IETF Logo Mail Archive

Re: [TLS] draft on new TLS key exchange

Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 06 October 2011 01:46 UTC

Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D460E1F0C5E for <tls@ietfa.amsl.com>; Wed, 5 Oct 2011 18:46:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.061
X-Spam-Level:
X-Spam-Status: No, score=-3.061 tagged_above=-999 required=5 tests=[AWL=-0.462, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6uGS9jnftd8l for <tls@ietfa.amsl.com>; Wed, 5 Oct 2011 18:46:49 -0700 (PDT)
Received: from mx1.auckland.ac.nz (mx1.auckland.ac.nz [130.216.12.42]) by ietfa.amsl.com (Postfix) with ESMTP id DA4CC1F0C55 for <tls@ietf.org>; Wed, 5 Oct 2011 18:46:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1317865799; x=1349401799; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20dharkins@lounge.org,=20pgut001@cs.auckland.ac.nz |Subject:=20Re:=20[TLS]=20draft=20on=20new=20TLS=20key=20 exchange|Cc:=20dhalasz@intwineenergy.com,=20tls@ietf.org |In-Reply-To:=20<1a5b08230d13e530b3c88f645074caf8.squirre l@www.trepanning.net>|Message-Id:=20<E1RBd5l-0000Hy-7O@lo gin01.fos.auckland.ac.nz>|Date:=20Thu,=2006=20Oct=202011 =2014:49:45=20+1300; bh=Z5MDQ8diSD4wBpRz2Y98ld/W1A6t0FfLuNN+mc6zL1w=; b=clkUdJKebu4zo06A29kDNxesDO20sFrF0nkg2Ejj7wXswef31iQAFa/J 994rlDcEAdZJf8iJrj9xA2fDktwC1RkZeN16UjOmvYHTnQRuHVjCwXc8/ vDbaUIoIoIfSA9VtRTYbl1yDkQ4+QxY1Mf9V9X8JsUeM4c8KH1ha8Hdjf M=;
X-IronPort-AV: E=Sophos;i="4.68,495,1312113600"; d="scan'208";a="103741537"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx1-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 06 Oct 2011 14:49:45 +1300
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1RBd5l-0004se-H0; Thu, 06 Oct 2011 14:49:45 +1300
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1RBd5l-0000Hy-7O; Thu, 06 Oct 2011 14:49:45 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: dharkins@lounge.org, pgut001@cs.auckland.ac.nz
In-Reply-To: <1a5b08230d13e530b3c88f645074caf8.squirrel@www.trepanning.net>
Message-Id: <E1RBd5l-0000Hy-7O@login01.fos.auckland.ac.nz>
Date: Thu, 06 Oct 2011 14:49:45 +1300
Cc: tls@ietf.org, dhalasz@intwineenergy.com
Subject: Re: [TLS] draft on new TLS key exchange
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2011 01:46:49 -0000

"Dan Harkins" <dharkins@lounge.org> writes:

>  TLS-PSK: resistance to dictionary attack
>  TLS-SRP: elliptic curve support, divorcing domain parameter set from
>     the password

So it's a proposal that adds a few obscure geeky features to two existing
mechanisms that vendors have already decided not to adopt (wrongly, in my
opinion, but that doesn't change the lack of adoption).  Why would they
suddenly rush to support this one if they've ignored the other two (and a
string of earlier drafts along the same lines)?

(As a more general comment, this draft should be, if anything, an Experimental
and not a Standards-Track, given its context).

>I'm curious why you are not asking the authors of the SEED, Camellia, and
>Clefia drafts what those drafts give us that the AES ciphersuites don't
>already do.

Those three are fashion-statement RFCs whose reasons for existence have little
(if anything) to do with security.  Does that mean this draft is also a
fashion statement?

Peter.

v2.23.0 | Report a Bug | By Email