Re: [TLS] draft-les-white-tls-preferred-pronouns

Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 01 April 2021 10:25 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 005EA3A16D7 for <tls@ietfa.amsl.com>; Thu, 1 Apr 2021 03:25:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0l604xSy0VSN for <tls@ietfa.amsl.com>; Thu, 1 Apr 2021 03:25:29 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [180.189.28.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7B553A16E8 for <tls@ietf.org>; Thu, 1 Apr 2021 03:25:27 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2238.outbound.protection.outlook.com [104.47.71.238]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-31-CQGIcxYNNAedkOHBKHgvUw-1; Thu, 01 Apr 2021 21:25:23 +1100
X-MC-Unique: CQGIcxYNNAedkOHBKHgvUw-1
Received: from OS3PR01CA0047.jpnprd01.prod.outlook.com (2603:1096:604:dd::16) by ME2PR01MB2786.ausprd01.prod.outlook.com (2603:10c6:201:1e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.27; Thu, 1 Apr 2021 10:25:21 +0000
Received: from HK2APC01FT034.eop-APC01.prod.protection.outlook.com (2603:1096:604:dd:cafe::85) by OS3PR01CA0047.outlook.office365.com (2603:1096:604:dd::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.27 via Frontend Transport; Thu, 1 Apr 2021 10:25:20 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.224) smtp.mailfrom=cs.auckland.ac.nz; engineer.com; dkim=none (message not signed) header.d=none;engineer.com; dmarc=none action=none header.from=cs.auckland.ac.nz
Received: from uxcn13-tdc-a.UoA.auckland.ac.nz (130.216.95.224) by HK2APC01FT034.mail.protection.outlook.com (10.152.248.191) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3977.25 via Frontend Transport; Thu, 1 Apr 2021 10:25:19 +0000
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-a.UoA.auckland.ac.nz (10.6.3.2) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 1 Apr 2021 23:25:18 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.012; Thu, 1 Apr 2021 23:25:18 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Lester White <les.white@engineer.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] draft-les-white-tls-preferred-pronouns
Thread-Index: AQHXJrzlpRaXNRLbYUeg/iLDhsfYRqqfc6yV
Date: Thu, 01 Apr 2021 10:25:18 +0000
Message-ID: <1617272718851.9173@cs.auckland.ac.nz>
References: <trinity-969221a2-31cf-46da-ae91-4f285a6fa963-1617257022703@3c-app-mailcom-lxa07>
In-Reply-To: <trinity-969221a2-31cf-46da-ae91-4f285a6fa963-1617257022703@3c-app-mailcom-lxa07>
Accept-Language: en-NZ, en-GB, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e607dbab-7efe-40db-c4cc-08d8f4f8738d
X-MS-TrafficTypeDiagnostic: ME2PR01MB2786:
X-Microsoft-Antispam-PRVS: <ME2PR01MB2786520CBFBAA4D09666930CEE7B9@ME2PR01MB2786.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7691
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 8AtWAI1leK9uZwhpVAbEDsTCoRMxEerDnH0mwJux0KS9EzljJ/1cKXbYZ00jN14+/Pr159y7J8wOR3BnkoTkvoW6A5PhVNIj1ayuc00u8gObMlE8A0Dj2fEY9QB6rD1mSLF8UFsGIy70vR0CmdOSf2Eax5zmaErMN5jvwDJ8qbig2x8ZsMDdJI144OmXCS9mwSoexKv8O3Yo6ZYym7t5eRSP2TvpVopooM1YCxTi6ZZ9Z1FX+25/S5UV1FQxWprfFkV7QmHHLK2/griCYYz8TgyLye6dewMZ/Bqztqn0F+eiuorxch9NG0USVRumOeETOY4AUlSDyuwG5Vxj5M8f9LGojfsubY1tyfyIYeGFuWPd2WZexAf9sLGMueHt9KT9HXkpHvZXjyaU4MRBNuamRfY6aQN6rgY/MdeQxxbA1CnwqU3zM9LBDnZ+6eXFv4sF00ZH9Gqxc0Aj9CMoq+9MQCbs8aVnnIyr5RRvAeOlLQcy42NPK++XDkHjKwje9wnQ9hDO8Yl349L62gHInHQrJTqkYVVyQ+NTZA4bHUowxzWV8xXoEuI0LxQ9axT/q4GnJOaQgR9FCzO6P03oVbj0+yH5XCuMTHOJkXUuZrF+9dzbrCVHZUsDF/5X4xGkZMZLLpREsTyYQ4iQMfcnxcLEQ+T3rlaldM7oHkSkznJQ6Tw=
X-Forefront-Antispam-Report: CIP:130.216.95.224; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-tdc-a.UoA.auckland.ac.nz; PTR:natgate2-1.auckland.ac.nz; CAT:NONE; SFS:(4636009)(376002)(396003)(346002)(39860400002)(136003)(36840700001)(46966006)(82310400003)(110136005)(316002)(70586007)(356005)(7636003)(5660300002)(2906002)(336012)(36906005)(786003)(26005)(186003)(70206006)(86362001)(83380400001)(2616005)(47076005)(8676002)(8936002)(478600001)(36860700001)(82740400003)(4744005); DIR:OUT; SFP:1101
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2021 10:25:19.7208 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e607dbab-7efe-40db-c4cc-08d8f4f8738d
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.224]; Helo=[uxcn13-tdc-a.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: HK2APC01FT034.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME2PR01MB2786
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1dJoH2sGWqXlIk-MFruSLlwxNp4>
Subject: Re: [TLS] draft-les-white-tls-preferred-pronouns
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2021 10:25:41 -0000

Lester White <les.white@engineer.com> writes:

>       Title           : Preferred Pronouns Extension for TLS

I think the Security Considerations section needs to mention two security
considerations, firstly the preferred identity is an unauthenticated parameter
and can't safely be used until the Finished message definitely determines its
validity so it shouldn't be used until after the other side's Finished message
is received, and secondly that the odd-numbered (presumably "prime" is meant)
number of experts needs to be at least 1024 bits worth, and a strong prime,
i.e. p-1 and p+1 should have large prime factors.  The suggested value of 11
doesn't meet these criteria, so should be changed for a value that does.

Peter.