IETF Logo Mail Archive

[TLS] closing - Re: STRAW POLL: Size of the Minimum FF DHE group

Sean Turner <turners@ieca.com> Wed, 26 November 2014 06:47 UTC

Return-Path: <turners@ieca.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 356EE1A1B8D for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 22:47:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.432
X-Spam-Level:
X-Spam-Status: No, score=0.432 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FSL_HELO_BARE_IP_2=1.999, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rc8K224-pDoX for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 22:47:46 -0800 (PST)
Received: from gateway08.websitewelcome.com (gateway08.websitewelcome.com [69.56.216.18]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14C3A1A1A34 for <tls@ietf.org>; Tue, 25 Nov 2014 22:47:46 -0800 (PST)
Received: by gateway08.websitewelcome.com (Postfix, from userid 5007) id 78D59563FA23B; Wed, 26 Nov 2014 00:47:45 -0600 (CST)
Received: from gator3286.hostgator.com (gator3286.hostgator.com [198.57.247.250]) by gateway08.websitewelcome.com (Postfix) with ESMTP id 69991563FA1F4 for <tls@ietf.org>; Wed, 26 Nov 2014 00:47:45 -0600 (CST)
Received: from [96.231.218.201] (port=49728 helo=192.168.1.7) by gator3286.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.82) (envelope-from <turners@ieca.com>) id 1XtWO8-0007ak-5v; Wed, 26 Nov 2014 00:47:44 -0600
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Sean Turner <turners@ieca.com>
In-Reply-To: <8E6B8F53-9E8C-46B2-A721-85E918576F3A@ieca.com>
Date: Wed, 26 Nov 2014 01:47:45 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <DC0E6E9C-08CA-43AD-BAC1-35D34C7BB4F6@ieca.com>
References: <8E6B8F53-9E8C-46B2-A721-85E918576F3A@ieca.com>
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
X-Mailer: Apple Mail (2.1878.6)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator3286.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-IP: 96.231.218.201
X-Exim-ID: 1XtWO8-0007ak-5v
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (192.168.1.7) [96.231.218.201]:49728
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 2
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IzMjg2Lmhvc3RnYXRvci5jb20=
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/77AwEmn46jcLw8FB-UbhgaCIRpk
Subject: [TLS] closing - Re: STRAW POLL: Size of the Minimum FF DHE group
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 06:47:47 -0000

Thanks to all those who participated in this poll, but after three weeks it’s time to close this poll.  The rough consensus expressed on this list is for 2048 as the minimum FF DHE group size.

dkg - please make the appropriate changes in the draft.  While you’re at it, please go ahead and add text to address the comment from the mic for a reference to how one can check that the primes are prime.

Once dkg posts as new version we’ll initiate a WGLC.  As noted during the TLS session in Hawaii, the chairs make a point to ensure whether using new groups vs the old IKE groups is an issue.

Cheers,
J&S (as chairs)

On Nov 04, 2014, at 12:49, Sean Turner <turners@ieca.com> wrote:

> Hi!
> 
> At the TLS Interim meeting in Paris, the WG discussed the FF DHE draft (https://datatracker.ietf.org/doc/draft-ietf-tls-negotiated-ff-dhe/).  The chairs would like to poll the WG on one of the issues in the draft namely the size of the minimum group.
> 
> The draft currently includes a minimum group size of 2432 but the WG also discussed 2048.  Groups smaller than 2048 were discounted for a standards track document as too weak for use but might be documented in a separate “historic” draft.  To help us reach consensus on this point, please reply to this email indicating whether you favor a “2048" or “2432” minimum group size.  Note we’re also looking to specify the smallest number of options for groups as is acceptable - i.e., we’re not looking at specifying both 2048 and 2432.
> 
> Background: Regardless of whether you agree with what follows or not, the following has been put forward as the rationale. We don’t need comments on the rationale, we’re just providing it for background.
> 
> 1) 3DES has a 112-bit work factor and is still considered acceptable in TLS 1.2 and the DLOG keying material shouldn’t be any weaker than the symmetric cipher.
> 
> 2) There is some disagreement about the work factor for the DLOG keys - e.g., NIST says 112-bit work factor correlates to 2048-bit DLOG keys but ECRYPT-II says 112-bit work factor correlates to 2432-bit DLOG keys (see references in draft).
> 
> 3) The other point made about 2048-bit DLOG is that it’s a power of 2 and there’s parity with the public key sizes.
> 
> Cheers,
> j&s

v2.23.0 | Report a Bug | By Email