Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group

Hanno Böck <hanno@hboeck.de> Wed, 05 November 2014 10:43 UTC

Return-Path: <hanno@hboeck.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D60491A883B for <tls@ietfa.amsl.com>; Wed, 5 Nov 2014 02:43:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Won90ZHrKJrf for <tls@ietfa.amsl.com>; Wed, 5 Nov 2014 02:43:09 -0800 (PST)
Received: from zucker.schokokeks.org (zucker.schokokeks.org [178.63.68.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 756D81A1B3C for <tls@ietf.org>; Wed, 5 Nov 2014 02:43:09 -0800 (PST)
Received: from pc (ip5b400265.dynamic.kabel-deutschland.de [::ffff:91.64.2.101]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3, 128bits, ECDHE-RSA-AES128-GCM-SHA256) by zucker.schokokeks.org with ESMTPSA; Wed, 05 Nov 2014 11:43:07 +0100 id 000000000000004C.000000005459FF3B.00007172
Date: Wed, 05 Nov 2014 11:43:14 +0100
From: Hanno Böck <hanno@hboeck.de>
To: tls@ietf.org
Message-ID: <20141105114314.45b0139b@pc>
In-Reply-To: <8E6B8F53-9E8C-46B2-A721-85E918576F3A@ieca.com>
References: <8E6B8F53-9E8C-46B2-A721-85E918576F3A@ieca.com>
X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-29042-1415184187-0001-2"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Fy1tUuHaTER1aiXN4DyOnm5K78g
Subject: Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Nov 2014 10:43:12 -0000

I find it a bit odd to have this question without any numbers on
benchmarks.

I am usually in the "give me more bits"-camp, but I don't see anything
even close to breaking 2048 bit dh. Ultimately, I think it's reasonable
to assume that this will only fall when quantum computers will rise.
But then all EC will fail earlier, so we'll have other things to worry
than DH group size.

If using 24xx or 25xx will significantly hinder adoption of fixed
groups due to performance constraints I'd vote for 2048. But I feel I
don't have the numbers to judge.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42