Re: [TLS] security levels for TLS
Mike <mike-list@pobox.com> Sat, 13 October 2007 00:41 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgV4H-0004bn-Bu; Fri, 12 Oct 2007 20:41:25 -0400
Received: from tls by megatron.ietf.org with local (Exim 4.43) id 1IgV4F-0004bM-TH for tls-confirm+ok@megatron.ietf.org; Fri, 12 Oct 2007 20:41:23 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgV4F-0004Yp-JQ for tls@lists.ietf.org; Fri, 12 Oct 2007 20:41:23 -0400
Received: from sceptre.pobox.com ([207.106.133.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IgV48-0003vQ-Iy for tls@lists.ietf.org; Fri, 12 Oct 2007 20:41:18 -0400
Received: from sceptre (localhost.localdomain [127.0.0.1]) by sceptre.pobox.com (Postfix) with ESMTP id 4BD282F0 for <tls@lists.ietf.org>; Fri, 12 Oct 2007 20:40:58 -0400 (EDT)
Received: from [192.168.1.8] (wsip-24-234-114-35.lv.lv.cox.net [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sceptre.sasl.smtp.pobox.com (Postfix) with ESMTP id 172D7898DB for <tls@lists.ietf.org>; Fri, 12 Oct 2007 20:40:57 -0400 (EDT)
Message-ID: <4710146E.4080909@pobox.com>
Date: Fri, 12 Oct 2007 17:42:22 -0700
From: Mike <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: tls@lists.ietf.org
Subject: Re: [TLS] security levels for TLS
References: <c331d99a0710080621g7c0ec91et35c46553c23f4402@mail.gmail.com> <p0624082fc331b0ed0ecc@[192.168.1.100]> <FA998122A677CF4390C1E291BFCF59890849871E@EXCH.missi.ncsc.mil> <470D0243.3050009@pobox.com> <20071010180324.7ABC533C21@delta.rtfm.com> <470E4399.3010008@pobox.com> <20071011155829.965C733C28@delta.rtfm.com> <470EF76B.5050102@pobox.com> <20071012045718.DE16033C21@delta.rtfm.com> <470FB525.7010308@pobox.com> <20071012180445.1D22D33C21@delta.rtfm.com> <470FC52E.6080707@pobox.com> <p06240828c3357a914a76@[192.168.1.3]> <470FEA1F.7030500@pobox.com> <20071012220036.E3DFC33C21@delta.rtfm.com>
In-Reply-To: <20071012220036.E3DFC33C21@delta.rtfm.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
> Note that the server can already maintain multiple keys and choose one > based on the cipher suite. It's merely that the client can't *directly* > request specific asymmetric key sizes for DH and RSA. I'm proposing an extremely simple way to let the client directly request the desired key sizes. Isn't that better than hoping that the server replies with an acceptable key? >> Negatives: >> >> - effort is needed to write a specification and approve it >> - a server may not support the extension, so a client may >> have to implement an inefficient renegotiation scheme in >> addition anyway > > - It encourages an inappropriate focus on key size. As I said already, > There's a lot more to security than key size. But key size -is- a big part of it, and you should be able to tell a server what key sizes you want, rather than leave it up to chance. Let me express this in a different way: Imagine if TLS already had the ability for a client to specify key sizes to the server, and I was arguing to get rid of that. Wouldn't you think I was crazy for suggesting it? > - It adds yet more unnecessary complexity to a spec which is already > quite complicated. I'm aware of how complicated it is. I'm in the process of trying to add support for some of the existing extensions such as the trusted CA indication, and the complexity of that is so much more. > - It's yet another way to have interop problems. Isn't every addition? > - Implementations which want DH key sizes significantly greater than > 1024 would be better served to move to EC, which already has > explicit support for communicating which groups are supported. And pay someone for the right to generate a self-signed certificate? If you can do it with EC, why do you argue against doing it for DHE? >> - Eric doesn't like it ;-) > > I don't see you getting a lot of support from others, either. I find myself in this position occasionally, and accept that most people will stay out of the line of fire. Mike _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Yngve Nysaeter Pettersen
- Re: [TLS] security levels for TLS Paul Hoffman
- RE: [TLS] security levels for TLS Kemp, David P.
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Steven M. Bellovin
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Paul Hoffman
- Re: [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Paul Hoffman