Re: [TLS] Early code point assignment for draft-ietf-tls-curve25519-01
Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 11 January 2016 07:29 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 033BA1A8732 for <tls@ietfa.amsl.com>; Sun, 10 Jan 2016 23:29:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.799
X-Spam-Level:
X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3QWOknESmkZC for <tls@ietfa.amsl.com>; Sun, 10 Jan 2016 23:29:02 -0800 (PST)
Received: from welho-filter3.welho.com (welho-filter3.welho.com [83.102.41.25]) by ietfa.amsl.com (Postfix) with ESMTP id 81FE01A8733 for <tls@ietf.org>; Sun, 10 Jan 2016 23:29:02 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id EE9FC326; Mon, 11 Jan 2016 09:29:00 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id x54-W5vo6RTL; Mon, 11 Jan 2016 09:29:00 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-35-116.bb.dnainternet.fi [87.92.35.116]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 0657F230D; Mon, 11 Jan 2016 09:29:00 +0200 (EET)
Date: Mon, 11 Jan 2016 09:28:57 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Joseph Salowey <joe@salowey.net>
Message-ID: <20160111072857.GA12169@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CAOgPGoBsRXrxMyu2LHk-Uvimg5NArdKa03xNp45aLP9SOPezyw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAOgPGoBsRXrxMyu2LHk-Uvimg5NArdKa03xNp45aLP9SOPezyw@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: ilariliusvaara@welho.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/P1C8ndab_SI0-Bdy0dBUOczL6CY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Early code point assignment for draft-ietf-tls-curve25519-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2016 07:29:05 -0000
On Sun, Jan 10, 2016 at 07:53:08PM -0800, Joseph Salowey wrote: > Please respond if you have concern about early code point assignment for > the curves listed in draft-ietf-tls-curve25519-01 > <https://tools.ietf.org/html/draft-ietf-tls-curve25519-01>. Wasn't that document effectively merged to RFC4492bis? Also, one contention point in recent thread has seemed how to deal with THS. Basically, in the basic variant, there is a check (specified as MUST) that partially mitigates THS (without EMS) to the level of P-256 (and to level stronger than P-384 for X448). But if omitted, THS attacks are easy (assuming no EMS). I did look at if it would be possible to modify PMS derivation to render it immune to THS without requiring any checks nor touching MS derivation. The answer turned out to be negative (through some variants, like the SHA512(A|B|DH(A,B)) one were impossible to exploit given some reasonable-sounding extra assumptions).. -Ilari
- [TLS] Early code point assignment for draft-ietf-… Joseph Salowey
- Re: [TLS] Early code point assignment for draft-i… Ilari Liusvaara
- Re: [TLS] Early code point assignment for draft-i… Ilari Liusvaara
- Re: [TLS] Early code point assignment for draft-i… Watson Ladd
- Re: [TLS] Early code point assignment for draft-i… Ilari Liusvaara
- Re: [TLS] Early code point assignment for draft-i… Simon Josefsson