Re: [TLS] draft-dkg-tls-reject-static-dh
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 12 December 2018 08:30 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3971E131140 for <tls@ietfa.amsl.com>; Wed, 12 Dec 2018 00:30:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MW-LCav-nPNu for <tls@ietfa.amsl.com>; Wed, 12 Dec 2018 00:30:52 -0800 (PST)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EE8012EB11 for <tls@ietf.org>; Wed, 12 Dec 2018 00:30:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1544603451; x=1576139451; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=rbH94pjkudCpUp6mr/flA5vQ/5RH9nz1CuMn4Ss7MJo=; b=Rc/Omft+UF9PFVdMHteYDk1B7ZYwn3BtsNSc2WxUMNeswbGajyz3lkVG Mo+rgkOaoFHpxXwEfKka8RkPaX7BR1KZdjGMRqxW4+hSPSyXxFNoA5AwL 1ejnbE7uX/9GrZMxcD/NElcYCM1/Wnlmxeo3F5ssae0VtpESWU4G3YG3W +nevQd823CF0gP8c+oiOzPgg4AyHYCZ5pCbtcf/Dx8ywKkT2E6IAIH1wE +nWndWq5/CSf4iYlisJEO+4aFtIxzYxgR9U9pVhg3zWpE7LQh4k/7Gbm9 6TcLGIA8xw3cEheDtPrS9rB2/8yGlapFvpeM3eFFlK7Nu6dpa4GlZ6Hmp A==;
X-IronPort-AV: E=Sophos;i="5.56,343,1539601200"; d="scan'208";a="42769671"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.2 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-ogg-a.UoA.auckland.ac.nz) ([10.6.2.2]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 12 Dec 2018 21:30:45 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-a.UoA.auckland.ac.nz (10.6.2.2) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 12 Dec 2018 21:30:45 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Wed, 12 Dec 2018 21:30:45 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Tony Arcieri <bascule@gmail.com>
CC: Nico Williams <nico@cryptonector.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] draft-dkg-tls-reject-static-dh
Thread-Index: AQHUjMy2+Ip4vOdFW02pqhJ3jndT6qVxloSAgAE690z//yyCgIAA4O8ngAFNW4CABqPVKw==
Date: Wed, 12 Dec 2018 08:30:44 +0000
Message-ID: <1544603428476.85535@cs.auckland.ac.nz>
References: <9a9be8fb-9667-0c6a-9fac-cc167f94599f@cs.tcd.ie> <874lbqcgu2.fsf@fifthhorseman.net> <1544164274460.61998@cs.auckland.ac.nz> <20181207064745.GU15561@localhost> <1544166850611.133@cs.auckland.ac.nz>, <CAHOTMVL1adjAcP536fC5Yb2cqi1FJzKkMuRXw5MiOv4M7NZ8EQ@mail.gmail.com>
In-Reply-To: <CAHOTMVL1adjAcP536fC5Yb2cqi1FJzKkMuRXw5MiOv4M7NZ8EQ@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Bl5v5vir3mdVRoJzg0UsPLhopvM>
Subject: Re: [TLS] draft-dkg-tls-reject-static-dh
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Dec 2018 08:30:54 -0000
Tony Arcieri <bascule@gmail.com> writes: >I think these concerns can largely be addressed by ECDHE with e.g. X25519: Sure, and they could be addressed even better with LoRaWAN security, which is even more efficient, however given that the current common denominator for the user base appears to be TLS 1.0, the fact that better things exist doesn't help much until all of the existing hardware is replaced. Peter.
- [TLS] draft-dkg-tls-reject-static-dh Stephen Farrell
- Re: [TLS] draft-dkg-tls-reject-static-dh R duToit
- Re: [TLS] draft-dkg-tls-reject-static-dh Viktor Dukhovni
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh R duToit
- Re: [TLS] draft-dkg-tls-reject-static-dh Daniel Kahn Gillmor
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh Daniel Kahn Gillmor
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann
- Re: [TLS] draft-dkg-tls-reject-static-dh Tony Arcieri
- Re: [TLS] draft-dkg-tls-reject-static-dh Töma Gavrichenkov
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann