Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

Michael Ströder <michael@stroeder.com> Wed, 18 September 2013 18:46 UTC

Return-Path: <michael@stroeder.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6422011E820E for <tls@ietfa.amsl.com>; Wed, 18 Sep 2013 11:46:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.201
X-Spam-Level:
X-Spam-Status: No, score=-2.201 tagged_above=-999 required=5 tests=[AWL=1.098, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F-JVuM+TK3CZ for <tls@ietfa.amsl.com>; Wed, 18 Sep 2013 11:46:34 -0700 (PDT)
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113]) by ietfa.amsl.com (Postfix) with ESMTP id CF59711E8164 for <tls@ietf.org>; Wed, 18 Sep 2013 11:46:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by srv1.stroeder.com (Postfix) with ESMTP id 8A2EE6023E for <tls@ietf.org>; Wed, 18 Sep 2013 20:46:11 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1]) by localhost (srv1.stroeder.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gdhzDUPCQvil for <tls@ietf.org>; Wed, 18 Sep 2013 20:46:00 +0200 (CEST)
Received: from nb2.stroeder.local (unknown [10.1.0.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by srv1.stroeder.com (Postfix) with ESMTPS id A12366023A for <tls@ietf.org>; Wed, 18 Sep 2013 18:45:59 +0000 (UTC)
Message-ID: <5239F4E8.7070007@stroeder.com>
Date: Wed, 18 Sep 2013 20:46:00 +0200
From: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= <michael@stroeder.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 SeaMonkey/2.20
MIME-Version: 1.0
To: "tls@ietf.org" <tls@ietf.org>
References: <9A043F3CF02CD34C8E74AC1594475C73556737D0@uxcn10-6.UoA.auckland.ac.nz>, <52397B7E.70204@gmail.com> <98ca985ffce946c42315e4e03db57747@srv1.stroeder.com> <5239B845.6010606@gmail.com>
In-Reply-To: <5239B845.6010606@gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms060909090006000906080109"
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2013 18:46:38 -0000

Yaron Sheffer wrote:
> please see my mail message that started this thread, way back on Sunday :-)
> 
> http://www.ietf.org/mail-archive/web/tls/current/msg09903.html

Reading this posting your main objections against MODP DH are interop issues
of today's implementation. Right? This leads me to a more general question...

First, I really appreciate that you write down this BCP document.
But I wonder what the exact scope should be.

In the abstract you say "existing standards and implementations", I guess to
exclude approaches yet to be defined in a new standard. Agreed.
But does that also exclude pushing implementors to slightly improve their
software? The "deployers rather than for implementers" in the introduction
sounds like it.

If that's the scope you're stuck into recommending the least common
denominator of today's implementations and implementors can take your RFC as
excuse to stop improving their implementations.
Also you're in the trap of choosing "widely-used" implementations for your
"Implementation Status" section which is always questionable depending on
personal deployments, especially since the main focus now seems to be web
servers and browsers.

Frankly I have no idea how to get out of this though.

Ciao, Michael.

> On 09/18/2013 05:21 PM, Michael Ströder wrote:
>> On Wed, 18 Sep 2013 13:07:58 +0300 Yaron Sheffer <yaronf.ietf@gmail.com>; wrote
>>> There are multiple issues
>>> with MODP DH in TLS (performance is just one of them).
>>
>> Could you please elaborate on this.
>>
>> Ciao, Michael.