Re: [TLS] draft-green-tls-static-dh-in-tls13-01

Dave Garrett <davemgarrett@gmail.com> Sat, 08 July 2017 22:11 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72618126E64 for <tls@ietfa.amsl.com>; Sat, 8 Jul 2017 15:11:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5nNeXNQm7X7 for <tls@ietfa.amsl.com>; Sat, 8 Jul 2017 15:11:44 -0700 (PDT)
Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48A15126DC2 for <tls@ietf.org>; Sat, 8 Jul 2017 15:11:44 -0700 (PDT)
Received: by mail-qt0-x234.google.com with SMTP id b40so49994747qtb.2 for <tls@ietf.org>; Sat, 08 Jul 2017 15:11:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-transfer-encoding:message-id; bh=+CGb0T81EoZEy0ykvXPAhEygP/30uwuxpqaL0Hh8sSw=; b=KqHsCKvMTfmX7Xf0yw4nqeoCZqnL/AHAMV0gR4KeZuB8K+6LVP0eqdKwWnbio1lkp/ aa8PBviGDCYRSphbUJoGH+jwklZec7lkVkKrlhkRQpGuREISpQ4/nDrXcWdZ0tvseli2 oxTqmI5e41XEFfQKRBUmoH5DDNOpzyhh0KuILA71n6kSd/LMd/6mnCrR2G2gxX5Nyup4 +2k/2zTten9FRBwQ5QygM4l1/mt9AOnP3R3iQyxy/jWMaO3jB87nLEQx20cc+12wcnGJ m6xcVRuc0QR7oLk20k2+L4OFrm90hO9ZjtZ8meVFOdgbxd1c6pzUTmIDRa9BPM1kvtiw +omA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:user-agent:references :in-reply-to:mime-version:content-transfer-encoding:message-id; bh=+CGb0T81EoZEy0ykvXPAhEygP/30uwuxpqaL0Hh8sSw=; b=RD7YEzRKkcg8aG5nvvFwnrKRMDgG8dnKYouRMeQCM3iLxP56UQHyBP+8S3Zu9tflyF 00lxotbMzmsL/iUnGzEzHiSMIgzMK9+gYt+gIgfC3JcdFV6aHBmrQZjN3t5YksNWiE3E WWerAk7n46WcL9fFwilKXtgYy4OkZcj1/DhuqmaaVpbSFWoiLrobcGC7oWNlzpDNSKqx q19gqq7MGYaKTqHlPNMYDKMN7q4ek9RtAVYhy4xZIFTYqP/vHMtn/MZkiic3NwJK41+v 1QXB0xFlYB6XjiUgNoJoMTjFAJJQKiXVWVvvWKUXqtoSnbQWXwGItx/0W400nrDaMVDW 6xbw==
X-Gm-Message-State: AIVw113rdpmvsdFZdtX1v4/LttmTeB/lzvR+tKBxVQphk5TRy+QXsVkv kU3p/xYic+Mms1V4
X-Received: by 10.237.48.174 with SMTP id 43mr44492015qtf.201.1499551903314; Sat, 08 Jul 2017 15:11:43 -0700 (PDT)
Received: from dave-laptop.localnet (pool-71-175-70-41.phlapa.fios.verizon.net. [71.175.70.41]) by smtp.gmail.com with ESMTPSA id q40sm5882831qtf.42.2017.07.08.15.11.42 (version=TLS1 cipher=AES128-SHA bits=128/128); Sat, 08 Jul 2017 15:11:42 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org, Matthew Green <matthewdgreen@gmail.com>
Date: Sat, 08 Jul 2017 18:11:41 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com>
In-Reply-To: <CAPCANN-xgf3auqy+pFfL6VO5GpEsCCHYkROAwiB1u=8a4yj+Fg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-6"
Content-Transfer-Encoding: 7bit
Message-Id: <201707081811.41908.davemgarrett@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/M8kZr-nTHZe8nAmhEl1W4BzGQzk>
Subject: Re: [TLS] draft-green-tls-static-dh-in-tls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2017 22:11:46 -0000

On Friday, July 07, 2017 03:02:43 am Matthew Green wrote:
> https://tools.ietf.org/html/draft-green-tls-static-dh-in-tls13-01

This document uses the terms:
"Ephemeral (EC)DHE" & "Static (EC)DHE"

The 'E' stands for ephemeral. Regardless of the technical, security, political, logistical, ethical, and whatever merits of this document, could you please make the terminology not hurt my brain? The former is the standard ATM machine silliness, and the later is contradictory and only vaguely viable by fiat of explicitly writing out the silliness:

https://tools.ietf.org/html/draft-green-tls-static-dh-in-tls13-01#section-1.1
>   This document introduces the term "static (elliptic curve) Diffie-
>   Hellman ephemeral", generally written as "static (EC)DHE", to refer
>   to long-lived finite field or elliptic curve Diffie-Hellman keys or
>   key pairs that will be used with the TLS 1.3 ephemeral ciphersuites
>   to negotiate traffic keys for multiple TLS sessions.
>
>   For clarity, this document also introduces the term "ephemeral
>   (elliptic curve) Diffie-Hellman ephemeral", generally written as
>   "ephemeral (EC)DHE", to denote finite field or elliptic curve Diffie-
>   Hellman keys or key pairs that will be used with the TLS 1.3
>   ephemeral ciphersuites to negotiate traffic keys for a single TLS
>   sessions.

It should be simply:
"Ephemeral (EC)DH" & "Static (EC)DH"

Or just:
"(EC)DHE" & "Static (EC)DH"
(or even "(EC)DHS" if you want to use a similar scheme for both)

My argument is that you've got to be able to come up with better terminology than "ephemeral (elliptic curve) Diffie-Hellman ephemeral". Using the same word twice in the same term with slightly different implications is... messy and confusing.


Dave


PS
Response on the merits of the spec to follow in another post.