Re: [TLS] FFDHE and SHOULDs on usage
Martin Thomson <martin.thomson@gmail.com> Wed, 15 April 2015 19:05 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0BD91A883A for <tls@ietfa.amsl.com>; Wed, 15 Apr 2015 12:05:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JqqbLvxKexhX for <tls@ietfa.amsl.com>; Wed, 15 Apr 2015 12:05:27 -0700 (PDT)
Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D3CA1A87C0 for <tls@ietf.org>; Wed, 15 Apr 2015 12:05:27 -0700 (PDT)
Received: by oica37 with SMTP id a37so32814845oic.0 for <tls@ietf.org>; Wed, 15 Apr 2015 12:05:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=fapPiouiKIjJwFZo8Jn4e4bkfBchlrdRmi7z/5KLkMs=; b=fof4+ouxLdFQMS5Ec/MiGvdgoUiH1FKRnrK6/RhwRUBSnWgYg8zkhrP8pPrAs8881W BoKlrVbxl+dJYej7rfmuK/gGWNYKep5DovaD1Ays9YqfWdPldoXpbwClFaRyWlvTrfV9 L9cXNgHfDTN0ysTSrkuzisKB3APDFRMLv+SMeuvO2GyGSi1qr0fu/DwJcoVdY92OWMN2 fFG4vCK5l0ptyXQ2YlRpaM2W379mBzVMB0HLIuQfEGOvWnX/UuzFWbjE1Z+VAPwVW4Zt EWvJH4U627Iadal9Eg5Yvx9ZgOMSrO29H1Uel4u2PpB4pmxjS/L3dybrmDnDgn0otyR4 9Y+A==
MIME-Version: 1.0
X-Received: by 10.202.196.131 with SMTP id u125mr17140139oif.44.1429124726828; Wed, 15 Apr 2015 12:05:26 -0700 (PDT)
Received: by 10.202.212.212 with HTTP; Wed, 15 Apr 2015 12:05:26 -0700 (PDT)
In-Reply-To: <874mohqmk2.fsf@alice.fifthhorseman.net>
References: <CABkgnnVxLJhpm+vjUsaQTBGOQ7n=MDBiR3Pk+f7J0m_0rRGT+A@mail.gmail.com> <874mohqmk2.fsf@alice.fifthhorseman.net>
Date: Wed, 15 Apr 2015 12:05:26 -0700
Message-ID: <CABkgnnXJWv_-NQBJD_hT5p8V7gpBeQTOatirShSpi8wQ5=HB4A@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Vxhwkv742o_5oDJ-tVtd8Zt7dY0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] FFDHE and SHOULDs on usage
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 19:05:29 -0000
On 15 April 2015 at 11:22, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > - <t>A client that offers any of these values in the elliptic_curves > - extension SHOULD ALSO include at least one FFDHE ciphersuite in > - the Client Hello.</t> > + <t>A client that offers a "Supported Groups" extension > + containing an FFDHE group should also include at least one FFDHE > + ciphersuite in the Client Hello.</t> I apologize for not completing the It's been a while, so I went back and re-read this little bit, prompted largely by your choice to move to a lowercase should: The compatible client that wants to be able to negotiate strong FFDHE SHOULD send a "Supported Groups" extension (identified by type elliptic_curves(10) in [RFC4492]) in the ClientHello, and include a list of known FFDHE groups in the extension data, ordered from most preferred to least preferred. If the client also supports and wants to offer ECDHE key exchange, it MUST use a single "Supported Groups" extension to include all supported groups (both ECDHE and FFDHE groups). The ordering SHOULD be based on client preference, but see Section 6.1 for more nuance. A client that offers any of these values in the elliptic_curves extension SHOULD ALSO include at least one FFDHE ciphersuite in the Client Hello. This is a little over-2119-y for me. How about: """ A client that wants to negotiatiate strong FFDHE sends a ClientHello containing a cipher suite that uses DHE key exchange and a "Supported Groups" extension (identified by ...). The "Supported Groups" extension contains the FFDHE groups the client will accept. If the client also intends to accept ECDHE key exchange, the same "Supported Groups" extension is used for both FFDHE and ECDHE groups. Groups are ordered based on client preference, noting the additional ordering considerations in Section 6.1. """
- [TLS] FFDHE and SHOULDs on usage Martin Thomson
- Re: [TLS] FFDHE and SHOULDs on usage Bodo Moeller
- Re: [TLS] FFDHE and SHOULDs on usage Martin Thomson
- Re: [TLS] FFDHE and SHOULDs on usage Daniel Kahn Gillmor
- Re: [TLS] FFDHE and SHOULDs on usage Martin Thomson
- [TLS] please review (was: Re: FFDHE and SHOULDs o… Sean Turner
- Re: [TLS] FFDHE and SHOULDs on usage Daniel Kahn Gillmor
- Re: [TLS] FFDHE and SHOULDs on usage Martin Thomson
- Re: [TLS] FFDHE and SHOULDs on usage Martin Rex
- Re: [TLS] FFDHE and SHOULDs on usage Andrey Jivsov
- Re: [TLS] FFDHE and SHOULDs on usage Thijs van Dijk
- Re: [TLS] FFDHE and SHOULDs on usage Hubert Kario