Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS

Martin Thomson <mt@lowentropy.net> Fri, 30 July 2021 00:41 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B96273A1274 for <tls@ietfa.amsl.com>; Thu, 29 Jul 2021 17:41:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=YYUlO3TC; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=bxXre25s
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KenyURodGyr4 for <tls@ietfa.amsl.com>; Thu, 29 Jul 2021 17:41:29 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0B883A126E for <tls@ietf.org>; Thu, 29 Jul 2021 17:41:28 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 7285F5C00EE for <tls@ietf.org>; Thu, 29 Jul 2021 20:41:27 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Thu, 29 Jul 2021 20:41:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=brQZxK2yiEu4FzsgjbR8ssUgsFMm9wI ZqWUy+OezsVE=; b=YYUlO3TCJOzkZxQT/Q2ut/TJY+f2vwyS39GH+AucXCEZtaV W+w/8+VIVKO6nIXSoWh9F58bI7ME0HGoDcc7yg6zTrn6LSkBgM8tPsj9si5FMpWO 1Ko3QV4QLquOZoEmb50wlek62LosmalUuE9DQ9X7LFbprFw6w93L5iyVkIkvafMv 9L7NdzvwUyWe16h+yfp5xGxg10FjPkCRWVIUUOKEYECvRFrWWjk8onW1n/L8v8pj 0JSDuAYuSrPFvB6Y1TNcHp9soixC4Y8K128Gt/CyErzbu/+jEJJP/MMSG6hK7NBV Om5VfLaP3Zldvi6gZwH3cBo30FvU2s7DwV5C7lg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=brQZxK 2yiEu4FzsgjbR8ssUgsFMm9wIZqWUy+OezsVE=; b=bxXre25s7OC2kKFmnp9EdI 5+Qu35WuK2qi6CL+BuF/KEzY4P9rBDdTOs9DXLavnSKO9rnPgHclDNzpEphZaHUU sStPvDp7l3csEwY2AeQvK2TvI2lc7KdhVIo3BWoBoyQch5FKCjODrpu1NLvt0b3H 9m+GOE5CXQU46Z1WS568uivEgnvvg9UgWEMRfAE+YqBbsgS7EILjLPwHLVGSvpcs 636qlYiSA5iDtpPj/jDefLHop8poby8O2dtm5KEDGmi6z5W6ZcnrNh7q/yVDO/zB jcqJCoZ1nSLBetg7B12IGnS5rrQoluMr84GrWvuTamgJN/IJuJe1ciNGNRFwrARw ==
X-ME-Sender: <xms:t0oDYZgrSqc6xR2U-_4vSP6Zo8HFH0BvKrSvGYALjd9NHEuDDpFaeQ> <xme:t0oDYeA71SWviUh5UzjJVEa1Q7SX0LnaEpV4y3VI9-WT4rr1L93nsYdk-XkyZRShD DOYzWlbF2xGdxEX1E8>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrheeggddulecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhephfeitddtveeihfejjefgve efuedugffgkeevkeehueeggeelveekveektdfhueeinecuffhomhgrihhnpehivghtfhdr ohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:t0oDYZEWdhlAUA665AQG56NHEAyI5H4KPhUiue8qR-zNKi4cxyOrAg> <xmx:t0oDYeRNHcAX9we-qhNTlOJkkGjOWCWedPT8-dKUHri1MDObB9r7eQ> <xmx:t0oDYWzG6OJuIiLd04XYa2C-HByt5V0M9SjNdfNq67o4Si2Budp6uQ> <xmx:t0oDYV9x6-JxbK9qo5WhKt2h6v0Wvhxx-jgpFOipVIuh1JYqo_LPwg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 1A2EE3C0471; Thu, 29 Jul 2021 20:41:27 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-545-g7a4eea542e-fm-20210727.001-g7a4eea54
Mime-Version: 1.0
Message-Id: <1f86d146-92a1-4175-985f-92705d077d7c@www.fastmail.com>
In-Reply-To: <CAOgPGoC4C0bWz0h0iyzGzMPEoDKAPv4euoOkmS+6Uuxncux4Zg@mail.gmail.com>
References: <CAOgPGoC4C0bWz0h0iyzGzMPEoDKAPv4euoOkmS+6Uuxncux4Zg@mail.gmail.com>
Date: Fri, 30 Jul 2021 10:41:05 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DH32ZjOayZUh0vYwU1FzgWZDBzI>
Subject: Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 00:41:34 -0000

I support the *contents* of this document.  The title, however, I can't agree to.  So I want to be clear about the scope of the work, namely deprecating semi-static FFDH and ECDH suites and any use of FFDHE ephemeral suites with reused keys.

The draft limits the ban on ephemeral key reuse to FFDHE, which is right; I could tolerate a prohibition on reuse for ECDH, but I know that we rely on that for HPKE and other things, so it can't really be bad enough to ban.

Cheers,
Martin

On Fri, Jul 30, 2021, at 07:50, Joseph Salowey wrote:
> This is a working group call for adoption for Deprecating FFDH(E) 
> Ciphersuites in TLS (draft-bartle-tls-deprecate-ffdhe-00 
> <https://datatracker.ietf.org/doc/draft-bartle-tls-deprecate-ffdhe/>). 
> We had a presentation for this draft at the IETF 110 meeting and since 
> it is a similar topic to the key exchange deprecation draft the chairs 
> want to get a sense if the working group wants to adopt this draft 
> (perhaps the drafts could be merged if both move forward).  Please 
> review the draft and post your comments to the list by Friday, August 
> 13, 2021.  
> 
> Thanks,
> 
> The TLS chairs
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>