Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

mrex@sap.com (Martin Rex) Tue, 17 September 2013 13:15 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73EFD11E843C for <tls@ietfa.amsl.com>; Tue, 17 Sep 2013 06:15:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.156
X-Spam-Level:
X-Spam-Status: No, score=-10.156 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4+JziSnqLYBT for <tls@ietfa.amsl.com>; Tue, 17 Sep 2013 06:14:58 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 5A36F11E8455 for <tls@ietf.org>; Tue, 17 Sep 2013 06:14:43 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id r8HDEZ2c013859 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 17 Sep 2013 15:14:35 +0200 (MEST)
In-Reply-To: <523853A7.3070002@gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Date: Tue, 17 Sep 2013 15:14:35 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20130917131435.8AE601A974@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 13:15:03 -0000

Yaron Sheffer wrote:
> So yes, I agree. Here's from our work-in-progress -01 version:
> 
> As currently specified and implemented, elliptic curve groups are 
> preferable over modular DH groups: they are easier and safer to use 
> within TLS.

Elliptic curve crypto is still fenced with non-expired patent claims,
requires an implementation of elliptic curve algorithms and the
relevant TLS extensions (something which is FAR from universally
available) and elliptic curve technology is considerably more
sensitive to side channel (=timing) attacks that DH, RSA & DSA.

-Martin