Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt

[Alyssa Rowan <akr@akr.io>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 24/10/2014 15:55, Peter Gutmann wrote:

> Re-doing the crypto to implement and support ECC may happen in five
>  to ten years, if there's enough code space in the flash.

So, you want to use 768-bit groups… for five to ten years… yeah, I'm
not too comfortable with that.

>> No, it's blessing them even to list them. People will probably 
>> implement what we specify.
> So put in a note saying that use isn't recommended.

…or, you could not put it in.

Intentionally specifying something new, in a security-oriented RFC,
that by the way you absolutely shouldn't use because it's insecure,
seems a bit reckless to me.

> ("it works, don't touch it any more").

I think we really ought to be getting rid of skeletons in the closet,
not adding new ones - despite Hallowe'en being next week, and that
phrase being appropriately spine-chilling! ;)

(BTW: Lost, embedded devices; too small to use a 2048-bit group for…
some reason? RAM?; yet negotiate (768|1024|1536) DHE…

…wild guess here: RSA key signing this exchange is totally
minty-fresh? …and actually checked? With something that isn't MD5? And
the DHE keys aren't generated with 2 bits of entropy and a potato
because the $2.50 intern lunch budget didn't cover an RNG? <g>)

>> 768 and 1024 are crackable today by any reasonably well-funded 
>> adversary with access to a chip fab, as you well know;
> ... who probably won't be using that capability to attack a power 
> meter, or a flow monitor

…or a centrifuge? ¬_¬

SCADA security - or lack thereof - is a very big problem. I don't
agree that specifying groups for future use that we _know_ are too
small, helps do anything but make it worse.

- -- 
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUSr8hAAoJEOyEjtkWi2t6m38QAL2EZ53g3OJXyJiJyEfnDzx2
4SXY+MXL00ybwdzg2vO4zh8tDCRRZ9omP4X8nZzRndRVCMOk2gWPDa2ZZIw1unan
57ytBIsgS0X2bAW2GaJ2cs/+r6m/mQQy4bAjajhcEMmols1++48LtT0or+rucjpd
H0DFoNtVcpCqlM6mnLyMj5tsAB3gjL04Q2i0JUUA4KlKaK9uyyobLT3P+RluHjyP
DwU1OEjuacvdmmpliBSPROlGcG0nMU5nhHGJnCpE7yg6nlI2JXjUnJgtUdEyL8M3
O593w6CKN4kJ4HbPNo8vqQlpm/mUstfhSJ4pWiy8+EbxBFTICqZ9+l8ZsegDurJE
SrDAStQfDqpEW2kAe04cqL+yjfp8fB+akhwZXJkic5TBB+eRAPu1XHvHQkYRM69f
JPDCvLex0iwpM0LXU0dbpHtsuLvCnJzMcCdJYRSiN3Vs1FFcJMGI1gl6poCxIMMd
ieWfp8u/RfUkQKMPxMJgGIMWVdqED6xHqEFxF3tSW9noh603Oyz7ABP7K1Sm7wJ3
0X8YEKnycw8jHI0pAPCIKsREZ1s1o8AyhAZfxqoPG7tQIAO8of29W7fGD4II/bRT
7/wKsmUGGtQxGcnUPOAZvnzEg3zb6LEkVzUIcPCCjQlHOe6BVh/xaO0tjl1F/zQq
LitFwIoGpTwZEXhToa2x
=D0Ak
-----END PGP SIGNATURE-----