IETF Logo Mail Archive

Re: [TLS] Why are the brainpool curves not allowed in TLS 1.3?

"Salz, Rich" <rsalz@akamai.com> Wed, 18 July 2018 17:37 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D98DC130E3E for <tls@ietfa.amsl.com>; Wed, 18 Jul 2018 10:37:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6FGSxOn0bGJh for <tls@ietfa.amsl.com>; Wed, 18 Jul 2018 10:37:35 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 013B8130E3B for <tls@ietf.org>; Wed, 18 Jul 2018 10:37:34 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w6IHW3VJ028497; Wed, 18 Jul 2018 18:37:32 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=QkiZSTK+gsgyLoQKMietAVgDrsSAYGVcj6VTe9HTZ9g=; b=F+In14W5rhXyd3SA9fb6p3/CetFJH/bGybWup53Lb2foSw7tVyhQtfpLpl2OOrpV/GxR R26EwjLRy2ZtDO1ZcOV8TT+tHJkwUOuRiKvrnCG1MmF2fFv2cKXDIsiqgEcrcXntfsJ+ 36UG/6xrMU39tdFDKC6wNlM5fLGmzPfbblEAXezIJzyBYI+Fndi+AfU1xyzn3e8JcOvp 8GhjsxbvUKZCypzlGCM0ATA38OwTNGeW04PVwG+7HaQ0AJ+ve2bKo2XM7mWsFTGfmvSj HfRkTUz9yKdZFZ+EPzkM4r8f+4jAkdnDZIBQcrEnORWA3K0x0AtqGmOpC6clWGD/M3+I sw==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by m0050102.ppops.net-00190b01. with ESMTP id 2k9ps72q3n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jul 2018 18:37:32 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w6IHYiSr012245; Wed, 18 Jul 2018 13:37:31 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint1.akamai.com with ESMTP id 2k7cgugwy5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 18 Jul 2018 13:37:31 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Wed, 18 Jul 2018 13:37:30 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1365.000; Wed, 18 Jul 2018 13:37:30 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "Bruckert, Leonie" <Leonie.Bruckert@secunet.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Why are the brainpool curves not allowed in TLS 1.3?
Thread-Index: AdQdyutxd5brAeCrTvCBnUE+fi65pAALHowA///OLCuAAEQ9AIABKxEAgAAnlQCAAF9LAP//x8YAgAABFIA=
Date: Wed, 18 Jul 2018 17:37:29 +0000
Message-ID: <A2AB0D16-DC08-48BB-B3BD-34DAF5D03DF4@akamai.com>
References: <DE8E4C1F24911E469CC24DD4819274AA2770426C@mail-essen-01.secunet.de> <CABcZeBNjsU+FLdF7nnfhaqLWDNU5HHcX-W_261wmAfWqmMqm+w@mail.gmail.com> <1531903926363.56642@cs.auckland.ac.nz> <2386527.GkuWJfRkxc@pintsize.usersys.redhat.com> <DE8E4C1F24911E469CC24DD4819274AA27734B81@mail-essen-01.secunet.de> <1980F0B3-65DB-48F7-B898-3389731C8125@akamai.com>
In-Reply-To: <1980F0B3-65DB-48F7-B898-3389731C8125@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.f.0.180709
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.40.146]
Content-Type: multipart/alternative; boundary="_000_A2AB0D16DC0848BBB3BD34DAF5D03DF4akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-18_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=565 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807180193
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-18_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=484 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807180193
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Vz6RX9GkYdf_zc52J8dGoGHl_Ww>
Subject: Re: [TLS] Why are the brainpool curves not allowed in TLS 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 17:37:37 -0000

>> This would result in an IANA registry with duplicated entries for brainpool curves: the old, now prohibited code points and the new assigned ones. Is this correct?



>No.  The request could ask for the existing reserved codepoints to be re-used.



But note that the WG decision was to remove all sorts of things, including Brainpool curves, and it would probably be best to discuss bringing them back via the WG.



The TLS registries are now document-required BTW.

v2.23.0 | Report a Bug | By Email