IETF Logo Mail Archive

Re: [TLS] Re: TLS 1.2 draft

Martin Rex <martin.rex@sap.com> Wed, 07 March 2007 14:26 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOx6P-0004fk-M5; Wed, 07 Mar 2007 09:26:49 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOx6N-0004eu-Vx for tls@ietf.org; Wed, 07 Mar 2007 09:26:47 -0500
Received: from smtpde03.sap-ag.de ([155.56.68.140]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HOx6M-0007Vh-KC for tls@ietf.org; Wed, 07 Mar 2007 09:26:47 -0500
Received: from sap-ag.de (smtpde03) by smtpde03.sap-ag.de (out) with ESMTP id PAA28033; Wed, 7 Mar 2007 15:26:12 +0100 (MEZ)
From: Martin Rex <martin.rex@sap.com>
Message-Id: <200703071422.PAA28929@uw1048.wdf.sap.corp>
Subject: Re: [TLS] Re: TLS 1.2 draft
To: smb@cs.columbia.edu
Date: Wed, 07 Mar 2007 15:22:04 +0100
In-Reply-To: <20070307120819.2FE5176612D@berkshire.machshav.com> from "Steven M. Bellovin" at Mar 7, 7 07:08:19 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
X-SAP: out
X-SAP: out
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228
Cc: simon@josefsson.org, tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Steven M. Bellovin wrote:
> 
> On Wed, 07 Mar 2007 10:53:00 +0100
> Simon Josefsson <simon@josefsson.org> wrote:
> 
> > Eric Rescorla <ekr@networkresonance.com> writes:
> > 
> > > What I'm saying is that the recommendation to prevent his attack
> > > is to use an RSA_DHE ciphersuite
> > 
> > I agree with that.  However, if I remember correctly, DHE key
> > exchanges are generally slower than plain RSA key exchanges with
> > temporary keys, although it depends on the DH group size.
> 
> The problem is generating the two large primes for the RSA key pair.

I agree that a full RSA keygen, in particular for same-size (>=1024 bit)
temporary RSA keypairs as the servers certificate is a sure
performance-killer.

However, the protocol does not preclude the use of an SSL servers
temporary keypair for multiple handshakes, say one or a few hours.
SSH servers have been doing this for years.

I admit to have very little experience with most crypto math and
never implemented cryptographic algorithms myself.
I do maintenance on code that implements RSA, but I have never
looked at code for DH, so I can not really comment on that.


-Martin

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email