RE: [TLS] Re: Short Ephermal Diffie-Hellman keys
<Pasi.Eronen@nokia.com> Tue, 15 May 2007 13:50 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HnxQ2-0003qB-Hx; Tue, 15 May 2007 09:50:26 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HnxQ0-0003p2-EK for tls@lists.ietf.org; Tue, 15 May 2007 09:50:24 -0400
Received: from smtp.nokia.com ([131.228.20.173] helo=mgw-ext14.nokia.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HnxPy-0006QY-VB for tls@lists.ietf.org; Tue, 15 May 2007 09:50:24 -0400
Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-ext14.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l4FDo1Zp030250; Tue, 15 May 2007 16:50:14 +0300
Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 15 May 2007 16:50:14 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 15 May 2007 16:50:14 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Re: Short Ephermal Diffie-Hellman keys
Date: Tue, 15 May 2007 16:50:13 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2404229A6B@esebe105.NOE.Nokia.com>
In-Reply-To: <87y7jqckh2.fsf@mocca.josefsson.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Re: Short Ephermal Diffie-Hellman keys
Thread-Index: AceW8MBDUflNK2N8TuWjS/DDI/ZxNAABqxrQ
References: <op.tsa3n9ttqrq7tp@nimisha.oslo.opera.com><46488F24.4020304@pobox.com><B356D8F434D20B40A8CEDAEC305A1F24041FA7FF@esebe105.NOE.Nokia.com><4649A374.8040805@drh-consultancy.demon.co.uk> <87y7jqckh2.fsf@mocca.josefsson.org>
From: Pasi.Eronen@nokia.com
To: simon@josefsson.org, tls@lists.ietf.org
X-OriginalArrivalTime: 15 May 2007 13:50:14.0256 (UTC) FILETIME=[F6A6BF00:01C796F7]
X-Nokia-AV: Clean
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Simon Josefsson wrote: > Some applications that use GnuTLS (I believe Exim is an example) > have a separate script invoked once every day (or similar) to > re-generate the DH parameters. This approach works fine even if > getting the entropy is a bottle-neck, since it allows servers to > continue to run using the earlier DH parameters until the new > parameters have been generated. BTW, why do you generate new DH parameters in the first place? Earlier I suggested that TLS 1.2 spec should probably recommend just hardcoding some of the groups from RFC 3526 (i.e., recommend against generating DH parameters). This would simplify code and provide less opportunities for getting things wrong (e.g. very small primes seen by Yngve; small subgroup attacks; etc.). http://www1.ietf.org/mail-archive/web/tls/current/msg01115.html Best regards, Pasi _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Short Ephermal Diffie-Hellman keys Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Short Ephermal Diffie-Hellman keys Mike
- Re: [TLS] Short Ephermal Diffie-Hellman keys Nelson B Bolyard
- Re: [TLS] Short Ephermal Diffie-Hellman keys Yngve N. Pettersen (Developer Opera Software ASA)
- RE: [TLS] Short Ephermal Diffie-Hellman keys Pasi.Eronen
- Re: [TLS] Short Ephermal Diffie-Hellman keys Dr Stephen Henson
- [TLS] Re: Short Ephermal Diffie-Hellman keys Simon Josefsson
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- Re: [TLS] Short Ephermal Diffie-Hellman keys jimmy
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- RE: [TLS] Re: Short Ephermal Diffie-Hellman keys Pasi.Eronen
- Re: [TLS] Short Ephermal Diffie-Hellman keys Dr Stephen Henson
- [TLS] Re: Short Ephermal Diffie-Hellman keys Simon Josefsson
- Re: [TLS] Short Ephermal Diffie-Hellman keys Nelson B Bolyard
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- Re: [TLS] Short Ephermal Diffie-Hellman keys Russ Housley
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- Re: [TLS] Short Ephermal Diffie-Hellman keys Peter Gutmann
- [TLS] RE: Short Ephermal Diffie-Hellman keys Pasi.Eronen
- Re: [TLS] Short Ephermal Diffie-Hellman keys Eric Rescorla
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- Re: [TLS] Short Ephermal Diffie-Hellman keys Russ Housley
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- Re: [TLS] Short Ephermal Diffie-Hellman keys Russ Housley
- Re: [TLS] Short Ephermal Diffie-Hellman keys Peter Gutmann