Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group
Martin Thomson <martin.thomson@gmail.com> Tue, 04 November 2014 21:37 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55FCC1A0012 for <tls@ietfa.amsl.com>; Tue, 4 Nov 2014 13:37:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WvPkJDfA9G3H for <tls@ietfa.amsl.com>; Tue, 4 Nov 2014 13:37:57 -0800 (PST)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 853F41A0019 for <tls@ietf.org>; Tue, 4 Nov 2014 13:37:57 -0800 (PST)
Received: by mail-la0-f47.google.com with SMTP id gd6so1652562lab.20 for <tls@ietf.org>; Tue, 04 Nov 2014 13:37:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=aiYNtZdnOEm7+QXG4L66+acGlVhZrSqwL1aPC2keuGU=; b=u1TOKW/1Y3+x4qdbK4Mo9QgaZRYLCllP0kOySArI3a6BbIdLPJdR/OBGPRqNvs7amG LNA6iFxtIgC+uPQs7h0SUdEYCZqE4rTYOHl94KkSYndZeA267z39XRonLKyUR93HRrWU llAAcEVyOMcDo7SrlkJSw3Fn+A28mnYNVkllWpvGgbvqvTr8ZaeDY7pMiQ7L10SjZwMh wm+iyANeqrVWxembbOWOdQY8G6w6ibD5OeEsWATL0QqMvux16Xyhp73MV2vii5/SRj6h yhLIBX9xQPKdWLbQsXWpDLydaOXN2HHCA+FKImD+1GAX92BAzzG5T3QtyXjRZliGTG4r 74WA==
MIME-Version: 1.0
X-Received: by 10.112.54.229 with SMTP id m5mr62422426lbp.11.1415137075768; Tue, 04 Nov 2014 13:37:55 -0800 (PST)
Received: by 10.25.215.134 with HTTP; Tue, 4 Nov 2014 13:37:55 -0800 (PST)
In-Reply-To: <1752530545.4492650.1415129075696.JavaMail.zimbra@redhat.com>
References: <8E6B8F53-9E8C-46B2-A721-85E918576F3A@ieca.com> <C42FF6DC-0C84-4519-861D-E70DFA80D446@vpnc.org> <1752530545.4492650.1415129075696.JavaMail.zimbra@redhat.com>
Date: Tue, 04 Nov 2014 13:37:55 -0800
Message-ID: <CABkgnnW0cU26AkwVAm=DdMUkGx8cgOQF8G_R+uFOQA5fXGhqag@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/I4zMPLiq0edoV5TveXzJ63eMrN4
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 21:37:59 -0000
On 4 November 2014 11:24, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote: > That's not a good argument. If in 4 years the 2048-bit certificates > are broken, we can simply reissue stronger ones with no damage to past > sessions. If the 2048-bit DH can be broken, all the past sessions could > be read. I'm actually not a big fan of the argument from alignment: A strong ephemeral exchange protects session confidentiality from some future break or brute forcing (if that's even feasible), outside of the window where an active attack (impersonation or hijacking) based on a break might be possible. If keys are properly ephemeral, an attacker only has while the session is active (or resumptions of the session). A strong authentication key protects a session from MitM attacks at the time of session creation. Authentication keys also have an applicability window, which is limited by the expiration of the associated certificate (plus the relevant clock skew under the NTP-style attacks). There's an argument to be had for stronger ephemeral keys on this basis. In the end, I don't care particularly. I'd like to know if anyone making arguments for either side feels so strongly that they would strongly object to either. If we're just assembling preferences, then it's hard to see a way we can reach consensus on whether number A is better than number B. p.s., Clearly 2^521-1 is the best number. It's not even clear that there is any point arguing about the minor placings.
- [TLS] STRAW POLL: Size of the Minimum FF DHE group Sean Turner
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Martin Thomson
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Peter Gutmann
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Yoav Nir
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Manuel Pégourié-Gonnard
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Paul Hoffman
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Nikos Mavrogiannopoulos
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Stephen Checkoway
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Daniel Kahn Gillmor
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Nikos Mavrogiannopoulos
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Andrey Jivsov
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Martin Thomson
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Viktor Dukhovni
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Watson Ladd
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Russ Housley
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Bodo Moeller
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Bodo Moeller
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Hanno Böck
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Michael Sweet
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Bodo Moeller
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Manuel Pégourié-Gonnard
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Bodo Moeller
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Michael Sweet
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Bodo Moeller
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Manuel Pégourié-Gonnard
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Hubert Kario
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Daniel Kahn Gillmor
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Rene Struik
- [TLS] closing - Re: STRAW POLL: Size of the Minim… Sean Turner