Re: [TLS] FFDHE and SHOULDs on usage
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 16 April 2015 20:56 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC56C1A6F7A for <tls@ietfa.amsl.com>; Thu, 16 Apr 2015 13:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.357
X-Spam-Level:
X-Spam-Status: No, score=-0.357 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id garXUVwy3vZ9 for <tls@ietfa.amsl.com>; Thu, 16 Apr 2015 13:56:19 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id CB6DF1A6EF0 for <tls@ietf.org>; Thu, 16 Apr 2015 13:56:18 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 2A9D2F984 for <tls@ietf.org>; Thu, 16 Apr 2015 16:56:17 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 5F218209E8; Thu, 16 Apr 2015 10:44:08 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: tls@ietf.org
In-Reply-To: <CABkgnnXJWv_-NQBJD_hT5p8V7gpBeQTOatirShSpi8wQ5=HB4A@mail.gmail.com>
References: <CABkgnnVxLJhpm+vjUsaQTBGOQ7n=MDBiR3Pk+f7J0m_0rRGT+A@mail.gmail.com> <874mohqmk2.fsf@alice.fifthhorseman.net> <CABkgnnXJWv_-NQBJD_hT5p8V7gpBeQTOatirShSpi8wQ5=HB4A@mail.gmail.com>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Thu, 16 Apr 2015 10:44:08 -0400
Message-ID: <87fv80nnev.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/5GpfQsDSeheU-ZDrxro4v-l9a-U>
Subject: Re: [TLS] FFDHE and SHOULDs on usage
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2015 20:56:20 -0000
On Wed 2015-04-15 15:05:26 -0400, Martin Thomson wrote: > On 15 April 2015 at 11:22, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: >> - <t>A client that offers any of these values in the elliptic_curves >> - extension SHOULD ALSO include at least one FFDHE ciphersuite in >> - the Client Hello.</t> >> + <t>A client that offers a "Supported Groups" extension >> + containing an FFDHE group should also include at least one FFDHE >> + ciphersuite in the Client Hello.</t> > > I apologize for not completing the :) > It's been a while, so I went back and re-read this little bit, > prompted largely by your choice to move to a lowercase should: > > The compatible client that wants to be able to negotiate strong FFDHE > SHOULD send a "Supported Groups" extension (identified by type > elliptic_curves(10) in [RFC4492]) in the ClientHello, and include a > list of known FFDHE groups in the extension data, ordered from most > preferred to least preferred. If the client also supports and wants > to offer ECDHE key exchange, it MUST use a single "Supported Groups" > extension to include all supported groups (both ECDHE and FFDHE > groups). The ordering SHOULD be based on client preference, but see > Section 6.1 for more nuance. > > A client that offers any of these values in the elliptic_curves > extension SHOULD ALSO include at least one FFDHE ciphersuite in the > Client Hello. > > This is a little over-2119-y for me. How about: > > """ > A client that wants to negotiatiate strong FFDHE sends a ClientHello > containing a cipher suite that uses DHE key exchange and a "Supported > Groups" extension (identified by ...). The "Supported Groups" > extension contains the FFDHE groups the client will accept. If the > client also intends to accept ECDHE key exchange, the same "Supported > Groups" extension is used for both FFDHE and ECDHE groups. > > Groups are ordered based on client preference, noting the additional > ordering considerations in Section 6.1. > """ I'm willing to drop the 2119 language in this section if other people think that it is inappropriate. Some of it seems relevant for interop to me (e.g. 'MUST use a single "Supported Groups" extension' just echoes 5246's restriction 'There MUST NOT be more than one extension of the same type.') What do others think here? Also, this rewrite says "ordered based on client preferences" but doesn't indicate which order based on client preferences: most preferred to least preferred or the other way around. It may be pedantic, but this is exactly the sort of pedantry that RFCs should include. --dkg
- [TLS] FFDHE and SHOULDs on usage Martin Thomson
- Re: [TLS] FFDHE and SHOULDs on usage Bodo Moeller
- Re: [TLS] FFDHE and SHOULDs on usage Martin Thomson
- Re: [TLS] FFDHE and SHOULDs on usage Daniel Kahn Gillmor
- Re: [TLS] FFDHE and SHOULDs on usage Martin Thomson
- [TLS] please review (was: Re: FFDHE and SHOULDs o… Sean Turner
- Re: [TLS] FFDHE and SHOULDs on usage Daniel Kahn Gillmor
- Re: [TLS] FFDHE and SHOULDs on usage Martin Thomson
- Re: [TLS] FFDHE and SHOULDs on usage Martin Rex
- Re: [TLS] FFDHE and SHOULDs on usage Andrey Jivsov
- Re: [TLS] FFDHE and SHOULDs on usage Thijs van Dijk
- Re: [TLS] FFDHE and SHOULDs on usage Hubert Kario