Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
Rene Struik <rstruik.ext@gmail.com> Fri, 13 August 2021 13:57 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 427073A19D3 for <tls@ietfa.amsl.com>; Fri, 13 Aug 2021 06:57:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 197LY_Hrne_D for <tls@ietfa.amsl.com>; Fri, 13 Aug 2021 06:56:56 -0700 (PDT)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42CEA3A19CF for <tls@ietf.org>; Fri, 13 Aug 2021 06:56:56 -0700 (PDT)
Received: by mail-qt1-x832.google.com with SMTP id a12so8309541qtb.2 for <tls@ietf.org>; Fri, 13 Aug 2021 06:56:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:references:from:subject:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=klsPwIcN9opVLhVCan09kt+f8VIZ3YoFDmBmEClALkk=; b=lRF94RysQVS7EU1gwRXyOJZYmDCgU4155wQ/3Na0EUp49uUNp/ijB/Efs8WWg49+ZU vrGRbqn46OYYlWJ7zgpATldmByYP/B8x3JNsjrf5/pyinScvm+HX5mDkBm/kc5YpSAAj kXbCN0rBOqZyiffdJZ4SsZ7oX5prZY2tI1ysU21Q1zB0KIhIgK0OphVIVCD9B9l2CZz4 j/4Udz+A+nhqQRhC9d/V3p81xuOABVqyuRmpHgRZjXX4TzqYLWqjRTfGKe354UaIP/Nq yalLcxk6DOfgaWPHUH2Z9g4KCVk+znKVHXPaxrGlBQpf9yXV5SMZ5kLqdlbYaiSE19yz LfPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:references:from:subject:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=klsPwIcN9opVLhVCan09kt+f8VIZ3YoFDmBmEClALkk=; b=YZNcRi86f38dfjj/sjmW4cPmzjXwKhwJhnUUDngf2X84Q4ZVptCqPmG8NijyG/9Y1P eWbGBEtTZgmsRZRzhOWQ1Cs+XvgcehU+ETjBBAPHmMgfAYyKPlqtn7QmhBHdHBW5SF4i xBpclxuHJjhfa5sgbKUVKcmuAgeJ9KbEOY2gsXOwY0xJWWN62OvNRH1VhxNlYQzeYjPU NhHRdyUotDNSnyh0O+ELjQdoGdHl2CnJM0w8DKEaD3oAi4AJtKF4q273YyXOwQppwaQa XryFKj3vuk7HG0dHCM5Xtc2wGIBANOB752XnHYaki5WHreXyKlpWMEwPIl0Oxn+Yu2lK bkrw==
X-Gm-Message-State: AOAM533lvowtQXyv9dB++jVNwxj/JBXOQk/guA7vyoip1ZvgNR+dYKJn jgOK6OTqwF1kZ70z8bsj1zpZ3rDI0LeLxw==
X-Google-Smtp-Source: ABdhPJzWeM3arfU2IUhezAiVt4pbIOTY3LD4o9jgE6YBPlwbZgjfLDudCQWoajQH5BM8ZcDvLX/x+w==
X-Received: by 2002:ac8:4e33:: with SMTP id d19mr2073163qtw.197.1628863014285; Fri, 13 Aug 2021 06:56:54 -0700 (PDT)
Received: from ?IPv6:2607:fea8:8a0:1397:9d6f:54d9:9abe:cd1c? ([2607:fea8:8a0:1397:9d6f:54d9:9abe:cd1c]) by smtp.gmail.com with ESMTPSA id p16sm931761qkp.108.2021.08.13.06.56.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 13 Aug 2021 06:56:53 -0700 (PDT)
To: Joseph Salowey <joe@salowey.net>, tls@ietf.org
References: <CAOgPGoC4C0bWz0h0iyzGzMPEoDKAPv4euoOkmS+6Uuxncux4Zg@mail.gmail.com>
From: Rene Struik <rstruik.ext@gmail.com>
Message-ID: <cc9c9d9f-d6b1-3b93-1231-a9a9c34a7fcd@gmail.com>
Date: Fri, 13 Aug 2021 09:56:51 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <CAOgPGoC4C0bWz0h0iyzGzMPEoDKAPv4euoOkmS+6Uuxncux4Zg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------A68013A54F9D317FF3240041"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VGNwcstEPm6HcqkGE8lIZtNQvJI>
Subject: Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Aug 2021 13:57:01 -0000
Dear colleagues: I think this document should absolutely *not* be adopted, without providing far more technical justification. The quoted Raccoon attack is an easy to mitigate attack (which has nothing to do with finite field groups, just with poor design choices of postprocessing, where one uses variable-size integer representations for a key). There are also good reasons to have key exchanges where one of the parties has a static key, whether ecc-based or ff-based (e.g., sni, opaque), for which secure implementations are known. No detail is provided and that alone should be sufficient reason to not adopt. Rene On 2021-07-29 5:50 p.m., Joseph Salowey wrote: > This is a working group call for adoption for Deprecating FFDH(E) > Ciphersuites in TLS (draft-bartle-tls-deprecate-ffdhe-00 > <https://datatracker.ietf.org/doc/draft-bartle-tls-deprecate-ffdhe/>). > We had a presentation for this draft at the IETF 110 meeting and since > it is a similar topic to the key exchange deprecation draft the chairs > want to get a sense if the working group wants to adopt this draft > (perhaps the drafts could be merged if both move forward). Please > review the draft and post your comments to the list by Friday, August > 13, 2021. > > Thanks, > > The TLS chairs > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
- [TLS] Adoption call for Deprecating FFDH(E) Ciphe… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Martin Thomson
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Martin Thomson
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Ilari Liusvaara
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Viktor Dukhovni
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Viktor Dukhovni
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Benjamin Kaduk
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… David Benjamin
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Eric Rescorla
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Loganaden Velvindron
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Benjamin Kaduk
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Dan Brown
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Peter Gutmann
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Nimrod Aviram
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rob Sayre
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Nimrod Aviram
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rob Sayre
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich