Re: [TLS] Singular or multiple NamedGroup(s) in the "HelloRetryRequest"

Paul Hoffman <paul.hoffman@vpnc.org> Fri, 16 January 2015 16:29 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E98D01ACEB0 for <tls@ietfa.amsl.com>; Fri, 16 Jan 2015 08:29:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yAG4yQx1gWUc for <tls@ietfa.amsl.com>; Fri, 16 Jan 2015 08:29:52 -0800 (PST)
Received: from proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D732A1ACCED for <tls@ietf.org>; Fri, 16 Jan 2015 08:29:52 -0800 (PST)
Received: from [10.20.30.90] (50-1-98-91.dsl.dynamic.fusionbroadband.com [50.1.98.91]) (authenticated bits=0) by proper.com (8.15.1/8.14.7) with ESMTPSA id t0GGTp6Q025865 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 16 Jan 2015 09:29:52 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host 50-1-98-91.dsl.dynamic.fusionbroadband.com [50.1.98.91] claimed to be [10.20.30.90]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <CABcZeBNOERvqWcxj2G1FBC5UL5fH_T+dJ53N0RYEgxKepnVJ6w@mail.gmail.com>
Date: Fri, 16 Jan 2015 08:29:50 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <EDC2B9E0-6F08-42AB-9A91-C8B6A89B71B2@vpnc.org>
References: <1421422017019.67267@nist.gov> <CABcZeBNOERvqWcxj2G1FBC5UL5fH_T+dJ53N0RYEgxKepnVJ6w@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.1993)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/4NuD78DmVogws1YJ9_Yo0ctX8R4>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Singular or multiple NamedGroup(s) in the "HelloRetryRequest"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2015 16:29:54 -0000

On Jan 16, 2015, at 7:44 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> Note that the client advertises all the groups it can support, so the server
> can just pick the "best" one on the clients list.

I think what Quynh wants is to turn the HelloRetryRequest into an advertisement for the server's capabilities, and having that advertisement be longer than 1 would be better. That is, it would be "We're failing and I'm choosing none of yours, but if you retry and can do any of these, please do so".

I'm not saying I like that idea, and I waffled a lot on it in IKEv2, but it is a common proposal for how to do negotiation (as compared to "offer-pick").

--Paul Hoffman