Re: [TLS] draft-dkg-tls-reject-static-dh

R duToit <r@nerd.ninja> Wed, 05 December 2018 19:47 UTC

Return-Path: <r@nerd.ninja>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 439A2130ED7 for <tls@ietfa.amsl.com>; Wed, 5 Dec 2018 11:47:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nerd.ninja
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7aQwYJ62W6iP for <tls@ietfa.amsl.com>; Wed, 5 Dec 2018 11:47:06 -0800 (PST)
Received: from sender-of-o52.zoho.com (sender-of-o52.zoho.com [135.84.80.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E778130E4C for <tls@ietf.org>; Wed, 5 Dec 2018 11:47:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544039224; cv=none; d=zoho.com; s=zohoarc; b=fiAvwLSovtj5HBOwDN2UiVl4Mdd9TtkyffV7Sqco+tLlOL/qa3rWuo9rLjVY3eF3L0xDIqGVAXglbmeIk087oGHwHRYpkndH5qt++ABQkhj4AbOVP7E+VHdJ+OW5kK1Q86i5rPiiaSoo1ZbunkdZwnCaJYLYh16NNRWFw7a+IW4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1544039224; h=Content-Type:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=kwCaYLrDzrGIck/1zt2u47TbWvsIPUd/JmtX8qk4vMo=; b=X1xWyTzAfYMSKZlUiUCEgMBvfYl67Um+W95NmLJvwvbnxVrMT9UdR4efsTx7GDkueU78vaUJULFRnZJ9HIDfC74DOZTWYjL4jF9TcwIp9VU2JGCnlpSfZRua0QA3uAT4jIv3uhmpEdIqAiMPyV7S+yr/qIhLBC3nHIXHhcV7ibQ=
ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=nerd.ninja; spf=pass smtp.mailfrom=r@nerd.ninja; dmarc=pass header.from=<r@nerd.ninja> header.from=<r@nerd.ninja>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1544039224; s=zoho; d=nerd.ninja; i=r@nerd.ninja; h=Date:From:To:Message-Id:In-Reply-To:References:Subject:MIME-Version:Content-Type; l=4405; bh=kwCaYLrDzrGIck/1zt2u47TbWvsIPUd/JmtX8qk4vMo=; b=tZkNfwE7ZAMtuGPU1yll1RDLL2PJtG6e3ZyiTscLhWyeSh1CVWXO1yAJ+ghmyKfa Uz38hP907an/54OSsqydR+9o2VdiHqqbGcar1mYeogH8WfSRyiDQ0YebRX15fW2UCOT zeM4p/QPCyznTnURnKZoDDVRcLlOB+F5t7IZ2RLQ=
Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1544039223857936.9978287011887; Wed, 5 Dec 2018 11:47:03 -0800 (PST)
Date: Wed, 05 Dec 2018 14:47:03 -0500
From: R duToit <r@nerd.ninja>
To: "IETF TLS WG" <tls@ietf.org>
Message-Id: <1677fe8d22f.1122a5066314965.3351079353052065811@nerd.ninja>
In-Reply-To: <9D8FEAB5-B06F-42B8-9C3C-B3E8CC4BAEF9@dukhovni.org>
References: <9a9be8fb-9667-0c6a-9fac-cc167f94599f@cs.tcd.ie> <1677fd00312.126588f7d311133.5876875696654149093@nerd.ninja> <9D8FEAB5-B06F-42B8-9C3C-B3E8CC4BAEF9@dukhovni.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_1012344_34858589.1544039223855"
X-Priority: Medium
User-Agent: Zoho Mail
X-Mailer: Zoho Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/M7v03zyYhrhRmZ0ewkuj5kApwdA>
Subject: Re: [TLS] draft-dkg-tls-reject-static-dh
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 19:47:08 -0000

1. Perhaps the kind folks at Qualsys ssllabs.com have some recent stats for us, given that they track DH reuse under "Protocol Details" when you run their https://www.ssllabs.com/ssltest/analyze.html tool. 2. The DoS (prevention) engineers should also weigh in on this.  Would servers not start reusing TLS 1.3 keyshare values when under DoS attack? --Roelof ---- On Wed, 05 Dec 2018 14:34:44 -0500 Viktor Dukhovni <ietf-dane@dukhovni.org> wrote ---- > On Dec 5, 2018, at 2:19 PM, R duToit <r@nerd.ninja> wrote: > > Quote: "As we will discuss later, we empirically find that at least 7.2% of HTTPS domains in the Alexa Top Million reuse DHE values and 15.5% reuse ECDHE values." That survey is now dated. Library defaults matter, and it used to be the case in OpenSSL that it was all to easy to re-use (EC)DHE keys. This is no longer the case, and if that survey were repeated today, servers not running unpatched EOL code would not re-use (EC)DHE keys. I rather expect the amount of re-use is much lower now, and will be essentially zero in the next couple of years (as most of the remaining outdated software is replaced). Some Internet metrics can change in just a few years. --     Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls