[TLS] Fwd: OPS-DIR review of draft-ietf-tls-rfc4492bis-14

Yoav Nir <ynir.ietf@gmail.com> Thu, 09 March 2017 07:46 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 08440128E18 for <tls@ietfa.amsl.com>; Wed, 8 Mar 2017 23:46:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id D4YwbGCHezYM for <tls@ietfa.amsl.com>; Wed, 8 Mar 2017 23:46:42 -0800 (PST)
Received: from mail-wr0-x22a.google.com (mail-wr0-x22a.google.com [IPv6:2a00:1450:400c:c0c::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A27A11204D9 for <tls@ietf.org>; Wed, 8 Mar 2017 23:46:41 -0800 (PST)
Received: by mail-wr0-x22a.google.com with SMTP id l37so39038813wrc.1 for <tls@ietf.org>; Wed, 08 Mar 2017 23:46:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:date:references:cc:to:message-id; bh=/mwn2UjE+gDKoaaV6jSfRg4LnCV9XwWRT3VEg4b5INs=; b=G3Ory0ncOm8aNIyHvmdNy+nE4zMr8jHkyvlrBPPsZd/c6iLBP1kyY+duGnlbjtXtfN GzvtH1R+ST3rAo6vI3rmAd36MxsQDBFLv/AqdnYjRzmOM8F4eLf6fR6/+PQShSIm1w+W dItEPd/DuGYZLiEwDlsiFV7qgZfjdsmP1hkA4WVF5tN8xsGfPxyMU/TBwXkgXCGVPxnR AQ2s8F+vMadj3HCrgz0//cRLNUMM6URfe1ZlIYlHzRYvU+yIC+PW/9vYbtQGtwfXEvK9 uteluO+E2RiE3StTIe8Ugxs2yFkRZs99xR5TeAY3E9f5DcYtNRCoT3dhqcCRCbIXEm7z vvhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:cc:to :message-id; bh=/mwn2UjE+gDKoaaV6jSfRg4LnCV9XwWRT3VEg4b5INs=; b=Vlu72+T7ieCVKovc/JyMDVZ45aVYswU3DHnKJk1Y3Ajcr6cltuck9oCkvZUQarh47W n3fN+MU1PYNzfqkc1/aEX3SBFXkJyMQw7H3GlNMORytc3xwCkqT/JufqTT8IXOMsARso edqSexI3GsoQ/MYeVV80WBYNAR3OEVV8bXdHTtirNf26bMAG60OIzGrAcCaVGwL97C+J 2xrT8k9XU8kj0h+T4hEpaRqpOnNjFI5Xed3QyO0pJYatAiEmEEUMCvWEBe7IbbuUKA6e Ibf2QyR8V/8bDqLHT+0rhqsyksLuzGRN3kzIGuA5QXLneGN8Ynq7R90DWcLXdRAedYVc OMpQ==
X-Gm-Message-State: AMke39mmMTHPuuqKTmBD2OS+P9hYyMFC9e+Zx23DkSpyFMbpSlZK+HNT7/Q/DHML7doZsQ==
X-Received: by with SMTP id 29mr8927793wrx.33.1489045599957; Wed, 08 Mar 2017 23:46:39 -0800 (PST)
Received: from [] (dyn32-131.checkpoint.com. []) by smtp.gmail.com with ESMTPSA id x1sm7098267wrd.63.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 Mar 2017 23:46:39 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_56674AF9-AE30-4DD9-BB79-27BD12DFC342"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Thu, 9 Mar 2017 09:46:35 +0200
References: <BF1E729E-EE7F-43C9-99EE-E9AEDE583254@gmail.com>
To: "tls@ietf.org list" <tls@ietf.org>
Message-Id: <82B83730-04EC-4BED-BB9E-4A8C56B52948@gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/K6XieUkC0ZOVHsQWoAkZb6PDxQY>
Cc: Bert Wijnen <bwietf@bwijnen.net>
Subject: [TLS] Fwd: OPS-DIR review of draft-ietf-tls-rfc4492bis-14
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2017 07:46:44 -0000

Also forwarding to TLS

I have created https://github.com/tlswg/rfc4492bis/pull/34 <https://github.com/tlswg/rfc4492bis/pull/34>

I’ll merge this if there are no objections just before the submission cut-off and submit a new version.


> Begin forwarded message:
> From: Yoav Nir <ynir.ietf@gmail.com>
> Subject: Re: OPS-DIR review of draft-ietf-tls-rfc4492bis-14
> Date: 9 March 2017 at 8:34:13 GMT+2
> To: "Bert Wijnen (IETF)" <bwietf@bwijnen.net>
> Cc: draft-ietf-tls-rfc4492bis.all@ietf.org, "ops-dir@ietf.org" <ops-dir@ietf.org>
> Hi, Bert.
> Thanks for the review.  See below
> On 8 Mar 2017, at 20:14, Bert Wijnen (IETF) <bwietf@bwijnen.net <mailto:bwietf@bwijnen.net>> wrote:
>> I did the OPS Directorate review for draft-ietf-tls-rfc4492bis-14
>> Summary:ready for publication
>> As far as I can tell, this document describes a number of ecc
>> cipher suites that can be used by TLS servers and clients. It describes
>> the interaction btween the client and server for the various cipher
>> suites used.
>> So for all I can tell, this has no operational or network management
>> impacts on the internet.
>> NITS:
>> - abstract states:
>>   protocol.  In particular, it specifies the use of Ephemeral Elliptic
>>   Curve Diffie-Hellman (ECDHE)....
>>  I would have expected the acronym to be EECDH ???
> Well, yes. But this was the initialism used in the original RFC 4492 in 2006, and now it’s used everywhere including in ciphersuite names and in codebases everywhere.
> Nor was this invented for 4492. Finite field Ephemeral Diffie-Hellman has been referred to as DHE at least as far back as the TLS 1.0 RFC (RFC 2246) from 1999. Probably earlier.
>>  in fact the text in section 2:
>>    All of them use Ephemeral ECDH (ECDHE)....
>>   makes me think that indeed EECDH is a much better acronym or abbreviation
>>  But you can ignore this, it is probably just my preference how I would
>>  abbreviate.
> I agree. But the term is used in codebases everywhere. We’re probably as stuck with it as we are with the referer field: https://tools.ietf.org/html/rfc7231#section-5.5.2 <https://tools.ietf.org/html/rfc7231#section-5.5.2>
> Another issue that came up in the discussion is in section 2.3: ECDH_anon uses an ephemeral EC key, so it should have been ECDHE_anon.  This also follows the naming of the anonymous finite-field diffie hellman in 2246: DH_anon.  We decided not to change that.
>> - Introdiuction states:
>> o the use of the Elliptic Curve Diffie-Hellman key agreement scheme with ephemeral keys to establish the TLS premaster secret, and o the use of ECDSA certificates for authentication of TLS peers.
>> Why do you use the full text (not acronym) in the first bullet and only an acronym in the 2nd bullet? Bert
> Good point. Since these are expanded in the abstract, I guess I can just use the initialism in there.  But I definitely should mention EdDSA in the second bullet.
> Yoav