IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt

Alyssa Rowan <akr@akr.io> Fri, 24 October 2014 13:04 UTC

Return-Path: <akr@akr.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 707331A004D for <tls@ietfa.amsl.com>; Fri, 24 Oct 2014 06:04:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aHBEiMSrjk08 for <tls@ietfa.amsl.com>; Fri, 24 Oct 2014 06:04:52 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AE6D1A004C for <tls@ietf.org>; Fri, 24 Oct 2014 06:04:52 -0700 (PDT)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C739B9D7684@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C739B9D7684@uxcn10-5.UoA.auckland.ac.nz>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
From: Alyssa Rowan <akr@akr.io>
Date: Fri, 24 Oct 2014 14:04:43 +0100
To: tls@ietf.org
Message-ID: <EAF92248-9F24-4D6A-A163-87D8E80B1F8A@akr.io>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/E3XzNKWp6MhKRtWrxqcf2C7X9YQ
Subject: Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 13:04:54 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 24 October 2014 12:32:35 BST, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:

>>Some of the MODP groups (768, 1024, 1536 at least) are also smaller than we should be explicitly supporting in updated tools, so i don't think re-blessing them into another standard is a good idea.
>Shorter groups are still required for embedded devices.

With respect, no, they aren't. 256-bit ECDHE is --> that way. Don't use 1024-bit DHE; use 256-bit ECDHE. More security, more speed, less size; and that's even before CFRG's Christmas present of (X25519|numsp256t1).

Constrained devices are absolutely no excuse for second-or-third-rate crypto. Certainly not today when we know better.

>…you're just giving people the option to use them.

No, it's blessing them even to list them. People will probably implement what we specify. They'll assume we did a good job. If we give people the option to use them, they'll use them. It's inappropriate to use them, because they're widely considered too small to use anymore. So don't list them. Simple.

Technology marches on, I'm afraid; key sizes need to march on too. 768 and 1024 are crackable today by any reasonably well-funded adversary with access to a chip fab, as you well know; 1536 may not be, but I wouldn't chance it anymore as Moore's law benefits the attacker more than embedded devices, attacks always get better over time, and the most pernicious adversaries record traffic in case they can crack it later. It may not be cheap or very practical for them to do so, but we can nevertheless avoid it, so we should.

Keep the groups to >= 2048-bit, please.

- --
/akr
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQI3BAEBCgAhBQJUSk5qGhxBbHlzc2EgUm93YW4gPGFrckBha3IuaW8+AAoJEOyE
jtkWi2t6pZcQAKUWhsd8eY7kJjc9bEdFN/bY1xL4qeeE3gj199P89zLfgPGrfVMN
xhya/luKqPg4mrUbXqiVMoAjFxC+RUvN4SHVEcQRX8BUI1t4Z/Dpcm4T9z2nXJYV
3qB3++fJIbD7P9Ep7Q4TQUVMfho5UI1fyVtvG/Hnl4NjrIAW5q5JVkf2urKvfL35
K3oe1UVVoWG83EXMy16YgCAaduwrMQLs+lAFRLvnywTf1e3fj1gfMtq5v0GkzGoJ
5u+ukpesC+B7POlUb6FSKdGEU9NDdojP6g1Uykg2SW4s+Ad8WZ6qTL7verh/AOoJ
9IzF46UOccJtVvWuVGHyYhBtIxUmCJytaAmD7s3hjY0qlTOEqm0WlW0vblXAxXJe
mgCE2k4Ms9fyYf4+t7QBiZ46ZoVkOPQEwhT9V9MgrKdSOdDtgELOJjFh3DK11X0m
IqJ1F8aY5ijxQxFGvJEEt4bWK9HOO9dinNOXC5ObyJouRMp6XviLqwSQcFRXGWsD
x0HiPVmCFe31k8kljeSP2lMVRaEVd49O4PRZYjg2PbdGcZDQ/Rpx5TSB0DN1Ds5E
GdQ8/W5wI/vI/QASTA/DIAZP5FAyYorhOOqvOiamEEhiL5+kQmPAzunS7uSrHPqo
IT5HWPVE3DKbOIBK4aWX5eyymia18Ub+DUOJlE9R9hmsQMEfh7fSjNaD
=pcZG
-----END PGP SIGNATURE-----

v2.39.1 | Report a Bug | By Email | System Status