Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

james hughes <hughejp@mac.com> Wed, 18 September 2013 19:16 UTC

Return-Path: <hughejp@mac.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC2DE11E8108 for <tls@ietfa.amsl.com>; Wed, 18 Sep 2013 12:16:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level:
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=5 tests=[AWL=1.647, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_OBFU_ALL=0.751]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IhWQLb7SFKPa for <tls@ietfa.amsl.com>; Wed, 18 Sep 2013 12:16:02 -0700 (PDT)
Received: from st11p06mm-asmtp003.mac.com (st11p06mm-asmtp003.mac.com [17.172.124.248]) by ietfa.amsl.com (Postfix) with ESMTP id DA90921F9A90 for <tls@ietf.org>; Wed, 18 Sep 2013 12:16:01 -0700 (PDT)
Received: from [10.0.1.4] (unknown [184.69.15.210]) by st11p06mm-asmtp003.mac.com (Oracle Communications Messaging Server 7u4-27.08(7.0.4.27.7) 64bit (built Aug 22 2013)) with ESMTPSA id <0MTC009JV5IGGW10@st11p06mm-asmtp003.mac.com> for tls@ietf.org; Wed, 18 Sep 2013 19:15:55 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-09-18_08:2013-09-18, 2013-09-18, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1308280000 definitions=main-1309180098
Content-type: multipart/alternative; boundary="Apple-Mail=_08480775-A85E-4A7F-B83B-93B951AF7BEF"
MIME-version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: james hughes <hughejp@mac.com>
In-reply-to: <8E95757A-5DBB-4FBC-8EBC-2F28F47903CB@ll.mit.edu>
Date: Wed, 18 Sep 2013 12:15:51 -0700
Message-id: <2EF88965-50F2-44C3-862F-F9B92BD51D66@mac.com>
References: <9A043F3CF02CD34C8E74AC1594475C73556737D0@uxcn10-6.UoA.auckland.ac.nz> <52397B7E.70204@gmail.com> <98ca985ffce946c42315e4e03db57747@srv1.stroeder.com> <5239B845.6010606@gmail.com> <958F40E0-8978-4C4F-BB2E-2519B66470D9@ll.mit.edu> <4EEA8B22-183D-41E0-A7E2-E784A92F7185@mac.com> <F221C62A-6642-4F7E-902E-9517840096F1@mac.com> <8E95757A-5DBB-4FBC-8EBC-2F28F47903CB@ll.mit.edu>
To: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
X-Mailer: Apple Mail (2.1508)
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2013 19:16:08 -0000

On Sep 18, 2013, at 10:34 AM, "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>; wrote:

> If you think that in 5 years 1024-bit DH will be trivially crackable - I'd like to see some evidence to support it.

There is a different between "trivially crackable" and routinely exploitable. In 5 years this will be routinely exploitable. 

It seems to me that the standards process does not need NSA to subvert the process, the standards people seem to be doing this fine by themselves. Anyway, speaking as someone working in this field (more factoring than discreet log) the professional recommendation is 2048. 

I am not baiting here, but the argument that 2048 is "too much" given that a PC can do a complete authenticated PFS key exchange in 3ms of CPU time seems "interesting".