Re: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)

Peter Gutmann <> Sat, 27 August 2016 13:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4D9BE12D580 for <>; Sat, 27 Aug 2016 06:27:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.748
X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.548] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mnNKl8fGWoP3 for <>; Sat, 27 Aug 2016 06:27:24 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 53A8E12D579 for <>; Sat, 27 Aug 2016 06:27:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1472304444; x=1503840444; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=crNqxH0GaCBvjQZMnEWDjEAATu8H1YM1c0KEcOkyJV0=; b=MYhpb/B+VflRkF3kunuTmUt6dXjNtwTlCQxLPlDBBqHd29ajkr9bW443 5IT5BLxV3+hzK4AENLNxzkI8E2Ff7t2e6PCJXR1WKyltmssvBkOV0lvQn 4ZMc/mfiUOfoeEQSPKaAWSSGWPMtc40tgLHz0QyccY6/rnUdiBwtxMjbg 6rrFqQy59xVr1lIejVNW+YyHaSyNSEdywn5KfD9Hb0jBFfp7DGMVFMOt/ yERjhvD6QLDZ8Rigj5v68q7YUY+MTaLzM+ortDlTk407IlW8tAVOo2GWT v3I6xMo7yZ7NnSeltl6JqE84adWzACxT4g52iDaskhSVg9a6xoYPxLqd4 w==;
X-IronPort-AV: E=Sophos;i="5.28,586,1464609600"; d="scan'208";a="103687333"
X-Ironport-Source: - Outgoing - Outgoing
Received: from ([]) by with ESMTP/TLS/AES256-SHA; 28 Aug 2016 01:27:15 +1200
Received: from ([]) by ([]) with mapi id 14.03.0266.001; Sun, 28 Aug 2016 01:27:15 +1200
From: Peter Gutmann <>
To: David Benjamin <>, Geoffrey Keating <>
Thread-Topic: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
Thread-Index: AQHR+kiDZXbZlYKpgUOnaUdD5zLR56BP1VcAgA0Cxf4=
Date: Sat, 27 Aug 2016 13:27:15 +0000
Message-ID: <>
References: <> <> <> <> <> <m260qwppxa.fsf@localhost.localdomain>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 27 Aug 2016 13:27:26 -0000

David Benjamin <> writes:

>TLS 1.3 will resolve this with the new cipher suite negotiation, but I agree
>this makes the specification basically undeployable with TLS 1.2. This issue
>also got brought up here:

Hmm, good point.  So reading between the lines of the various comments on this
issue, the feeling seems to be "ignore this RFC".  That more or less answers
my question, I'll leave it out of TLS-LTS apart from mentioning it as another
source of DH groups.

>Barring unforeseen problems, Chrome will also lose DH in the next release.

Which will be yet another headache for people working with SCADA devices, who
are seeing themselves locked out more and more from being able to admin their
systems when browser vendors arbitrarily decide to deprecate long-established
mechanisms.  I know of operators who are running IE 6 in XP VMs because that's
the only thing that'll still talk to some devices they use (OK, old versions
of FF and Chrome will do it too if you can find them, but then they always
want to update themselves to less old versions that stop working again). 

Couldn't Chrome include an optional legacy mode that just works with existing
systems, perhaps triggered by access to a device at an RFC 1918 address?
There really is, in some cases, nothing available any more that will talk to
entire families of SCADA devices because browsers assume the only thing that
matters is the public WWW and won't accommodate anything that isn't.

(At some point someone's going to figure out they can make a lot of money by
taking Firefox 3.0, rebranding it, and selling it as an embedded device
management solution, because it'll talk to all the things that current
browsers won't any more).