Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-00.txt

Patrick Pelletier <code@funwithsoftware.org> Mon, 09 September 2013 01:39 UTC

Return-Path: <code@funwithsoftware.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2AC421F99B7 for <tls@ietfa.amsl.com>; Sun, 8 Sep 2013 18:39:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.357
X-Spam-Level:
X-Spam-Status: No, score=-2.357 tagged_above=-999 required=5 tests=[AWL=0.242, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Zp8R6MYmcVO for <tls@ietfa.amsl.com>; Sun, 8 Sep 2013 18:39:10 -0700 (PDT)
Received: from asbnvacz-mailrelay01.megapath.net (asbnvacz-mailrelay01.megapath.net [207.145.128.243]) by ietfa.amsl.com (Postfix) with ESMTP id 7C5A621F8517 for <tls@ietf.org>; Sun, 8 Sep 2013 18:39:10 -0700 (PDT)
Received: from mail8.sea5.speakeasy.net (mail8.sea5.speakeasy.net [69.17.117.53]) by asbnvacz-mailrelay01.megapath.net (Postfix) with ESMTP id 9A8241EE4FB8 for <tls@ietf.org>; Sun, 8 Sep 2013 21:39:08 -0400 (EDT)
Received: (qmail 503 invoked from network); 9 Sep 2013 01:39:08 -0000
Received: by simscan 1.4.0 ppid: 24876, pid: 17595, t: 1.7054s scanners: clamav: 0.88.2/m:52/d:13495 spam: 3.0.4
Received: from dsl017-096-185.lax1.dsl.speakeasy.net (HELO PatrickMBP.local) (ppelleti@[69.17.96.185]) (envelope-sender <code@funwithsoftware.org>) by mail8.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <tls@ietf.org>; 9 Sep 2013 01:39:06 -0000
Message-ID: <522D26B8.80107@funwithsoftware.org>
Date: Sun, 08 Sep 2013 18:39:04 -0700
From: Patrick Pelletier <code@funwithsoftware.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: tls@ietf.org, perpass@ietf.org
References: <20130907224638.32356.96972.idtracker@ietfa.amsl.com> <522C3497.9020301@gmail.com>
In-Reply-To: <522C3497.9020301@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 01:39:15 -0000

One thing which I feel is missing is recommendations on the size of 
Diffie-Hellman parameters.  It seems generally accepted that 1024-bit 
Diffie-Hellman is no longer secure, and yet that's what most folks are 
still using.  How about something along the lines of "Diffie-Hellman 
parameters of at least 2048 bits SHOULD be chosen"?

--Patrick


On 9/8/13 1:25 AM, Yaron Sheffer wrote:
> This is an early version of my proposal for a BCP-like document, to
> inform the industry on what can be done with existing implementations,
> while TLS 1.3 is still not ready.
>
> I would appreciate your comments of course. Specifically,
> I would like to fill in the Implementation Status table (Sec. 5) and
> would be glad to receive solid information (dates, planned dates,
> version numbers) from implementers.
>
> Thanks,
>      Yaron
>
> -------- Original Message --------
> Subject: New Version Notification for draft-sheffer-tls-bcp-00.txt
> Date: Sat, 07 Sep 2013 15:46:38 -0700
> From: internet-drafts@ietf.org
> To: Yaron Sheffer <yaronf.ietf@gmail.com>
>
>
> A new version of I-D, draft-sheffer-tls-bcp-00.txt
> has been successfully submitted by Yaron Sheffer and posted to the
> IETF repository.
>
> Filename:     draft-sheffer-tls-bcp
> Revision:     00
> Title:         Recommendations for Secure Use of TLS and DTLS
> Creation date:     2013-09-08
> Group:         Individual Submission
> Number of pages: 8
> URL: http://www.ietf.org/internet-drafts/draft-sheffer-tls-bcp-00.txt
> Status:          http://datatracker.ietf.org/doc/draft-sheffer-tls-bcp
> Htmlized:        http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
>
>
> Abstract:
>     Over the last few years there have been several serious attacks on
>     TLS, including attacks on its most commonly used ciphers and modes of
>     operation.  This document offers recommendations on securely using
>     the TLS and DTLS protocols, given existing standards and
>     implementations.
>
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat