IETF Logo Mail Archive

Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis

Sean Turner <turners@ieca.com> Sat, 15 November 2014 22:13 UTC

Return-Path: <turners@ieca.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F261E1A8890 for <tls@ietfa.amsl.com>; Sat, 15 Nov 2014 14:13:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Level:
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BarYZ_yaOBkU for <tls@ietfa.amsl.com>; Sat, 15 Nov 2014 14:13:10 -0800 (PST)
Received: from gateway02.websitewelcome.com (gateway02.websitewelcome.com [69.41.242.20]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D4061A032D for <tls@ietf.org>; Sat, 15 Nov 2014 14:13:10 -0800 (PST)
Received: by gateway02.websitewelcome.com (Postfix, from userid 5007) id DA08C6F6879E6; Sat, 15 Nov 2014 16:13:09 -0600 (CST)
Received: from gator3286.hostgator.com (gator3286.hostgator.com [198.57.247.250]) by gateway02.websitewelcome.com (Postfix) with ESMTP id BED786F6879C0 for <tls@ietf.org>; Sat, 15 Nov 2014 16:13:09 -0600 (CST)
Received: from [198.180.150.142] (port=51102 helo=v142.vpn.iad.rg.net) by gator3286.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.82) (envelope-from <turners@ieca.com>) id 1Xplae-0006SX-TN; Sat, 15 Nov 2014 16:13:09 -0600
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Sean Turner <turners@ieca.com>
In-Reply-To: <13DDAE38-237C-4130-A9D9-26B3B67851B2@gmail.com>
Date: Sat, 15 Nov 2014 12:13:06 -1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <407A316F-DC9B-47BC-8329-FE14CB3CADA6@ieca.com>
References: <AA93BAA4-5C5F-4969-8DF6-A83287D80F6D@ieca.com> <1415696437.1938.6.camel@dhcp-2-127.brq.redhat.com> <13DDAE38-237C-4130-A9D9-26B3B67851B2@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator3286.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-IP: 198.180.150.142
X-Exim-ID: 1Xplae-0006SX-TN
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (v142.vpn.iad.rg.net) [198.180.150.142]:51102
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 6
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IzMjg2Lmhvc3RnYXRvci5jb20=
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/QccXcTuT9etbOZq6ogC6XLXHP8Q
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Nov 2014 22:13:12 -0000

On Nov 10, 2014, at 23:58, Yoav Nir <ynir.ietf@gmail.com> wrote:

>> 
>> On Nov 10, 2014, at 11:00 PM, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote:
>> 
>> On Mon, 2014-11-10 at 17:17 -1000, Sean Turner wrote:
>>> All,
>>> 
>>> This message is confirming the WG consensus we reached in Toronto about producing an updated RFC4492 that is bound for standard track.* Yoav has produced an individual draft that can be found here:
>>> 
>>> http://datatracker.ietf.org/doc/draft-nir-tls-rfc4492bis/
>>> 
>>> that we would like the WG to consider adopting.  Please let us know by November 18th whether you object to adopting Yoav’s draft (and why).
>> 
>> Two points:
>> 1. This document includes fixed ECDH ciphersuites (ECDH_RSA,
>> ECDH_ECDSA). Given they have 0 deployment on the internet, the question
>> is why? What are the practical use cases of these ciphersuites and why
>> should they be defined in a standards track document.
>> 
>> 2. This document includes arbitrary curve support. What is the rationale
>> for including that as no implementations support that [0], and even for
>> DH we are switching from arbitrary to named groups as well (I also
>> ignore the known attacks for this option).
>> 
>> Unless there is sufficient argumentation and applicability for the
>> above, I support the document only with the above removed.
> 
> Hi, Nikos
> 
> The current draft is pretty much a copy of RFC 4492. The intent is to match whatever decision the WG will make for TLS 1.3.
> 
> So the changes that you suggest will be made after the document is adopted (either in the -00 or -01 version, whichever way the chairs prefer it). 
> 
> Following Sunday’s interim, we’re also likely to remove all the defined curves weaker than P-256 (or maybe P-224 to match the strength of 3DES, although I’m not in favor)
> 
> We are also likely to deprecate point format negotiation. We won’t remove it for TLS 1.2, just mandate non-compressed format for existing curves)
> 
> And when CFRG recommends a new curve, we will add it to this one.
> 
> So this document is in no way in its final form.
> 
> The question before the working group now is whether we want such a document that obsolete 4492 and aligns EC for TLS 1.2 with what we want for 1.3, or if we don’t.
> 
> Hope this clarifies the situation
> 
> Yoav

The idea is that the -00 version is pretty much 4492 so that every change we make will be easily tracked in the diffs.

spt (as chair)

v2.23.0 | Report a Bug | By Email