Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt
Alyssa Rowan <akr@akr.io> Fri, 24 October 2014 21:05 UTC
Return-Path: <akr@akr.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E8A71A6FE5 for <tls@ietfa.amsl.com>; Fri, 24 Oct 2014 14:05:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.302
X-Spam-Level:
X-Spam-Status: No, score=-1.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_72=0.6, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2t8ztjk21iMu for <tls@ietfa.amsl.com>; Fri, 24 Oct 2014 14:05:35 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 684C31A6FEB for <tls@ietf.org>; Fri, 24 Oct 2014 14:05:34 -0700 (PDT)
Message-ID: <544ABF21.6030005@akr.io>
Date: Fri, 24 Oct 2014 22:05:37 +0100
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: "tls@ietf.org" <tls@ietf.org>
References: <9A043F3CF02CD34C8E74AC1594475C739B9D77B4@uxcn10-5.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C739B9D77B4@uxcn10-5.UoA.auckland.ac.nz>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/L_eY_FBD6EailybGrYS38a1LBRo
Subject: Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 21:05:37 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 24/10/2014 15:55, Peter Gutmann wrote: > Re-doing the crypto to implement and support ECC may happen in five > to ten years, if there's enough code space in the flash. So, you want to use 768-bit groups… for five to ten years… yeah, I'm not too comfortable with that. >> No, it's blessing them even to list them. People will probably >> implement what we specify. > So put in a note saying that use isn't recommended. …or, you could not put it in. Intentionally specifying something new, in a security-oriented RFC, that by the way you absolutely shouldn't use because it's insecure, seems a bit reckless to me. > ("it works, don't touch it any more"). I think we really ought to be getting rid of skeletons in the closet, not adding new ones - despite Hallowe'en being next week, and that phrase being appropriately spine-chilling! ;) (BTW: Lost, embedded devices; too small to use a 2048-bit group for… some reason? RAM?; yet negotiate (768|1024|1536) DHE… …wild guess here: RSA key signing this exchange is totally minty-fresh? …and actually checked? With something that isn't MD5? And the DHE keys aren't generated with 2 bits of entropy and a potato because the $2.50 intern lunch budget didn't cover an RNG? <g>) >> 768 and 1024 are crackable today by any reasonably well-funded >> adversary with access to a chip fab, as you well know; > ... who probably won't be using that capability to attack a power > meter, or a flow monitor …or a centrifuge? ¬_¬ SCADA security - or lack thereof - is a very big problem. I don't agree that specifying groups for future use that we _know_ are too small, helps do anything but make it worse. - -- /akr -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUSr8hAAoJEOyEjtkWi2t6m38QAL2EZ53g3OJXyJiJyEfnDzx2 4SXY+MXL00ybwdzg2vO4zh8tDCRRZ9omP4X8nZzRndRVCMOk2gWPDa2ZZIw1unan 57ytBIsgS0X2bAW2GaJ2cs/+r6m/mQQy4bAjajhcEMmols1++48LtT0or+rucjpd H0DFoNtVcpCqlM6mnLyMj5tsAB3gjL04Q2i0JUUA4KlKaK9uyyobLT3P+RluHjyP DwU1OEjuacvdmmpliBSPROlGcG0nMU5nhHGJnCpE7yg6nlI2JXjUnJgtUdEyL8M3 O593w6CKN4kJ4HbPNo8vqQlpm/mUstfhSJ4pWiy8+EbxBFTICqZ9+l8ZsegDurJE SrDAStQfDqpEW2kAe04cqL+yjfp8fB+akhwZXJkic5TBB+eRAPu1XHvHQkYRM69f JPDCvLex0iwpM0LXU0dbpHtsuLvCnJzMcCdJYRSiN3Vs1FFcJMGI1gl6poCxIMMd ieWfp8u/RfUkQKMPxMJgGIMWVdqED6xHqEFxF3tSW9noh603Oyz7ABP7K1Sm7wJ3 0X8YEKnycw8jHI0pAPCIKsREZ1s1o8AyhAZfxqoPG7tQIAO8of29W7fGD4II/bRT 7/wKsmUGGtQxGcnUPOAZvnzEg3zb6LEkVzUIcPCCjQlHOe6BVh/xaO0tjl1F/zQq LitFwIoGpTwZEXhToa2x =D0Ak -----END PGP SIGNATURE-----
- [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dh… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Alyssa Rowan
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Manuel Pégourié-Gonnard
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Geoffrey Keating
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Alyssa Rowan
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Stephen Checkoway
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Hubert Kario