Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS

Rene Struik <rstruik.ext@gmail.com> Fri, 13 August 2021 13:57 UTC

Return-Path: <rstruik.ext@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 427073A19D3 for <tls@ietfa.amsl.com>; Fri, 13 Aug 2021 06:57:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 197LY_Hrne_D for <tls@ietfa.amsl.com>; Fri, 13 Aug 2021 06:56:56 -0700 (PDT)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42CEA3A19CF for <tls@ietf.org>; Fri, 13 Aug 2021 06:56:56 -0700 (PDT)
Received: by mail-qt1-x832.google.com with SMTP id a12so8309541qtb.2 for <tls@ietf.org>; Fri, 13 Aug 2021 06:56:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:references:from:subject:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=klsPwIcN9opVLhVCan09kt+f8VIZ3YoFDmBmEClALkk=; b=lRF94RysQVS7EU1gwRXyOJZYmDCgU4155wQ/3Na0EUp49uUNp/ijB/Efs8WWg49+ZU vrGRbqn46OYYlWJ7zgpATldmByYP/B8x3JNsjrf5/pyinScvm+HX5mDkBm/kc5YpSAAj kXbCN0rBOqZyiffdJZ4SsZ7oX5prZY2tI1ysU21Q1zB0KIhIgK0OphVIVCD9B9l2CZz4 j/4Udz+A+nhqQRhC9d/V3p81xuOABVqyuRmpHgRZjXX4TzqYLWqjRTfGKe354UaIP/Nq yalLcxk6DOfgaWPHUH2Z9g4KCVk+znKVHXPaxrGlBQpf9yXV5SMZ5kLqdlbYaiSE19yz LfPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:references:from:subject:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=klsPwIcN9opVLhVCan09kt+f8VIZ3YoFDmBmEClALkk=; b=YZNcRi86f38dfjj/sjmW4cPmzjXwKhwJhnUUDngf2X84Q4ZVptCqPmG8NijyG/9Y1P eWbGBEtTZgmsRZRzhOWQ1Cs+XvgcehU+ETjBBAPHmMgfAYyKPlqtn7QmhBHdHBW5SF4i xBpclxuHJjhfa5sgbKUVKcmuAgeJ9KbEOY2gsXOwY0xJWWN62OvNRH1VhxNlYQzeYjPU NhHRdyUotDNSnyh0O+ELjQdoGdHl2CnJM0w8DKEaD3oAi4AJtKF4q273YyXOwQppwaQa XryFKj3vuk7HG0dHCM5Xtc2wGIBANOB752XnHYaki5WHreXyKlpWMEwPIl0Oxn+Yu2lK bkrw==
X-Gm-Message-State: AOAM533lvowtQXyv9dB++jVNwxj/JBXOQk/guA7vyoip1ZvgNR+dYKJn jgOK6OTqwF1kZ70z8bsj1zpZ3rDI0LeLxw==
X-Google-Smtp-Source: ABdhPJzWeM3arfU2IUhezAiVt4pbIOTY3LD4o9jgE6YBPlwbZgjfLDudCQWoajQH5BM8ZcDvLX/x+w==
X-Received: by 2002:ac8:4e33:: with SMTP id d19mr2073163qtw.197.1628863014285; Fri, 13 Aug 2021 06:56:54 -0700 (PDT)
Received: from ?IPv6:2607:fea8:8a0:1397:9d6f:54d9:9abe:cd1c? ([2607:fea8:8a0:1397:9d6f:54d9:9abe:cd1c]) by smtp.gmail.com with ESMTPSA id p16sm931761qkp.108.2021.08.13.06.56.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 13 Aug 2021 06:56:53 -0700 (PDT)
To: Joseph Salowey <joe@salowey.net>, tls@ietf.org
References: <CAOgPGoC4C0bWz0h0iyzGzMPEoDKAPv4euoOkmS+6Uuxncux4Zg@mail.gmail.com>
From: Rene Struik <rstruik.ext@gmail.com>
Message-ID: <cc9c9d9f-d6b1-3b93-1231-a9a9c34a7fcd@gmail.com>
Date: Fri, 13 Aug 2021 09:56:51 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <CAOgPGoC4C0bWz0h0iyzGzMPEoDKAPv4euoOkmS+6Uuxncux4Zg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------A68013A54F9D317FF3240041"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VGNwcstEPm6HcqkGE8lIZtNQvJI>
Subject: Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Aug 2021 13:57:01 -0000

Dear colleagues:

I think this document should absolutely *not* be adopted, without 
providing far more technical justification. The quoted Raccoon attack is 
an easy to mitigate attack (which has nothing to do with finite field 
groups, just with poor design choices of postprocessing, where one uses 
variable-size integer representations for a key). There are also good 
reasons to have key exchanges where one of the parties has a static key, 
whether ecc-based or ff-based (e.g., sni, opaque), for which secure 
implementations are known. No detail is provided and that alone should 
be sufficient reason to not adopt.

Rene

On 2021-07-29 5:50 p.m., Joseph Salowey wrote:
> This is a working group call for adoption for Deprecating FFDH(E) 
> Ciphersuites in TLS (draft-bartle-tls-deprecate-ffdhe-00 
> <https://datatracker.ietf.org/doc/draft-bartle-tls-deprecate-ffdhe/>). 
> We had a presentation for this draft at the IETF 110 meeting and since 
> it is a similar topic to the key exchange deprecation draft the chairs 
> want to get a sense if the working group wants to adopt this draft 
> (perhaps the drafts could be merged if both move forward).  Please 
> review the draft and post your comments to the list by Friday, August 
> 13, 2021.
>
> Thanks,
>
> The TLS chairs
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls


-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 287-3867