IETF Logo Mail Archive

Re: [TLS] Why are the brainpool curves not allowed in TLS 1.3?

"Salz, Rich" <rsalz@akamai.com> Tue, 17 July 2018 17:45 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D91213104E for <tls@ietfa.amsl.com>; Tue, 17 Jul 2018 10:45:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ugvm2ohOGXbq for <tls@ietfa.amsl.com>; Tue, 17 Jul 2018 10:45:02 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EC8613103D for <tls@ietf.org>; Tue, 17 Jul 2018 10:45:00 -0700 (PDT)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w6HHgQvD024201; Tue, 17 Jul 2018 18:44:59 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=KHt+LJpj6v+nvi1i2tDsDlGGmFNTeeO60FcQFN/gBt4=; b=NRekgZkPkP7E+kgZpRSuqACGOLnP/NfvIa/fmA9wyzZ/ulMwr2QLQ5LM4J0SdLA+9DB0 y1Lue6KuNoqgH4vHvZeuyaGZdxjCcj0XaVJr2DKT/VyHJ3SVaZmLWTqZnSxPIU7C/Ohe NIMUJ+JkS8S8QTXcFaYeaWRdkSmmGjgMvZ8R0MjU1iecvTaRA3kAajE4maAVq03SKfWE Ky6aI5dU3PngFRTvB7IdFFWwE86aa7kLWT6ec+WEkdwzEV3f7gC359ugGZ64hrWx2aGk GA26WvGuFh+uQzWO7qPP1nEdFfZ4hzA45SN7IZn15dH9gPF6GzDXM9hjuxNg58i42gD/ EA==
Received: from prod-mail-ppoint4 (a96-6-114-87.deploy.static.akamaitechnologies.com [96.6.114.87] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2k9m2nr59u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 17 Jul 2018 18:44:59 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w6HHZART019836; Tue, 17 Jul 2018 13:44:58 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.57]) by prod-mail-ppoint4.akamai.com with ESMTP id 2k7cgwaqdr-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 17 Jul 2018 13:44:58 -0400
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 17 Jul 2018 13:44:55 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 17 Jul 2018 13:44:55 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1365.000; Tue, 17 Jul 2018 13:44:55 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Eric Rescorla <ekr@rtfm.com>, Johannes Merkle <johannes.merkle@secunet.com>
CC: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Why are the brainpool curves not allowed in TLS 1.3?
Thread-Index: AdQdyutxd5brAeCrTvCBnUE+fi65pAALHowAAAJk44AAAYQtAAACBV4AAAFTmYD//76KAIAABFcA
Date: Tue, 17 Jul 2018 17:44:54 +0000
Message-ID: <77A8548F-A6AA-46CA-A7E4-84414FCEB66D@akamai.com>
References: <DE8E4C1F24911E469CC24DD4819274AA2770426C@mail-essen-01.secunet.de> <20180717155550.1a18202e@computer> <5cde94e3-416a-6773-c35c-9bb3952f5097@secunet.com> <CABcZeBNjewd4B3BcjXB8ePk7LCxR8HaiQpb+7oa9dBHYihLWMQ@mail.gmail.com> <ad0fe288-3ecc-3855-e40b-8ee161ecba74@secunet.com> <CABcZeBMTvHx06W67T5F-sM2rw9J+V9Z1s09xBTDWOmthA6MVmw@mail.gmail.com> <6B005B2A-148F-4459-B7B5-E4ECC063EBC3@ll.mit.edu>
In-Reply-To: <6B005B2A-148F-4459-B7B5-E4ECC063EBC3@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.f.0.180709
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.42.203]
Content-Type: multipart/alternative; boundary="_000_77A8548FA6AA46CAA7E484414FCEB66Dakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-17_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=774 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807170184
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-17_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=689 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807170185
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/213EZvNJVvrAcRJxjrQHmcGhLIk>
Subject: Re: [TLS] Why are the brainpool curves not allowed in TLS 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2018 17:45:20 -0000

But the draft states
   Values within "obsolete_RESERVED" ranges are used in previous
   versions of TLS and MUST NOT be offered or negotiated by TLS 1..3

TLS 1.3 does not define use of the Brainpool curves.  Any implementation that wants to use them in TLS 1.3 is already out-of-scope of the standard, and is therefore not required to follow MUST etc.

The intent of the WG was to not allow some things, and changing away from MUST violates that intent.

A separate RFC proposal adding Brainpool to TLS 1.3 is the way to go, and the only way to go.

For now, use TLS 1.2

v2.23.0 | Report a Bug | By Email