IETF Logo Mail Archive

[TLS] Why are the brainpool curves not allowed in TLS 1.3?

"Bruckert, Leonie" <Leonie.Bruckert@secunet.com> Tue, 17 July 2018 12:39 UTC

Return-Path: <Leonie.Bruckert@secunet.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0592130E25 for <tls@ietfa.amsl.com>; Tue, 17 Jul 2018 05:39:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fEVWl-lVyVwj for <tls@ietfa.amsl.com>; Tue, 17 Jul 2018 05:39:35 -0700 (PDT)
Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E825A127333 for <tls@ietf.org>; Tue, 17 Jul 2018 05:39:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id B512F201CA for <tls@ietf.org>; Tue, 17 Jul 2018 16:39:17 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JacstGnWY8fk for <tls@ietf.org>; Tue, 17 Jul 2018 16:39:16 +0200 (CEST)
Received: from mail-essen-02.secunet.de (mail-essen-02.secunet.de [10.53.40.205]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 8C669200AA for <tls@ietf.org>; Tue, 17 Jul 2018 16:39:16 +0200 (CEST)
Received: from MAIL-ESSEN-01.secunet.de ([fe80::1c79:38b7:821e:46b4]) by mail-essen-02.secunet.de ([fe80::4431:e661:14d0:41ce%16]) with mapi id 14.03.0399.000; Tue, 17 Jul 2018 14:39:31 +0200
From: "Bruckert, Leonie" <Leonie.Bruckert@secunet.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Why are the brainpool curves not allowed in TLS 1.3?
Thread-Index: AdQdyutxd5brAeCrTvCBnUE+fi65pA==
Date: Tue, 17 Jul 2018 12:39:31 +0000
Message-ID: <DE8E4C1F24911E469CC24DD4819274AA2770426C@mail-essen-01.secunet.de>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-g-data-mailsecurity-for-exchange-state: 0
x-g-data-mailsecurity-for-exchange-error: 0
x-g-data-mailsecurity-for-exchange-sender: 23
x-g-data-mailsecurity-for-exchange-server: cbe3d3f7-b9e3-4256-b890-f24c4306a01c
x-exclaimer-md-config: 2c86f778-e09b-4440-8b15-867914633a10
x-g-data-mailsecurity-for-exchange-guid: 4D7E4AE3-1D77-44B1-8E99-185B444FB429
Content-Type: multipart/alternative; boundary="_000_DE8E4C1F24911E469CC24DD4819274AA2770426Cmailessen01secu_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/82u5VTk65y3bMDdWedzOEm46_Ks>
Subject: [TLS] Why are the brainpool curves not allowed in TLS 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2018 12:39:39 -0000

Dear WG members,



I am quite astonished that the brainpool curves are eventually prohibited in TLS 1.3. Based on an earlier comment (https://www.ietf.org/mail-archive/web/tls/current/msg17204.html), I would have thought that the brainpool curves will be allowed in any future version, especially since they have been deployed successfully to date.



Reading the latest draft I happened to notice that the numbers 0x001A to 0x001C that point to the brainpool curves are marked as obsolete_RESERVED for the following reasons:



"The obsolete curves have various known/theoretical weaknesses or have had very little usage, in some cases only due to unintentional server configuration issues.  They are no longer considered appropriate for general use and should be assumed to be potentially unsafe." (See p. 127)



I am not aware of any weaknesses of the brainpool curves, so I consider this banishment unjustified. As I did not at all understand this decision and furthermore, could not find any explanations in the mailing list archive, I would like to ask how all this happened.



Best regards,



Leonie

v2.23.0 | Report a Bug | By Email