IETF Logo Mail Archive

Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security

Yoav Nir <ynir.ietf@gmail.com> Mon, 12 October 2015 14:31 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D7971B3337 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 07:31:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id br-vCnzu3gFx for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 07:31:16 -0700 (PDT)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 465FB1B335E for <TLS@ietf.org>; Mon, 12 Oct 2015 07:31:16 -0700 (PDT)
Received: by wicge5 with SMTP id ge5so20205540wic.0 for <TLS@ietf.org>; Mon, 12 Oct 2015 07:31:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Ug4S8qDXqfu4vLxsInfGwAAFlQYgQ7yu9Aw2k4lKTT4=; b=0zCnRlCILPiHXVhQBM0vAotM3D7pbhWB6kr4mnEJQUrYEQ2Xc7fiG46EGBzTPeqV3Y /rrLec+Je82lMutwcIwbgHDLbcpLDtQZctCk3XgNxrAJKeIKaxTwjqvLcgbIRIv3Uo+0 yF+I+SnF281ScVDEyMMHnBxoaYIoQcd6wJwD4PpW5idwTfKkzVDWn4CQ6UZLnDgZYcqJ Q1qbtZbupjopi2/QKjhiHDrVNrHza/IjFnER/O8cLqEI9YKW5xKuLL7lv1thaNkBaL8k +QzJwKoaCb1pnMVWfZQi15pPMKzA1BXW4dHJNpM7qhgzxMiMQEFGNitVgkoyTUsSACbh Zf/Q==
X-Received: by 10.180.186.74 with SMTP id fi10mr13916889wic.61.1444660274592; Mon, 12 Oct 2015 07:31:14 -0700 (PDT)
Received: from [172.24.251.11] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id kr10sm20182142wjc.25.2015.10.12.07.31.13 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 12 Oct 2015 07:31:13 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <9BB2A2C5-005B-4F2C-9CAB-EA23F07FE0D5@sn3rd.com>
Date: Mon, 12 Oct 2015 17:31:12 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <2B982337-1B4C-4703-A910-7F4D9F319003@gmail.com>
References: <D2414396.3D932%john.mattsson@ericsson.com> <9BB2A2C5-005B-4F2C-9CAB-EA23F07FE0D5@sn3rd.com>
To: Sean Turner <sean@sn3rd.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/LbS8wj6Z4sQ3t8CLPmPKOWfFtjI>
Cc: "TLS@ietf.org" <TLS@ietf.org>
Subject: Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 14:31:18 -0000

True, but that is about key length for AES specifically, not security in general.  The Suite-B recommendations also have the AES key at 256 bits for the higher level but it’s paired with SHA-384.

Yoav

> On Oct 12, 2015, at 4:18 PM, Sean Turner <sean@sn3rd.com> wrote:
> 
> It is interesting to note that in discussing update IPSec’s RFC 4307 somebody suggested making 192 a MAY because folks only use 128/256 [1].
> 
> spt
> 
> [1] http://mailarchive.ietf.org/arch/msg/ipsec/1F5h4j-dP5dLPCCAqg4iqgjjYFE
> 
> On Oct 12, 2015, at 05:01, John Mattsson <john.mattsson@ericsson.com> wrote:
> 
>> I think the selection of MTI Cipher Suites (Section 8.1 of draft-ietf-tls-tls13-09) is excellent, but I am missing a recommended ECC curve for the “SHOULD” cipher suites. Little benefit of using AES-256 with P-256 or curve25519. Shouldn’t there be a SHOULD implement ECC curve giving at least 192-bit security? E.g.
>> 
>> "These cipher suites SHOULD support both digital signatures and key exchange with secp384r1 (NIST P-384)."
>> 
>> Cheers,
>> John
>> 
>> <13DEFB94-F735-49B0-8196-BDB5C9017A32[3].png>
>> 
>> JOHN MATTSSON
>> MSc Engineering Physics, MSc Business Administration and Economics
>> Ericsson IETF Security Coordinator 
>> Senior Researcher, Security
>> 
>> Ericsson AB
>> Ericsson Research
>> Färögatan 6
>> SE-164 80 Stockholm, Sweden
>> Phone +46 10 71 43 501
>> SMS/MMS +46 76 11 53 501
>> john.mattsson@ericsson.com
>> www.ericsson.com
>> 
>> 
>> <D377E800-0A1A-43D3-AF5E-165F697789B5[3].png>
>> 
>> This Communication is Confidential. We only send and receive email on the basis of the terms set out atwww.ericsson.com/email_disclaimer
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email