IETF Logo Mail Archive

Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security

Quynh Dang <quynh97@gmail.com> Mon, 12 October 2015 17:02 UTC

Return-Path: <quynh97@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E574C1A8901 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 10:02:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YgUFap_co0fa for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 10:02:17 -0700 (PDT)
Received: from mail-ob0-x233.google.com (mail-ob0-x233.google.com [IPv6:2607:f8b0:4003:c01::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44F1A1A88F0 for <tls@ietf.org>; Mon, 12 Oct 2015 10:02:17 -0700 (PDT)
Received: by obbda8 with SMTP id da8so111197727obb.1 for <tls@ietf.org>; Mon, 12 Oct 2015 10:02:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mYLNK6lNeM+SR4tBQ53xq1FxOlaww2gdKEXqqW3oa5g=; b=Trq8Er5Jzu8p0bEdoAmQP+UTcvgRYFBZPBAgh/zMbBmIm/XmuDv2Qvvt8DjH1Irz42 PjwdyiKc/jExc/A0n4Dhd6+eQVI3gQLrzOAnq5Ux/qsgYOjZD2nwCdujulHRTepLTkar yL/H9HzVn0bLHOqJwuIKb3k8VCAvHzsilBv/HV3rzQ7rffGsY2ZOmU3XyplwmsopQmz6 1IWAFBJo72AQBue5ABg5riTvv+wNi55Xr03e9Uh7AR8IveGmdtiKpGh+sn7JJI8XpGQx RQEmpOFbHR2/eJUjju9E2KcTlMFgk5IwtGz0dOmAYaBwKxYuLiuUnVX+nxFM1nq/TFYS YWLA==
MIME-Version: 1.0
X-Received: by 10.182.84.164 with SMTP id a4mr15097533obz.33.1444669336505; Mon, 12 Oct 2015 10:02:16 -0700 (PDT)
Received: by 10.202.192.193 with HTTP; Mon, 12 Oct 2015 10:02:15 -0700 (PDT)
Received: by 10.202.192.193 with HTTP; Mon, 12 Oct 2015 10:02:15 -0700 (PDT)
In-Reply-To: <D241AF4D.3D9FD%john.mattsson@ericsson.com>
References: <D2414396.3D932%john.mattsson@ericsson.com> <9BB2A2C5-005B-4F2C-9CAB-EA23F07FE0D5@sn3rd.com> <D241AF4D.3D9FD%john.mattsson@ericsson.com>
Date: Mon, 12 Oct 2015 13:02:16 -0400
Message-ID: <CAE3-qLSrQ42iOAEnHM01mTW==jgVr7b5ojpPQVzP0d7+CNLbEA@mail.gmail.com>
From: Quynh Dang <quynh97@gmail.com>
To: John Mattsson <john.mattsson@ericsson.com>
Content-Type: multipart/alternative; boundary="089e010d89389efd0f0521eb4aeb"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/1PnZL81y-YnYDIBDn-4CuSkIzn0>
Cc: tls@ietf.org
Subject: Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 17:02:19 -0000

Hi John,

Sha384 in the ciphersuite is the hash function to be used in hmac, not
signatures, and the security of this hmac depends on the strenght of the
hmac key and the tag size.

Regards,
Quynh.
On Oct 12, 2015 12:50 PM, "John Mattsson" <john.mattsson@ericsson.com>
wrote:

> The statement i [1] is about AES, and is very true. AES-192 is very seldom
> used, and people tend to jump directly to AES-256.
>
> For ECC curves, the opposite is true, people tend to use P-384 instead of
> P-521. Most likely because of that P-384 is used in suite B. According to
> [2], Google Chrome recently dropped support of P-521.
>
> [2]
> https://support.globalsign.com/customer/portal/articles/1995283-ecc-compati
> bility
>
>
>
> The security level of the AES_256_GCM_SHA384-algorithms is clearly no more
> than 192 as SHA-384 is used.
>
> On 12/10/15 15:18, "Sean Turner" <sean@sn3rd.com> wrote:
>
> >It is interesting to note that in discussing update IPSec’s RFC 4307
> >somebody suggested making 192 a MAY because folks only use 128/256 [1].
> >
> >spt
> >
> >[1]
> http://mailarchive.ietf.org/arch/msg/ipsec/1F5h4j-dP5dLPCCAqg4iqgjjYFE
> >
> >On Oct 12, 2015, at 05:01, John Mattsson <john.mattsson@ericsson.com>
> >wrote:
> >
> >> I think the selection of MTI Cipher Suites (Section 8.1 of
> >>draft-ietf-tls-tls13-09) is excellent, but I am missing a recommended
> >>ECC curve for the “SHOULD” cipher suites. Little benefit of using
> >>AES-256 with P-256 or curve25519. Shouldn’t there be a SHOULD implement
> >>ECC curve giving at least 192-bit security? E.g.
> >>
> >> "These cipher suites SHOULD support both digital signatures and key
> >>exchange with secp384r1 (NIST P-384)."
> >>
> >> Cheers,
> >> John
> >>
> >> <13DEFB94-F735-49B0-8196-BDB5C9017A32[3].png>
> >>
> >> JOHN MATTSSON
> >> MSc Engineering Physics, MSc Business Administration and Economics
> >> Ericsson IETF Security Coordinator
> >> Senior Researcher, Security
> >>
> >> Ericsson AB
> >> Ericsson Research
> >> Färögatan 6
> >> SE-164 80 Stockholm, Sweden
> >> Phone +46 10 71 43 501
> >> SMS/MMS +46 76 11 53 501
> >> john.mattsson@ericsson.com
> >> www.ericsson.com
> >>
> >>
> >> <D377E800-0A1A-43D3-AF5E-165F697789B5[3].png>
> >>
> >> This Communication is Confidential. We only send and receive email on
> >>the basis of the terms set out atwww.ericsson.com/email_disclaimer
> >>
> >> _______________________________________________
> >> TLS mailing list
> >> TLS@ietf.org
> >> https://www.ietf.org/mailman/listinfo/tls
> >
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email