Re: [TLS] AD review of draft-ietf-tls-chacha20-poly1305-04
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 10 March 2016 20:18 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 793D012DCC6 for <tls@ietfa.amsl.com>; Thu, 10 Mar 2016 12:18:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id goq2HZB-pCly for <tls@ietfa.amsl.com>; Thu, 10 Mar 2016 12:18:50 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1241C12DC87 for <tls@ietf.org>; Thu, 10 Mar 2016 12:12:35 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 4E2F0284F26; Thu, 10 Mar 2016 20:12:29 +0000 (UTC)
Date: Thu, 10 Mar 2016 20:12:29 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20160310201229.GG10917@mournblade.imrryr.org>
References: <56E1CE06.3020705@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <56E1CE06.3020705@cs.tcd.ie>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/UcyrfFnf4GcgB4WYhHlyjbXVIz4>
Subject: Re: [TLS] AD review of draft-ietf-tls-chacha20-poly1305-04
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 20:18:51 -0000
On Thu, Mar 10, 2016 at 07:41:58PM +0000, Stephen Farrell wrote: > My question is: Should the WG take the opportunity to more > tightly define the key exchange parameters for these > ciphersuites? > > For example, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 could > REQUIRE RSA keys with >=2048 bit moduli and one could go > further and say that this also REQUIRES use of specific > integer DH groups. I think that enforcing such a requirement for just new cipher-suites would be counterproductive. If a server has a 1024-bit RSA certificate or is configured with 1024-bit DH parameters, should it not offer CHACHA20, and restrict the client to AES or 3DES which don't have that contraint? What does that achieve? Or should the server go ahead with CHACHA20 and then the client refuse? I think it makes more sense to set such floors on a per-protocol basis (TLS 1.3, ...) than a per-cipher-suite basis. -- Viktor.
- [TLS] AD review of draft-ietf-tls-chacha20-poly13… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-chacha20-po… Viktor Dukhovni
- Re: [TLS] AD review of draft-ietf-tls-chacha20-po… Dave Garrett
- Re: [TLS] AD review of draft-ietf-tls-chacha20-po… Yoav Nir
- Re: [TLS] AD review of draft-ietf-tls-chacha20-po… Stephen Farrell