Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 3352C12B077
 for <tls@ietfa.amsl.com>; Fri, 19 Aug 2016 05:29:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.447
X-Spam-Level: 
X-Spam-Status: No, score=-5.447 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.247]
 autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
 header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id cEIzKFNXgCAa for <tls@ietfa.amsl.com>;
 Fri, 19 Aug 2016 05:29:29 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248])
 (using TLSv1.2 with cipher RC4-SHA (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 063A212D0D3
 for <tls@ietf.org>; Fri, 19 Aug 2016 05:29:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
 d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail;
 t=1471609769; x=1503145769;
 h=from:to:subject:date:message-id:references:in-reply-to:
 content-transfer-encoding:mime-version;
 bh=CFrPZFaDSGGBe5g8/eqnLmqoTUf3/Z67luZ55c6Vt1I=;
 b=BC5Fil2WnhG22IKxW20U6Qaa+SknaTtx9OrzaJyZltjgdPTN7e/SsJXk
 0NY2KTdEEb9YjcltgIO04MZJZEQyvwcKhkRpBEqxeFQMH2pvu3E2pccn+
 zsi1hDmty8wVr/mzAXhtsuKOXAX+PeGf4WwLatC+Fwbt+HxzmMELEdMyX
 GJQiRVwFNFJaxL6FG1OgSs1LmCE2xOmRFKPGGGPb6bJ7Wbb8/v4wTWIKx
 L37xWgveMsLPSrO/U6zEAHra6AYTGsrLfXY5c7H4WgqdJOBpaBEDbngG2
 ONg8owAzsQilwzEBKbumIlO+O8u1zdbitaXqwk8EGCDci57oSmr/FGOx6 w==;
X-IronPort-AV: E=Sophos;i="5.28,544,1464609600"; d="scan'208";a="102835150"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106])
 by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 20 Aug 2016 00:29:25 +1200
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.93]) by
 uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id
 14.03.0266.001; Sat, 20 Aug 2016 00:29:25 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Bodo Moeller <bmoeller@acm.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman
 Ephemeral Parameters for Transport Layer Security (TLS)
Thread-Index: AdH3qzVttHomztzDTIKlIRH23NqfIv//fPYAgAIjA03//486AIADpKzA
Date: Fri, 19 Aug 2016 12:29:23 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4CF416C@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4CF009C@uxcn10-5.UoA.auckland.ac.nz>
 <20160816145548.GQ4670@mournblade.imrryr.org>
 <9A043F3CF02CD34C8E74AC1594475C73F4CF1AC9@uxcn10-5.UoA.auckland.ac.nz>,
 <CADMpkc+vbkWz_TQ2Ch5JfaVRPse4qeXPPitsBV=d2yDtSx4eLA@mail.gmail.com>
In-Reply-To: <CADMpkc+vbkWz_TQ2Ch5JfaVRPse4qeXPPitsBV=d2yDtSx4eLA@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.6.3.2]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/APAY84m_uZodC5lwTZALJPD6-qU>
Subject: Re: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman
 Ephemeral Parameters for Transport Layer Security (TLS)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
 <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
 <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2016 12:29:34 -0000

Bodo Moeller <bmoeller@acm.org> writes:=0A=
=0A=
>Peter, so your complaint is about the lack of support for explicitly=0A=
>specified (non-"named") groups?=0A=
=0A=
It's the lack of support for DHE unless it's the exact parameters the serve=
r=0A=
wants.  At the moment if your implementation wants to use DHE (which pretty=
=0A=
much all of them do) you have two options:=0A=
=0A=
1. Ignore RFC 7919 and perform DHE with several billion devices worldwide.=
=0A=
=0A=
2. Implement RFC 7919 and, unless both client and server happen to choose a=
n=0A=
   appropriate FFDHE parameter set that both sides can agree on, be forced =
to=0A=
   fall back to the old, unsafe RSA key exchange.=0A=
=0A=
The problem is that 7919 doesn't say "I want to do DHE, if possible with th=
ese=0A=
parameters", it says "I will only accept DHE if you use these parameters,=
=0A=
otherwise you cannot use DHE but must drop back to RSA".  Talk about cuttin=
g=0A=
off your nose to spite your face, you'd have to have rocks in your head to=
=0A=
want to break your implementation like that.=0A=
=0A=
Until now I hadn't had a major interest in 7919 (it's rather hard to identi=
fy=0A=
what problem it's actually solving), but thought I'd look at it for TLS-LTS=
=0A=
use.  However, if using it requires giving up DHE in a lot of cases there's=
 no=0A=
way I'll be implementing it.=0A=
=0A=
Peter.=