IETF Logo Mail Archive

Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group

Nikos Mavrogiannopoulos <nmav@redhat.com> Tue, 04 November 2014 19:24 UTC

Return-Path: <nmavrogi@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C0491A6FE8 for <tls@ietfa.amsl.com>; Tue, 4 Nov 2014 11:24:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.495
X-Spam-Level:
X-Spam-Status: No, score=-7.495 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.594, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWCfXryYFGHb for <tls@ietfa.amsl.com>; Tue, 4 Nov 2014 11:24:36 -0800 (PST)
Received: from mx3-phx2.redhat.com (mx3-phx2.redhat.com [209.132.183.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AE561A6FD4 for <tls@ietf.org>; Tue, 4 Nov 2014 11:24:36 -0800 (PST)
Received: from zmail22.collab.prod.int.phx2.redhat.com (zmail22.collab.prod.int.phx2.redhat.com [10.5.83.26]) by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id sA4JOZEh030775; Tue, 4 Nov 2014 14:24:35 -0500
Date: Tue, 04 Nov 2014 14:24:35 -0500
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Message-ID: <1752530545.4492650.1415129075696.JavaMail.zimbra@redhat.com>
In-Reply-To: <C42FF6DC-0C84-4519-861D-E70DFA80D446@vpnc.org>
References: <8E6B8F53-9E8C-46B2-A721-85E918576F3A@ieca.com> <C42FF6DC-0C84-4519-861D-E70DFA80D446@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.5.82.12]
X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF31 (Linux)/8.0.6_GA_5922)
Thread-Topic: STRAW POLL: Size of the Minimum FF DHE group
Thread-Index: 41R42FSzwRVmlyciHLZT1aa3qsU91w==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/VL26R8bllcVzcM1_zCSqoeuWXRM
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 19:24:37 -0000

----- Original Message -----
> 2048 to match the strength of the (likely) certificates in use.

That's not a good argument. If in 4 years the 2048-bit certificates
are broken, we can simply reissue stronger ones with no damage to past
sessions. If the 2048-bit DH can be broken, all the past sessions could
be read.

The DH parameters relate more to the security of the encryption function,
rather than the certificate's.

regards,
Nikos

v2.23.0 | Report a Bug | By Email