IETF Logo Mail Archive

Re: [TLS] AD review of draft-ietf-tls-negotiated-ff-dhe-08

Geoffrey Keating <geoffk@geoffk.org> Fri, 03 April 2015 20:46 UTC

Return-Path: <geoffk@geoffk.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C13811A037D for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 13:46:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.295
X-Spam-Level: **
X-Spam-Status: No, score=2.295 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id chSxUi_ui5kb for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 13:46:26 -0700 (PDT)
Received: from dragaera.releasedominatrix.com (unknown [198.0.208.83]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 438421A037B for <tls@ietf.org>; Fri, 3 Apr 2015 13:46:26 -0700 (PDT)
Received: by dragaera.releasedominatrix.com (Postfix, from userid 501) id 6908533D29F; Fri, 3 Apr 2015 20:46:25 +0000 (UTC)
Sender: geoffk@localhost.localdomain
To: mrex@sap.com
References: <551BBD6F.2070507@cs.tcd.ie> <20150402020517.DBBDF1B25A@ld9781.wdf.sap.corp>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: Fri, 03 Apr 2015 13:46:25 -0700
In-Reply-To: <20150402020517.DBBDF1B25A@ld9781.wdf.sap.corp>
Message-ID: <m24mox0wke.fsf@localhost.localdomain>
Lines: 23
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/UcWvK7BXZdt2Ha-RXhHQj20L60g>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] AD review of draft-ietf-tls-negotiated-ff-dhe-08
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 20:46:29 -0000

mrex@sap.com (Martin Rex) writes:
> >Martin Rex wrote:
> >> RFC4492 contains the following explicit prohibition (Section 4, 4th paragr.):
> >> 
> >>    https://tools.ietf.org/html/rfc4492#section-4
> >> 
> >> 
> >>    The client MUST NOT include these extensions in the ClientHello
> >>    message if it does not propose any ECC cipher suites. 

> The result is, that there may easily exist server implementation of rfc4492
> which abort the TLS handshake when they receive a TLS ClientHello with
> the TLS ECC named_curve extension (and only ffdhe named curves in it)
> but no accompanying ECC cipher suites in the ClientHello cipher_suites_list,
> and that interoperability failure OUGHT to be avoided.  REALLY.

There's no way an implementation can be sure there are no ECC cipher
suites proposed unless it recognizes every proposed cipher suite, and
I understand that elsewhere we're proposing a complete redesign of the
cipher suites so there will always be cipher suites that a pre-1.3
implementation does not recognize.

Implementations could be buggy, of course---but that's always true.

v2.23.0 | Report a Bug | By Email