[TLS] Short Ephermal Diffie-Hellman keys
"Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> Mon, 14 May 2007 07:42 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HnVCe-0008QL-NT; Mon, 14 May 2007 03:42:44 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HnVCc-0008QF-Lu for tls@lists.ietf.org; Mon, 14 May 2007 03:42:42 -0400
Received: from sam.opera.com ([213.236.208.81]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HnVCb-0002yj-7U for tls@lists.ietf.org; Mon, 14 May 2007 03:42:42 -0400
Received: from nimisha.oslo.opera.com (pat-tdc.opera.com [213.236.208.22]) (authenticated bits=0) by sam.opera.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l4E7gY2Z011175 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT) for <tls@lists.ietf.org>; Mon, 14 May 2007 07:42:39 GMT
Date: Mon, 14 May 2007 09:41:59 +0200
To: tls@lists.ietf.org
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Organization: Opera Software AS
Content-Type: text/plain; format="flowed"; delsp="yes"; charset="iso-8859-15"
MIME-Version: 1.0
Message-ID: <op.tsa3n9ttqrq7tp@nimisha.oslo.opera.com>
User-Agent: Opera Mail/9.20 (Win32)
X-Virus-Scanned: ClamAV 0.90.1/3242/Mon May 14 04:57:51 2007 on sam.opera.com
X-Virus-Status: Clean
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by sam.opera.com id l4E7gY2Z011175
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
Subject: [TLS] Short Ephermal Diffie-Hellman keys
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Hello all, I have recently started to see an increasing number of reports about SSL/TLS servers using short Ephermal Diffie-Hellman keys, in some cases very short ones. Opera's SSL/TLS client will display warnings to users if the server is using RSA/DH/DSA keys shorter than (currently) 900 bits. All keys used in the chain, including the CA certificates are included in this evaluation, as well as the ephermal key, if the server selects a cipher with an ephermal key. The short DHE keys I have seen have usually been 512 bits, but I have seen servers sending keys as short as 256 bits. I have seen these keys on both normal webservers and mail servers, but I have an impression that there are more reports about the mail servers. I think it might be an idea for TLS specification to include recommendations about how such keys should be selected. My preference for such a recommendation is that the ephermal key should be as long, or as strong, as the key used to sign the ephermal key. I don't think the specification should mention specific keylengths, because what is secure is likely to change over time. Comments? As far as Opera is concerned, I am considering a few options, including automatically disabling the ephermal ciphersuites or re-sorting the cipher suite list toplace them last, and renegotiate the connection. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ******************************************************************** _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Short Ephermal Diffie-Hellman keys Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Short Ephermal Diffie-Hellman keys Mike
- Re: [TLS] Short Ephermal Diffie-Hellman keys Nelson B Bolyard
- Re: [TLS] Short Ephermal Diffie-Hellman keys Yngve N. Pettersen (Developer Opera Software ASA)
- RE: [TLS] Short Ephermal Diffie-Hellman keys Pasi.Eronen
- Re: [TLS] Short Ephermal Diffie-Hellman keys Dr Stephen Henson
- [TLS] Re: Short Ephermal Diffie-Hellman keys Simon Josefsson
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- Re: [TLS] Short Ephermal Diffie-Hellman keys jimmy
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- RE: [TLS] Re: Short Ephermal Diffie-Hellman keys Pasi.Eronen
- Re: [TLS] Short Ephermal Diffie-Hellman keys Dr Stephen Henson
- [TLS] Re: Short Ephermal Diffie-Hellman keys Simon Josefsson
- Re: [TLS] Short Ephermal Diffie-Hellman keys Nelson B Bolyard
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- Re: [TLS] Short Ephermal Diffie-Hellman keys Russ Housley
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- Re: [TLS] Short Ephermal Diffie-Hellman keys Peter Gutmann
- [TLS] RE: Short Ephermal Diffie-Hellman keys Pasi.Eronen
- Re: [TLS] Short Ephermal Diffie-Hellman keys Eric Rescorla
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- Re: [TLS] Short Ephermal Diffie-Hellman keys Russ Housley
- Re: [TLS] Short Ephermal Diffie-Hellman keys Bodo Moeller
- Re: [TLS] Short Ephermal Diffie-Hellman keys Russ Housley
- Re: [TLS] Short Ephermal Diffie-Hellman keys Peter Gutmann