Re: [TLS] ECDH_anon
Nikos Mavrogiannopoulos <nmav@redhat.com> Wed, 27 January 2016 08:13 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79C8D1B35A5 for <tls@ietfa.amsl.com>; Wed, 27 Jan 2016 00:13:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2MOaKS6Q4f9D for <tls@ietfa.amsl.com>; Wed, 27 Jan 2016 00:13:37 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 254411B359F for <tls@ietf.org>; Wed, 27 Jan 2016 00:13:37 -0800 (PST)
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (Postfix) with ESMTPS id 9C85F1C5F59; Wed, 27 Jan 2016 08:13:36 +0000 (UTC)
Received: from dhcp-10-40-2-235.brq.redhat.com (dhcp-10-40-2-235.brq.redhat.com [10.40.2.235]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u0R8DYjA000959 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 27 Jan 2016 03:13:35 -0500
Message-ID: <1453882414.26912.3.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Martin Thomson <martin.thomson@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Date: Wed, 27 Jan 2016 09:13:34 +0100
In-Reply-To: <CABkgnnXqH6MX=q+jKoOoDeWg3MGSvd0P3GNVTHPthq9OqwSMMg@mail.gmail.com>
References: <CABkgnnXqH6MX=q+jKoOoDeWg3MGSvd0P3GNVTHPthq9OqwSMMg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/OfC85fg_H_H-xybBE2Eo7PECW6k>
Subject: Re: [TLS] ECDH_anon
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 08:13:38 -0000
On Wed, 2016-01-27 at 14:51 +1100, Martin Thomson wrote: > 4472bis has a TBD regarding a missing "E" in the name of ECDHE_anon > cipher suites. > > I raised an issue: https://github.com/tlswg/rfc4492bis/issues/17 My understanding of DH_anon and ECDH_anon is that they were made to be used with static keys so even though anonymous one could verify that he connected to the same server by checking the server's keys. I don't believe anyone actually implemented that mode (I'm mostly speculating) and most of the anon usage is with ephemeral keys, thus this proposal makes sense. However if the name is changed to underline the ephemeral part, it would be nice to document the change of the intended purpose of these ciphersuites. regards, Nikos
- [TLS] ECDH_anon Martin Thomson
- Re: [TLS] ECDH_anon Yoav Nir
- Re: [TLS] ECDH_anon Nikos Mavrogiannopoulos
- Re: [TLS] ECDH_anon Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] ECDH_anon Martin Thomson
- Re: [TLS] ECDH_anon Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] ECDH_anon Dan Harkins
- Re: [TLS] ECDH_anon Martin Thomson
- Re: [TLS] ECDH_anon Bodo Moeller
- Re: [TLS] ECDH_anon Dan Harkins