ8K4/JSNWH+ERe pWSqTwwoIiGO2vWDmO/xpfaB19J5KvKIl9vUUJUn+C70tyD5PVjb0xFM6KTiWrzsCAsFVWPw pA9qJVK3hCQs38UU1HosEsB8t1fSH6gs4Rrc5gCXZf+TElRcU/3yO9cUeGtkBpYqkrMrRjfu oE58k1RDD/d3v7/yz+/Cg2RTHkgqew7GVux9Mu9KkZhWwltM0HEPURTQI5cX9v5no6Z92EdS MWPAHSLcz5VWQLq+WCSMrYGNhqM=
Message-ID: <ffa0ed39-529c-6e89-90e3-99f601153dfc@rub.de>
Date: Fri, 17 Jan 2020 14:07:57 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.4 at mail1.mail.ruhr-uni-bochum.de
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0cd7W1o0iDsfvTRHAJhXJzFoP-8>
X-Mailman-Approved-At: Fri, 17 Jan 2020 09:05:23 -0800
Subject: [TLS] Explicit curve parameters in Server Key Exchange messages
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2020 13:10:14 -0000

Dear all,

related to the recent Windows/NSA custom curve certificate issues, we
are wondering whether there are any implementations also supporting
explicit curves in TLS server key exchange messages as defined in
https://tools.ietf.org/html/rfc4492#section-5.4

Typical TLS implementations we are aware of only support named curves in
server key exchange messages.

Note that this is different from the custom curves in X.509
certificates. According to RFC4492, it is also possible to use custom
explicit curves directly in the TLS protocol.

Thank you

-- 
Dr.-Ing. Juraj Somorovsky

Lehrstuhl für Netz- und Datensicherheit
Ruhr Universität Bochum
-----------------------------------
Universitätsstr. 150, Geb. ID 2/403
D-44780 Bochum

Telefon: +49 (0) 234 / 32-26740
Fax: +49 (0) 234 / 32-14347
http://www.nds.rub.de/chair/people/jsomorovsky
@jurajsomorovsky