IETF Logo Mail Archive

Re: [TLS] Early code point assignment for draft-ietf-tls-curve25519-01

Ilari Liusvaara <ilariliusvaara@welho.com> Mon, 11 January 2016 07:29 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 033BA1A8732 for <tls@ietfa.amsl.com>; Sun, 10 Jan 2016 23:29:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.799
X-Spam-Level:
X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3QWOknESmkZC for <tls@ietfa.amsl.com>; Sun, 10 Jan 2016 23:29:02 -0800 (PST)
Received: from welho-filter3.welho.com (welho-filter3.welho.com [83.102.41.25]) by ietfa.amsl.com (Postfix) with ESMTP id 81FE01A8733 for <tls@ietf.org>; Sun, 10 Jan 2016 23:29:02 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id EE9FC326; Mon, 11 Jan 2016 09:29:00 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id x54-W5vo6RTL; Mon, 11 Jan 2016 09:29:00 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-35-116.bb.dnainternet.fi [87.92.35.116]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 0657F230D; Mon, 11 Jan 2016 09:29:00 +0200 (EET)
Date: Mon, 11 Jan 2016 09:28:57 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Joseph Salowey <joe@salowey.net>
Message-ID: <20160111072857.GA12169@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CAOgPGoBsRXrxMyu2LHk-Uvimg5NArdKa03xNp45aLP9SOPezyw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAOgPGoBsRXrxMyu2LHk-Uvimg5NArdKa03xNp45aLP9SOPezyw@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: ilariliusvaara@welho.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/P1C8ndab_SI0-Bdy0dBUOczL6CY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Early code point assignment for draft-ietf-tls-curve25519-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2016 07:29:05 -0000

On Sun, Jan 10, 2016 at 07:53:08PM -0800, Joseph Salowey wrote:
> Please respond if you have concern about early code point assignment for
> the curves listed in draft-ietf-tls-curve25519-01
> <https://tools.ietf.org/html/draft-ietf-tls-curve25519-01>.

Wasn't that document effectively merged to RFC4492bis?

Also, one contention point in recent thread has seemed how to deal
with THS. Basically, in the basic variant, there is a check (specified
as MUST) that partially mitigates THS (without EMS) to the level of
P-256 (and to level stronger than P-384 for X448). But if omitted, THS
attacks are easy (assuming no EMS).


I did look at if it would be possible to modify PMS derivation to
render it immune to THS without requiring any checks nor touching
MS derivation. The answer turned out to be negative (through some
variants, like the SHA512(A|B|DH(A,B)) one were impossible to
exploit given some reasonable-sounding extra assumptions)..


-Ilari

v2.23.0 | Report a Bug | By Email