Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt
Nikos Mavrogiannopoulos <nmav@redhat.com> Sun, 26 October 2014 07:09 UTC
Return-Path: <nmavrogi@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 887C61A6FE2 for <tls@ietfa.amsl.com>; Sun, 26 Oct 2014 00:09:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qMedMhQ80Ww5 for <tls@ietfa.amsl.com>; Sun, 26 Oct 2014 00:09:35 -0700 (PDT)
Received: from mx3-phx2.redhat.com (mx3-phx2.redhat.com [209.132.183.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A0FE1A6FD7 for <tls@ietf.org>; Sun, 26 Oct 2014 00:09:35 -0700 (PDT)
Received: from zmail22.collab.prod.int.phx2.redhat.com (zmail22.collab.prod.int.phx2.redhat.com [10.5.83.26]) by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id s9Q79Xpm023830; Sun, 26 Oct 2014 03:09:34 -0400
Date: Sun, 26 Oct 2014 03:09:33 -0400
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: henrick@streamsec.se
Message-ID: <1749574094.84536.1414307373087.JavaMail.zimbra@redhat.com>
In-Reply-To: <544C1BC3.5060204@streamsec.se>
References: <20141011044948.27553.93984.idtracker@ietfa.amsl.com> <5438B82B.6090600@fifthhorseman.net> <544BD3BF.9030702@streamsec.se> <1682594903.63043.1414266713793.JavaMail.zimbra@redhat.com> <544C1BC3.5060204@streamsec.se>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.5.82.6]
X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF29 (Linux)/8.0.6_GA_5922)
Thread-Topic: I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt
Thread-Index: ziswt5GOEhOrL6X3rltmMDEqe3CvWg==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/PFqK4n0pqxM23_sWWKiVtbaAGtE
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Oct 2014 07:09:37 -0000
----- Original Message ----- > On 2014-10-25 21:51, Nikos Mavrogiannopoulos wrote: > >> It seems to me the the recommended Client Behavior and Server Behavior > >> has to be simplified and strengthened, in order for the standard to meet > >> the security objectives. > > > > Could you elaborate on which security objectives are you referring to? > > Second paragraph of section 6.3 Arbitrary groups: > > > Note that in several known attacks against TLS and SSL > > [SECURE-RESUMPTION] [CROSS-PROTOCOL] [SSL3-ANALYSIS], a malicious > > server uses a deliberately broken FFDHE group to impersonate the > > client to a different server." > > > > What is the advantage of that proposal? It is more complex, and a security > > protocol should strive for simplicity. > > In my view, the current draft leads to a lot more complex > implementations, compared to my proposal. Ok, I now understand your point. You suggest using the extension but then keeping the exact same server key exchange message. That was the initial approach of the draft if I remember well. To be honest I don't see that to be a lot more complex, and the complexity on the same level as supporting ECDH with named groups and arbitrary groups, which was deemed reasonable for ECDH. Consistency (with ECDH) is also another reason to keep the code paths separated. Note also, that the current approach will simplify a lot an implementation that doesn't want to keep the old DHE key exchange with arbitrary groups (and unlike the other key exchanges in TLS, DHE was the most problematic compatibility-wise so I guess many small implementations would be more than happy to drop it). regards, Nikos
- [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dh… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Alyssa Rowan
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Manuel Pégourié-Gonnard
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Geoffrey Keating
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Alyssa Rowan
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Stephen Checkoway
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Hubert Kario