Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt
Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 24 October 2014 14:55 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 621691A19FB for <tls@ietfa.amsl.com>; Fri, 24 Oct 2014 07:55:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V725zfIb2cn1 for <tls@ietfa.amsl.com>; Fri, 24 Oct 2014 07:55:14 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D0931A19F5 for <tls@ietf.org>; Fri, 24 Oct 2014 07:55:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1414162514; x=1445698514; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=x3uVshf8hqhFGnS7R/7XnDECsn9lP35/DXARIdTpKk4=; b=AING0CzuhelpDwvCsxWgLcRmabXHC0mWLRUzXpnc3nLbGNQ+BKEBNYRa QcHq5Zadex64iC2kmWEICe9LFnv2Qefvi/inKT51F7SFn6qWAF+F5WtUz T04dhch7KV7DJtXxbALidFlKl+tubZobhSgtEGmYY85r+jbEc2rgvEEDS o=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="285575133"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 25 Oct 2014 03:55:12 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.15]) by uxchange10-fe2.UoA.auckland.ac.nz ([169.254.27.86]) with mapi id 14.03.0174.001; Sat, 25 Oct 2014 03:55:11 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt
Thread-Index: Ac/vmoJJUv7rjslASuKMt2weVdQL5w==
Date: Fri, 24 Oct 2014 14:55:10 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C739B9D77B4@uxcn10-5.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/RYhFSzkg_5s7aS4G8r3Y9UPT7u4
Subject: Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 14:55:21 -0000
Alyssa Rowan <akr@akr.io> writes: >>Shorter groups are still required for embedded devices. > >With respect, no, they aren't. 256-bit ECDHE is --> that way. Don't use 1024- >bit DHE; use 256-bit ECDHE. More security, more speed, less size; ... and the need to implement an entirely new type of crypto on a constrained device with a ten-year product cycle for which the crypto development budget, now that it's already been deployed for several years, is $2.50. Revving the firmware on new products to support a new TLS extension for EDH indication will probably happen at some point. Re-doing the crypto to implement and support ECC may happen in five to ten years, if there's enough code space in the flash. >No, it's blessing them even to list them. People will probably implement what >we specify. So put in a note saying that use isn't recommended. This isn't a bunch of Windows PCs with automatic update turned on, its unknown millions of embedded devices whose firmware is updated when the device falls apart and gets replaced, and for which you may get away with a small tweak from time to time but can't do any significant re-engineering once it's type-approved ("it works, don't touch it any more"). >Technology marches on, I'm afraid; key sizes need to march on too. 768 and >1024 are crackable today by any reasonably well-funded adversary with access >to a chip fab, as you well know; ... who probably won't be using that capability to attack a power meter, or a flow monitor. This isn't protecting nuclear weapons launch facilities, it's for remote monitoring of fluid flows, or power metering, or a million other SCADA applications that merely need better-than-nothing security. Being able to say "only use this DH group" is an improvement on current practice in which anything is accepted. >Keep the groups to >= 2048-bit, please. So you're producing an RFC which will automatically be ignored, in fact which will *have* to be ignored, by a significant market segment, and they'll stay with their existing unverified DH. The RFC will then have completely failed to achieve what it's intended to achieve. Peter.
- [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dh… internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Alyssa Rowan
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Manuel Pégourié-Gonnard
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Geoffrey Keating
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Alyssa Rowan
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Stephen Checkoway
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Watson Ladd
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Ilari Liusvaara
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Henrick Hellström
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Daniel Kahn Gillmor
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Viktor Dukhovni
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Peter Gutmann
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Nikos Mavrogiannopoulos
- Re: [TLS] I-D Action: draft-ietf-tls-negotiated-f… Hubert Kario