Re: [TLS] Confirming Consensus on removing RSA key Transport from TLS 1.3
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 29 March 2014 01:33 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D882E1A0755 for <tls@ietfa.amsl.com>; Fri, 28 Mar 2014 18:33:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sMMybQq547yE for <tls@ietfa.amsl.com>; Fri, 28 Mar 2014 18:33:42 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id CFF641A040F for <tls@ietf.org>; Fri, 28 Mar 2014 18:33:42 -0700 (PDT)
Received: from [192.168.13.159] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 9A177F984; Fri, 28 Mar 2014 21:33:39 -0400 (EDT)
Message-ID: <533622F3.2090406@fifthhorseman.net>
Date: Fri, 28 Mar 2014 21:33:39 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.3.0
MIME-Version: 1.0
To: Hanno Böck <hanno@hboeck.de>, tls@ietf.org
References: <AD51D38F-2CFE-4277-854D-C0E56292A336@cisco.com> <20140326211219.27D281AC7D@ld9781.wdf.sap.corp> <20140327095527.5335c7fa@hboeck.de>
In-Reply-To: <20140327095527.5335c7fa@hboeck.de>
X-Enigmail-Version: 1.6+git0.20140323
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="e9VCccSRitrtswUCU3aupKQ1xH2EsRKGS"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/LzxmcBSbgKrz0KQMbiQGThI2Pn0
Subject: Re: [TLS] Confirming Consensus on removing RSA key Transport from TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Mar 2014 01:33:44 -0000
On 03/27/2014 04:55 AM, Hanno Böck wrote: > Appart from the other issues, I think it would make a lot of sense to > change DHE handling in TLS 1.3 away from "server can have arbitrary > parameters". I agree with this. > The authors of the triple handshake attack have proposed having a set > of "known good" parameters and I think this is the way to go for TLS > 1.3 and DHE. It's probably enough to say "we define a 2048 and a 4096 > DH parameter set with tested and known primes" and allow the option to > easily define more if there ever is a need to say "we need 8192 bit DHE > now". I've submitted an initial stab at a proposal for negotiated discrete log diffie-hellman ciphersuites: http://tools.ietf.org/html/draft-gillmor-tls-negotiated-dl-dhe-00 Please send criticism and suggestions. I've selected the primes using roughly the same idea as RFC 3526, but rather than using pi as the "nothing up my sleeve" number, i've used zero (another well-known infinite sequence). If people see problems with this or think we should select the named groups in a different way, i'm happy to hear other proposals. regards, --dkg
- [TLS] Confirming Consensus on removing RSA key Tr… Joseph Salowey (jsalowey)
- [TLS] On axing DHE (was: Re: Confirming Consensus… Rene Struik
- Re: [TLS] Confirming Consensus on removing RSA ke… Trevor Perrin
- Re: [TLS] Confirming Consensus on removing RSA ke… Martin Rex
- Re: [TLS] Confirming Consensus on removing RSA ke… Watson Ladd
- Re: [TLS] Confirming Consensus on removing RSA ke… Santosh Chokhani
- Re: [TLS] Confirming Consensus on removing RSA ke… Martin Rex
- Re: [TLS] Confirming Consensus on removing RSA ke… Hanno Böck
- Re: [TLS] Confirming Consensus on removing RSA ke… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming Consensus on removing RSA ke… Jack Lloyd
- Re: [TLS] Confirming Consensus on removing RSA ke… Alyssa Rowan
- Re: [TLS] Confirming Consensus on removing RSA ke… Paul Bakker
- Re: [TLS] Confirming Consensus on removing RSA ke… Alyssa Rowan
- Re: [TLS] Confirming Consensus on removing RSA ke… Hanno Böck
- Re: [TLS] Confirming Consensus on removing RSA ke… Johannes Merkle
- Re: [TLS] Confirming Consensus on removing RSA ke… Paul Bakker
- Re: [TLS] Confirming Consensus on removing RSA ke… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming Consensus on removing RSA ke… Salz, Rich
- Re: [TLS] Confirming Consensus on removing RSA ke… Watson Ladd
- Re: [TLS] Confirming Consensus on removing RSA ke… Salz, Rich
- Re: [TLS] Confirming Consensus on removing RSA ke… Andy Lutomirski
- Re: [TLS] Confirming Consensus on removing RSA ke… Marsh Ray
- Re: [TLS] Confirming Consensus on removing RSA ke… Daniel Kahn Gillmor
- Re: [TLS] Confirming Consensus on removing RSA ke… Daniel Kahn Gillmor
- [TLS] Negotiated Discrete Log DHE revision [was: … Daniel Kahn Gillmor
- Re: [TLS] Negotiated Discrete Log DHE revision [w… Michael D'Errico
- Re: [TLS] Negotiated Discrete Log DHE revision Michael D'Errico
- Re: [TLS] Negotiated Discrete Log DHE revision Henrick Hellström
- Re: [TLS] Negotiated Discrete Log DHE revision [w… Daniel Kahn Gillmor
- Re: [TLS] Negotiated Discrete Log DHE revision Daniel Kahn Gillmor
- Re: [TLS] Negotiated Discrete Log DHE revision Samuel Neves
- Re: [TLS] Negotiated Discrete Log DHE revision Watson Ladd
- Re: [TLS] Negotiated Discrete Log DHE revision Samuel Neves
- Re: [TLS] Negotiated Discrete Log DHE revision Liz meeks
- Re: [TLS] Negotiated Discrete Log DHE revision [w… Fedor Brunner
- Re: [TLS] Negotiated Discrete Log DHE revision [w… Fedor Brunner
- Re: [TLS] Confirming Consensus on removing RSA ke… Joseph Salowey (jsalowey)
- Re: [TLS] Confirming Consensus on removing RSA ke… Martin Rex
- Re: [TLS] Confirming Consensus on removing RSA ke… Eric Rescorla
- Re: [TLS] Confirming Consensus on removing RSA ke… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming Consensus on removing RSA ke… Kurt Roeckx
- Re: [TLS] Confirming Consensus on removing RSA ke… Daniel Kahn Gillmor
- Re: [TLS] Confirming Consensus on removing RSA ke… Eric Rescorla
- Re: [TLS] Confirming Consensus on removing RSA ke… Kurt Roeckx
- Re: [TLS] Confirming Consensus on removing RSA ke… Eric Rescorla
- Re: [TLS] Confirming Consensus on removing RSA ke… Nikos Mavrogiannopoulos
- Re: [TLS] Confirming Consensus on removing RSA ke… Viktor Dukhovni
- Re: [TLS] Confirming Consensus on removing RSA ke… Watson Ladd
- Re: [TLS] Confirming Consensus on removing RSA ke… Nikos Mavrogiannopoulos