Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

Michael D'Errico <mike-list@pobox.com> Sun, 15 September 2013 21:21 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7349811E81DE for <tls@ietfa.amsl.com>; Sun, 15 Sep 2013 14:21:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0MHW4ac6sPs6 for <tls@ietfa.amsl.com>; Sun, 15 Sep 2013 14:21:14 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by ietfa.amsl.com (Postfix) with ESMTP id 1757911E81C6 for <tls@ietf.org>; Sun, 15 Sep 2013 14:21:13 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 0F576DF4B; Sun, 15 Sep 2013 17:21:12 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=4jCcsVre+cv7 nSxpKQheklTcUiw=; b=DviyXAQ1quwXBPwPN6HYhCuzuKiBNUZBS5qsgPrETr+V p6/oL0KyTw3RcQ9Pr6z+vmFarOc2F82I9/T+xAfphLC8znZourr43McHgw/EVGO0 9KvegcDBYMnh0wveT7aGtpraMTgTNO1Q0ySc1UP7oQPQckuJn1i/B9j+gG+Nofg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=HikRDM kgUGnl6XohrxCM3cs9ThJQ48C50gDwxKpxtGtNJVtZVCOqDjgZj/LifmUOzlmrMv rU+2QSc+akpyLuBiFNJVx+R0Yamp+Z0PoEmxQA3BMEje+RAWJbv4CspqgAUkeiOi 7e/nLPNFLyAA2YeeHfuDrZFYehwDbMTkozsDo=
Received: from a-pb-sasl-quonix.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 06729DF4A; Sun, 15 Sep 2013 17:21:12 -0400 (EDT)
Received: from iMac.local (unknown [24.234.153.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 4C082DF49; Sun, 15 Sep 2013 17:21:11 -0400 (EDT)
Message-ID: <523624C6.8050006@pobox.com>
Date: Sun, 15 Sep 2013 14:21:10 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <52360658.7050203@gmail.com> <CAD75AFF-16FB-42CD-8DD6-54DA18F2F3D6@checkpoint.com> <523612DE.9010901@cs.tcd.ie>
In-Reply-To: <523612DE.9010901@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: BE9F5B2E-1E4C-11E3-997F-CE710E5B5709-38729857!a-pb-sasl-quonix.pobox.com
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Sep 2013 21:21:24 -0000

DH can be sped up if you incorporate a medium-sized (e.g.
256-bit) prime q into the parameters.  See for example
Cryptography Engineering, pages 187-188.  Since q is
missing from the signed ServerDHParams, adding it would
require an extension.

We all know how hard it is to new get extensions deployed,
but perhaps there's now sufficient incentive....

Mike


Stephen Farrell wrote:
> 
> On 09/15/2013 08:56 PM, Yoav Nir wrote:
>> So no, I don't think we should give up of PFS.
> 
> +1024 :-)
> 
> S.