IETF Logo Mail Archive

Re: [TLS] Initial draft of DH-based key exchange

Nikos Mavrogiannopoulos <nmav@redhat.com> Tue, 24 March 2015 08:12 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9AA01B2D10 for <tls@ietfa.amsl.com>; Tue, 24 Mar 2015 01:12:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06jPnKMurFwZ for <tls@ietfa.amsl.com>; Tue, 24 Mar 2015 01:12:44 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83D781B2D08 for <tls@ietf.org>; Tue, 24 Mar 2015 01:12:44 -0700 (PDT)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t2O8CUGM009632 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 24 Mar 2015 04:12:30 -0400
Received: from dhcp-2-127.brq.redhat.com (dhcp-2-127.brq.redhat.com [10.34.2.127]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t2O8CQiv010212 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Tue, 24 Mar 2015 04:12:28 -0400
Message-ID: <1427184746.3200.16.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Tue, 24 Mar 2015 09:12:26 +0100
In-Reply-To: <CADi0yUMqYKJKJN4KrRC5dymAYqUZ+VqYTRJmCmkhzfHbb=YO3Q@mail.gmail.com>
References: <CABcZeBNmufvfJ_2Nvw1YwvwGZ2u1=WvL45rPGJXARN1tAxOEfw@mail.gmail.com> <1427123147.19595.62.camel@redhat.com> <CADi0yUMxvN3hHJ2zx7m5hOrPdu080DjvyOGim8c3++QETcx3bA@mail.gmail.com> <20150323205457.GA23158@LK-Perkele-VII> <CADi0yUMqYKJKJN4KrRC5dymAYqUZ+VqYTRJmCmkhzfHbb=YO3Q@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8DqucZIh_i1Ekq00x6XwZtEGo64>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Initial draft of DH-based key exchange
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2015 08:12:45 -0000

On Mon, 2015-03-23 at 17:05 -0400, Hugo Krawczyk wrote:

> The KDF derivation scheme is as simple as it gets for all keys that
> need to be derived and is uniform for all modes.

Note, that an implementation will still have to keep the original PRF to
support all previous protocols. Given the average life time of a
protocol that means keeping two separate KDFs for 10-20 years. That is
not an enormous cost, but the piling of simple primitives don't make a
simple protocol or even worse a simple implementation.

regards,
Nikos

v2.23.0 | Report a Bug | By Email