Re: [TLS] Sending Custom DHE Parameters in TLS 1.3
Hanno Böck <hanno@hboeck.de> Tue, 13 October 2020 06:49 UTC
Return-Path: <hanno@hboeck.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF50F3A0EA1 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2020 23:49:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NViZAT-le_A2 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2020 23:49:43 -0700 (PDT)
Received: from zucker.schokokeks.org (zucker.schokokeks.org [178.63.68.96]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E213E3A0E9D for <tls@ietf.org>; Mon, 12 Oct 2020 23:49:42 -0700 (PDT)
Received: from computer ([2a02:8109:83c0:5eee:a45a:3e64:5f8f:6786]) (AUTH: PLAIN hanno-default@schokokeks.org, SSL: TLSv1.3, 256bits, TLS_AES_256_GCM_SHA384) by zucker.schokokeks.org with ESMTPSA id 0000000000000091.000000005F854E03.000076CC; Tue, 13 Oct 2020 08:49:39 +0200
Date: Tue, 13 Oct 2020 08:49:39 +0200
From: Hanno Böck <hanno@hboeck.de>
To: tls@ietf.org
Message-ID: <20201013084939.17572673@computer>
In-Reply-To: <8f57527d-efba-4d03-a3e5-f0ee33463d56@www.fastmail.com>
References: <8f57527d-efba-4d03-a3e5-f0ee33463d56@www.fastmail.com>
X-Mailer: Claws Mail 3.17.7 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4LnnrVb-0X7XIIRitoQzi7d9xG8>
Subject: Re: [TLS] Sending Custom DHE Parameters in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2020 06:49:45 -0000
Hi, There was a reason custom DH parameters were removed. Custom DH parameters were the source of plenty of problems. I suggest reading: https://blog.hboeck.de/archives/841-Diffie-Hellman-and-TLS-with-nonsense-parameters.html https://eprint.iacr.org/2016/644 https://www.openssl.org/news/secadv/20160128.txt There's also a more general theme I think what we have learned over time: Moving parts in crypto protocols are bad, simplicity is good. Fix as much as you can, avoid negotiating stuff. This is not talked about that much explicitly, but it is a major change of how crypto protocols were designed in the past (i.e. TLS 1.2 times) where it was often considered desirable to add as much flexibility as possible. (Also FWIW the relevance of DH is pretty small these days. I think the largest web clients simply don't support it at all.) -- Hanno Böck https://hboeck.de/
- [TLS] Sending Custom DHE Parameters in TLS 1.3 Michael D'Errico
- Re: [TLS] Sending Custom DHE Parameters in TLS 1.3 Ilari Liusvaara
- Re: [TLS] Sending Custom DHE Parameters in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Sending Custom DHE Parameters in TLS 1.3 Michael D'Errico
- Re: [TLS] Sending Custom DHE Parameters in TLS 1.3 Salz, Rich
- Re: [TLS] Sending Custom DHE Parameters in TLS 1.3 Peter Gutmann
- Re: [TLS] Sending Custom DHE Parameters in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Sending Custom DHE Parameters in TLS 1.3 Henrick Hellström
- Re: [TLS] Sending Custom DHE Parameters in TLS 1.3 Hanno Böck
- Re: [TLS] Sending Custom DHE Parameters in TLS 1.3 Peter Gutmann