Re: [TLS] Should we require compressed points
Manuel Pégourié-Gonnard <mpg@polarssl.org> Sat, 01 November 2014 17:21 UTC
Return-Path: <mpg@polarssl.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2358B1A8A0C for <tls@ietfa.amsl.com>; Sat, 1 Nov 2014 10:21:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.397
X-Spam-Level:
X-Spam-Status: No, score=0.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_EQ_NL=1.545, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dRNc8C-TpuOL for <tls@ietfa.amsl.com>; Sat, 1 Nov 2014 10:21:25 -0700 (PDT)
Received: from vps2.offspark.com (vps2.brainspark.nl [141.138.204.106]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A058A1A89EF for <tls@ietf.org>; Sat, 1 Nov 2014 10:21:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=polarssl.org; s=exim; h=Subject:Content-Transfer-Encoding:Content-Type:In-Reply-To:References:CC:To:MIME-Version:From:Date:Message-ID; bh=YicEfaddijpJXGqmM2iq/4SFt6yRsj7y2R98n2P+l7k=; b=jTO8aCaxGyPLyvQ+mWlhsrYDZdBL5Uu5uVdmW17sKZ9IFUbVn2vQnfjSj5oBqF453MB98F5EpnXN3LL4pKnI992GrXEJrQv0LrU9hzqI9XrH4WXWUo/UDivI1/tnN8o3gBKg06MgZs20F18R89YvSqx8Rzz/lZ7921aU+3amhMw=;
Received: from mna75-11-88-161-199-191.fbx.proxad.net ([88.161.199.191] helo=[192.168.0.12]) by vps2.offspark.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mpg@polarssl.org>) id 1XkcMX-0006cd-PD; Sat, 01 Nov 2014 18:21:18 +0100
Message-ID: <54551692.2070905@polarssl.org>
Date: Sat, 01 Nov 2014 18:21:22 +0100
From: Manuel Pégourié-Gonnard <mpg@polarssl.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, Eric Rescorla <ekr@rtfm.com>
References: <9A043F3CF02CD34C8E74AC1594475C739B9D6102@uxcn10-5.UoA.auckland.ac.nz> <CABcZeBOWR4BVy0e3TY3FVB8wqOwrUgD6OfHLTJS_iXUZv30CsA@mail.gmail.com> <544F635D.2000309@polarssl.org> <20141028145223.GQ19158@mournblade.imrryr.org> <544FC339.8010605@polarssl.org> <CABcZeBPctqdSia7tJ5F9s42wAYq5mWL06qjCPUxdWFVL-BSKHw@mail.gmail.com> <20141031183146.GA12592@LK-Perkele-VII>
In-Reply-To: <20141031183146.GA12592@LK-Perkele-VII>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-SA-Exim-Connect-IP: 88.161.199.191
X-SA-Exim-Mail-From: mpg@polarssl.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on vps2.offspark.com)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/8QBxHjVjsOsz89r0b0kJgxubhmU
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Should we require compressed points
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Nov 2014 17:21:27 -0000
On 31/10/2014 19:31, Ilari Liusvaara wrote: > On Fri, Oct 31, 2014 at 10:34:52AM -0700, Eric Rescorla wrote: >> This discussion seems to be settling, so I've prepared a pull request >> that implements Bodo's suggestion: >> >> https://github.com/tlswg/tls13-spec/pull/86 > > I think 8.1.2 (ECDHE premaster secret calculation) should be modified > as well, to specify using the fixed wire encoding of selected group for > premaster secret. > Just to be clear: this would change the way the PMS is computed for the existing curves, right? I'm not opposed to it, I just want to make sure we're on the same line. > This is to avoid problems with more "odd" encodings. > I think this is indeed a very desirable outcome, that is achieved by your proposal. > Note that 8.1.1 does not quite match that beheviour, since it specifes > leading zero octets to be stripped (whereas DHE "element" encoding > doesn't seem to specify if zeroes are stripped or not) > I think it makes sense to accept non-canonical representation of DHE elements as long as it's not ambiguous (be liberal in what you accept), while for the PMS it's necessary to be strict in order to ensure interop. But I wouldn't be oppose to something like "DHE elemens MUST be encoded without leading zeroes, but implementations MAY accept leading zeroes in their encoding". Manuel.
- [TLS] Should we require compressed points Eric Rescorla
- Re: [TLS] Should we require compressed points Hubert Kario
- Re: [TLS] Should we require compressed points Martin Thomson
- Re: [TLS] Should we require compressed points Eric Rescorla
- Re: [TLS] Should we require compressed points Michael StJohns
- Re: [TLS] Should we require compressed points Michael StJohns
- Re: [TLS] Should we require compressed points Yoav Nir
- Re: [TLS] Should we require compressed points Ilari Liusvaara
- Re: [TLS] Should we require compressed points Dan Harkins
- Re: [TLS] Should we require compressed points Michael StJohns
- Re: [TLS] Should we require compressed points Watson Ladd
- Re: [TLS] Should we require compressed points Rene Struik
- Re: [TLS] Should we require compressed points Andrei Popov
- Re: [TLS] Should we require compressed points Eric Rescorla
- Re: [TLS] Should we require compressed points Martin Thomson
- Re: [TLS] Should we require compressed points Watson Ladd
- Re: [TLS] Should we require compressed points Andrei Popov
- Re: [TLS] Should we require compressed points Rene Struik
- Re: [TLS] Should we require compressed points Jeffrey Walton
- Re: [TLS] Should we require compressed points Peter Gutmann
- Re: [TLS] Should we require compressed points Peter Gutmann
- Re: [TLS] Should we require compressed points Eric Rescorla
- Re: [TLS] Should we require compressed points Martin Thomson
- Re: [TLS] Should we require compressed points Watson Ladd
- Re: [TLS] Should we require compressed points Michael StJohns
- Re: [TLS] Should we require compressed points Manuel Pégourié-Gonnard
- Re: [TLS] Should we require compressed points Bodo Moeller
- Re: [TLS] Should we require compressed points Viktor Dukhovni
- Re: [TLS] Should we require compressed points Eric Rescorla
- Re: [TLS] Should we require compressed points Ilari Liusvaara
- Re: [TLS] Should we require compressed points Manuel Pégourié-Gonnard
- Re: [TLS] Should we require compressed points Eric Rescorla
- Re: [TLS] Should we require compressed points Ilari Liusvaara
- Re: [TLS] Should we require compressed points Manuel Pégourié-Gonnard
- Re: [TLS] Should we require compressed points Eric Rescorla
- Re: [TLS] Should we require compressed points Michael StJohns
- Re: [TLS] Should we require compressed points Manuel Pégourié-Gonnard
- Re: [TLS] Should we require compressed points Michael StJohns