[TLS] "selected_group" field in HelloRetryRequest in TLS 1.3
Xuelei Fan <xuelei.fan@vimino.com> Fri, 27 November 2015 02:38 UTC
Return-Path: <xuelei.fan@vimino.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5CF81B3139 for <tls@ietfa.amsl.com>; Thu, 26 Nov 2015 18:38:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3M0HCxQXLQO7 for <tls@ietfa.amsl.com>; Thu, 26 Nov 2015 18:38:46 -0800 (PST)
Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBBDD1B3138 for <tls@ietf.org>; Thu, 26 Nov 2015 18:38:45 -0800 (PST)
Received: by obbbj7 with SMTP id bj7so73406972obb.1 for <tls@ietf.org>; Thu, 26 Nov 2015 18:38:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vimino-com.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to:content-type; bh=r+vHBMWk3e3MaWiIOnM+JCNF6khoEKc1D9vIUe0pWwA=; b=QyC1WshxSR3L179juBlCizKO18qzCrBnrf8AEJw746nChkftoNLBOC/ZqZFz0Zq4oz zU+pnY+wBsGy4ivA6DoFCKW/h/YGE4wuxsS8fnwjv0awnIraYfdpc1wbqURX3UqZadI5 Iq5a/FCG4LG/Qxrs3lPHIVCvz0pe9FRDT8bmH/hFTNXpIencCBI/20SkLeZ2YD+FUtTv 8r9wrdpZVvu5IeIG4TWZYTX++JmRO2Iz6VZNX1ryJTdaw+6n99/Qg0J0sDq4m8PeyMie WHXmTHLvZsCPSPcVO7ImXwtl5+0h2TDiSQTMxrqRp6wm+xXuYU6T+rIwsZ06fuWgnEHW zyRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=r+vHBMWk3e3MaWiIOnM+JCNF6khoEKc1D9vIUe0pWwA=; b=Va0g4HTOGZf92lBT3xmu96TAZsBPx13pKlfVpwUTWks/lHnUBLdz3YQAD6FhjtiuAG B0lWQCFBb26brpAi0m4pjbiDyKIMHvBagiL3B3G3MDEsH9XOkV9GrxEfL+zcjaLpp4gP HqSVEaGYYGWKOIBOMvvbi1tEIa9yAT7h/lSO0XdHqlKG1y5ePBFKAfCV4J9FlkpbddUw HPADTVpBOtF75S/sV66jm8aPZvicBdrmPfMIC1r0lvm5oh5Hba4OdSRUs4QqHrX7anid 8rrMUghKcbYuTgQD5qO2g3kXKOf56ZXH/+PLLK/I4FFCqATzn3gqYZ/lCA/XOKo32dGl Mb1A==
X-Gm-Message-State: ALoCoQnfbvGXCOGzfsRnNOjbXU4Z3cBOYM8K8wjct5okuA4GzWohq96nwmYvcg8p/mcuFxjez3yR
MIME-Version: 1.0
X-Received: by 10.182.142.170 with SMTP id rx10mr30993252obb.34.1448591925307; Thu, 26 Nov 2015 18:38:45 -0800 (PST)
Received: by 10.76.171.103 with HTTP; Thu, 26 Nov 2015 18:38:45 -0800 (PST)
X-Originating-IP: [148.87.19.218]
Date: Fri, 27 Nov 2015 10:38:45 +0800
Message-ID: <CAAgBOhu_u0mkvKT2L6qTebJQ4Y4U_CDMnpHYP3O1q=e1QvBgGA@mail.gmail.com>
From: Xuelei Fan <xuelei.fan@vimino.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c338b22203af05257c9739"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/7chEo60yrd5cwtM25TsuJvXMROI>
Subject: [TLS] "selected_group" field in HelloRetryRequest in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Nov 2015 02:38:46 -0000
Hi,
What's the consideration to place selected_group out of the extensions
filed in HelloRetryRequest?
struct {
ProtocolVersion server_version;
CipherSuite cipher_suite;
NamedGroup selected_group;
Extension extensions<0..2^16-1>;
} HelloRetryRequest;
vs
struct {
ProtocolVersion server_version;
CipherSuite cipher_suite;
Extension extensions<0..2^16-1>; // use key_share (empty share)
or
//
supported_group for named groups
} HelloRetryRequest;
The latter may be more friendly for future extensibility, and easier to
implement. For example, FFDHE may be easy to expose to pre-computation
issues in the future, and dynamic safe prime groups may be expected at that
time. Having the selected_group as an extension might be more flexible to
define new replacement.
Thanks,
Xuelei
- [TLS] "selected_group" field in HelloRetryRequest… Xuelei Fan
- Re: [TLS] "selected_group" field in HelloRetryReq… Martin Thomson
- Re: [TLS] "selected_group" field in HelloRetryReq… Xuelei Fan