Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 13 August 2021 17:21 UTC
Return-Path: <prvs=78599ebe20=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 337B13A1FC5 for <tls@ietfa.amsl.com>; Fri, 13 Aug 2021 10:21:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.894
X-Spam-Level:
X-Spam-Status: No, score=-1.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tWnV0t5IkyoN for <tls@ietfa.amsl.com>; Fri, 13 Aug 2021 10:21:00 -0700 (PDT)
Received: from llmx2.ll.mit.edu (llmx2.ll.mit.edu [129.55.12.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EDA13A2076 for <tls@ietf.org>; Fri, 13 Aug 2021 10:20:29 -0700 (PDT)
Received: from LLE2K16-HYBRD02.mitll.ad.local (LLE2K16-HYBRD02.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTPS id 17DHKPrp045379; Fri, 13 Aug 2021 13:20:25 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=CjuwrwugSUaG1kT1Ql1AID9BfaZPAWCm7dHuIv6YhIufRYlk2SCMYbCQDYg4MoWd9CcebmPTLMfRIOBEooHHbE6ir9i1RbLDCGgX7K1Ivt+aK+lgx0W0XRRGfcJRcDs5NJoripSbrhU4rYDA0M/xI9lvfBjTMqzSZYW6mAIF7o7IXXJhJAsJLBL7GXYxHrga+eFKsGrrsdHnjmWipp+n4bt76pzXJwOEaUvVZdClOx/y/WOHsOvB90oA9feKrUKPJKQ0tMWsDnwAATIfx9Q2nxsF5uTnZYdNz2rCfinh2iJ8CN0HXe6f7FBWSAT4GQmZBluZ5DziRnfjii21o23mbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DQ+xiGd4mg07aVMz/cLdXPH9KUv3ij+DSSJHOhdiRWk=; b=AHttONC+6M45k8TzDql12u7t55tLK1lCGJW12MRIbIE1yQH4Q/52SNTYtcEGNEkZ1Ym6pzK4RkRbNC2hHePIu4GXhThxgDwSBTlTIs2Cpz6NPtuKjnjLIXgZtNSj0lqVOH4C1QsUXPHlBQe92Wzwmpxam9lOIROfgfjV73rJ7JIN+IhFJJPiNIRlz4pIZc3VSRL/pNc0gog5n4LMFiUgSo5t9LeD/WACSS3CYD/wo/3QTJyMVft9UZHKj/VcyYXntpYcFQQosb9dHfqjIsNDl3dbCnvKIbFMaGhUuVlkY5v0X9HT/71icf7He0q6jtnpLhRPF0ixYeaUe5KUlhyXvw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Joseph Salowey <joe@salowey.net>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
Thread-Index: AQHXhMPxpzrCMsaNt0Kem/sQDBKbl6txjJmA///1ygA=
Date: Fri, 13 Aug 2021 17:20:18 +0000
Message-ID: <67533325-2983-47B7-871C-D90799D09532@ll.mit.edu>
References: <CAOgPGoC4C0bWz0h0iyzGzMPEoDKAPv4euoOkmS+6Uuxncux4Zg@mail.gmail.com> <cc9c9d9f-d6b1-3b93-1231-a9a9c34a7fcd@gmail.com>
In-Reply-To: <cc9c9d9f-d6b1-3b93-1231-a9a9c34a7fcd@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.50.21061301
authentication-results: salowey.net; dkim=none (message not signed) header.d=none;salowey.net; dmarc=none action=none header.from=ll.mit.edu;
x-originating-ip: [129.55.200.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6feafa8f-1d26-49b9-7034-08d95e7e9fce
x-ms-traffictypediagnostic: BN1P110MB001:
x-microsoft-antispam-prvs: <BN1P110MB00185D6EFC512C98B269F1D90FA9@BN1P110MB001.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5cUImRY+P8RG8AXXj7N2k4LDibxL0+/gDQ8aTx9wW5T7+wymx511rD/sJMZmQRQHsvP7sYTAA1mO5zU68OxdRMIRdJc4olqfQc1xXfZOw4zdvsfxJGf6fLwVwZ4wgk9/NxbCv98MAYvVwfW/6/3Eu5lKCAoWcTHw6kxyoZIcRYNwQZbpv/Up0+QZ7s5SC6iU7V9HjTKhFyUPIPYpfykvWQf6j4xjTxYtnltSQ0w+KTWhHBPMvCQ229qIp0+KSkYxpnspQS2BK6DeMrQPS97Jt7Ob7mS/mgImq3jF5oqmTKRodwFs7OqfFXj8B0HY6bnnNg2hdFn6OioeHJ2tPI5bQSK4GpHkGnK9Ov1QTxRf8aMHRsXG8MaJb1CmrOq0YNX2ZXgc6lUdeRQXfo/46300AH+NelSwVjJ52ONrDamqFNW7rL2yw6ynnRDRCcya9GdoZ69vDKgx3BsasOwYFXU9cC5yPNLaPNd2psSh1RXZzr/oAEdXrVSQwpBYfCwB2cfhgq5QXfTqBstjPNs/dvrKmWfWafydpZQUyRIURF3PCKsEe9WA6DsmJnOY+BPC6rV4K8JCA7VGa/Bs/dnMwZnjRoFUY2sY6PbwaYrDiefn3XlH//kJmV5k8B6cHEnqsyF3/Mc5Hh7LSzd/Ovk13B9PwNnhMWdoujFJ5292lx1ViDQOvbHkecjUhmXLBETiBmw3r8eNEG5iauzCSNwb5pFEmYU5t2AOS8CBeofNBw84OLk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0706.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(64756008)(66476007)(66446008)(66556008)(66616009)(6512007)(5660300002)(71200400001)(2906002)(75432002)(122000001)(508600001)(99936003)(8936002)(38070700005)(6486002)(110136005)(316002)(6506007)(53546011)(966005)(38100700002)(26005)(166002)(186003)(86362001)(76116006)(66946007)(2616005)(8676002)(83380400001)(33656002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 408+8c0mgjORHzZ6oyDuBQJm5elerHU/lMBUk9wGthCx14Sl+Zy2qRIGptsr9bcR8ZWooSVENaDDRKymKbi4QGHDOfCaMbGxD3iz8y2ckfdl8x//kpr8UtuXKfbCanKsGDE28WmmNPQdtNZdMK0ropKcInfZZBJWvn8O7HnbHyCa6leYn7fTSBAnJzhxL21itcB44bcRs46OKsk/kXEzIZnIrCN1Z3qge42RpTPUBgV7OiMqiKTS8wTLDBdT0/ELxdkeW01c9/m941hefUIGtgjew7fOp5UmsZM4+TVfyRXveIhpHRIXrSJI1zqmhbWav7Snq+c+R0qJadGDx8HLQAw4keCC3XZP3P+l8E/NDui9WavxSLiS6qjP9CpCRSat51ZSg/sfe2LvZ58brs1sp5pfU1rSe5JnEsD/COZyX+dP7XCkbY8rQ9Egyn1E39aR5VnYcSwuRXrdgpvMMD1iYaBZzVRJ3XBBHmjDw1/TWOveFCg150jrMdwaL1SGLLOMTFIlTbYTlSx64Yqh8BP//ICpd4JLv9wFln47C6jN3J3m7oVAmOhx52wa9TCHerlmYgAGs2qwd34O5zCxRgANtR8eV3gzdHUA/9hhKimBeJ2a+RBgYCK7UR8e6SNUt/7Bf/l2gfIQ6Xlq8Lp5/TwprvkCINpVfbchUcEdzKhotNFvmVDAdog9CCWXmISg7RTBoriQLvQMNF4RyjJ2dT/7jg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3711705618_1166588863"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0706.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 6feafa8f-1d26-49b9-7034-08d95e7e9fce
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Aug 2021 17:20:18.8083 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB001
X-OriginatorOrg: ll.mit.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-13_06:2021-08-13, 2021-08-13 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2103310000 definitions=main-2108130104
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7qeB7ooCoV8DmWYStyTpfoMwUvE>
Subject: Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Aug 2021 17:21:05 -0000
I agree with Rene’s points. -- Regards, Uri From: TLS <tls-bounces@ietf.org> on behalf of Rene Struik <rstruik.ext@gmail.com> Date: Friday, August 13, 2021 at 09:58 Dear colleagues: I think this document should absolutely *not* be adopted, without providing far more technical justification. The quoted Raccoon attack is an easy to mitigate attack (which has nothing to do with finite field groups, just with poor design choices of postprocessing, where one uses variable-size integer representations for a key). There are also good reasons to have key exchanges where one of the parties has a static key, whether ecc-based or ff-based (e.g., sni, opaque), for which secure implementations are known. No detail is provided and that alone should be sufficient reason to not adopt. Rene On 2021-07-29 5:50 p.m., Joseph Salowey wrote: This is a working group call for adoption for Deprecating FFDH(E) Ciphersuites in TLS (draft-bartle-tls-deprecate-ffdhe-00). We had a presentation for this draft at the IETF 110 meeting and since it is a similar topic to the key exchange deprecation draft the chairs want to get a sense if the working group wants to adopt this draft (perhaps the drafts could be merged if both move forward). Please review the draft and post your comments to the list by Friday, August 13, 2021. Thanks, The TLS chairs _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
- [TLS] Adoption call for Deprecating FFDH(E) Ciphe… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Martin Thomson
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Martin Thomson
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Ilari Liusvaara
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Viktor Dukhovni
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Viktor Dukhovni
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Benjamin Kaduk
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… David Benjamin
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Eric Rescorla
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Loganaden Velvindron
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Benjamin Kaduk
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Dan Brown
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Peter Gutmann
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Nimrod Aviram
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rob Sayre
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Nimrod Aviram
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rob Sayre
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich