Re: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 19 August 2016 12:29 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3352C12B077 for <tls@ietfa.amsl.com>; Fri, 19 Aug 2016 05:29:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.447
X-Spam-Level:
X-Spam-Status: No, score=-5.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.247] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cEIzKFNXgCAa for <tls@ietfa.amsl.com>; Fri, 19 Aug 2016 05:29:29 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 063A212D0D3 for <tls@ietf.org>; Fri, 19 Aug 2016 05:29:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1471609769; x=1503145769; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=CFrPZFaDSGGBe5g8/eqnLmqoTUf3/Z67luZ55c6Vt1I=; b=BC5Fil2WnhG22IKxW20U6Qaa+SknaTtx9OrzaJyZltjgdPTN7e/SsJXk 0NY2KTdEEb9YjcltgIO04MZJZEQyvwcKhkRpBEqxeFQMH2pvu3E2pccn+ zsi1hDmty8wVr/mzAXhtsuKOXAX+PeGf4WwLatC+Fwbt+HxzmMELEdMyX GJQiRVwFNFJaxL6FG1OgSs1LmCE2xOmRFKPGGGPb6bJ7Wbb8/v4wTWIKx L37xWgveMsLPSrO/U6zEAHra6AYTGsrLfXY5c7H4WgqdJOBpaBEDbngG2 ONg8owAzsQilwzEBKbumIlO+O8u1zdbitaXqwk8EGCDci57oSmr/FGOx6 w==;
X-IronPort-AV: E=Sophos;i="5.28,544,1464609600"; d="scan'208";a="102835150"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 20 Aug 2016 00:29:25 +1200
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.93]) by uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id 14.03.0266.001; Sat, 20 Aug 2016 00:29:25 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Bodo Moeller <bmoeller@acm.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
Thread-Index: AdH3qzVttHomztzDTIKlIRH23NqfIv//fPYAgAIjA03//486AIADpKzA
Date: Fri, 19 Aug 2016 12:29:23 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4CF416C@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4CF009C@uxcn10-5.UoA.auckland.ac.nz> <20160816145548.GQ4670@mournblade.imrryr.org> <9A043F3CF02CD34C8E74AC1594475C73F4CF1AC9@uxcn10-5.UoA.auckland.ac.nz>, <CADMpkc+vbkWz_TQ2Ch5JfaVRPse4qeXPPitsBV=d2yDtSx4eLA@mail.gmail.com>
In-Reply-To: <CADMpkc+vbkWz_TQ2Ch5JfaVRPse4qeXPPitsBV=d2yDtSx4eLA@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.6.3.2]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/APAY84m_uZodC5lwTZALJPD6-qU>
Subject: Re: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2016 12:29:34 -0000
Bodo Moeller <bmoeller@acm.org> writes: >Peter, so your complaint is about the lack of support for explicitly >specified (non-"named") groups? It's the lack of support for DHE unless it's the exact parameters the server wants. At the moment if your implementation wants to use DHE (which pretty much all of them do) you have two options: 1. Ignore RFC 7919 and perform DHE with several billion devices worldwide. 2. Implement RFC 7919 and, unless both client and server happen to choose an appropriate FFDHE parameter set that both sides can agree on, be forced to fall back to the old, unsafe RSA key exchange. The problem is that 7919 doesn't say "I want to do DHE, if possible with these parameters", it says "I will only accept DHE if you use these parameters, otherwise you cannot use DHE but must drop back to RSA". Talk about cutting off your nose to spite your face, you'd have to have rocks in your head to want to break your implementation like that. Until now I hadn't had a major interest in 7919 (it's rather hard to identify what problem it's actually solving), but thought I'd look at it for TLS-LTS use. However, if using it requires giving up DHE in a lot of cases there's no way I'll be implementing it. Peter.
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… David Benjamin
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Geoffrey Keating
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Watson Ladd
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Ilari Liusvaara
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Peter Gutmann
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Ilari Liusvaara
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Peter Gutmann
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Geoffrey Keating
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Bodo Moeller
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Peter Gutmann
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Watson Ladd
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Benjamin Kaduk
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Viktor Dukhovni
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Peter Gutmann
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Peter Gutmann
- [TLS] RFC 7919 on Negotiated Finite Field Diffie-… rfc-editor
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Peter Gutmann
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Ryan Hamilton
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Ilari Liusvaara
- Re: [TLS] RFC 7919 on Negotiated Finite Field Dif… Peter Gutmann