[TLS] changes to draft-ietf-tls-negotiated-ff-dhe-09

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 12 May 2015 21:50 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id A4E951AD324 for <tls@ietfa.amsl.com>; Tue, 12 May 2015 14:50:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id oUxQ499D8Egv for <tls@ietfa.amsl.com>; Tue, 12 May 2015 14:50:54 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org []) by ietfa.amsl.com (Postfix) with ESMTP id 008E71A9173 for <tls@ietf.org>; Tue, 12 May 2015 14:50:54 -0700 (PDT)
Received: from fifthhorseman.net (unknown []) by che.mayfirst.org (Postfix) with ESMTPSA id 0AF48F984 for <tls@ietf.org>; Tue, 12 May 2015 17:50:50 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id AB07B20624; Tue, 12 May 2015 17:50:26 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: IETF TLS Working Group <tls@ietf.org>
User-Agent: Notmuch/0.20~rc1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Tue, 12 May 2015 17:50:25 -0400
Message-ID: <873831bh3y.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/WaP574mb_IwI-J8-k6opa26Wk2w>
Subject: [TLS] changes to draft-ietf-tls-negotiated-ff-dhe-09
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2015 21:50:55 -0000

Hi TLS folks--

As a result of ongoing feedback, i've made several more minor changes to
draft-ietf-tls-negotiated-ff-dhe, which are now visible in version 09 of
that document.

There were several minor nits addressed, but the following minor changes
are slightly more than nits:

 * the draft clarifies that the named ffdhe* groups do have a small
   subgroup, but that it is easily avoided (as opposed to custom groups,
   in which possible small subgroups are either unknown or expensive to

 * slight tuning of some of the RFC 2119 language.

 * explicitly relaxing the old requirement that the Supported Groups
   extension needed to be sent only when ECDHE ciphersuites were
   offered, which no one appears to have followed anyway

 * Added a new section describing local policy for compatible clients
   that are considering accepting custom groups from the server, with
   baseline guidance for how to protect users by at least ensuring that
   the length of the group is minimally strong (no attempt is made to
   enumerate all possible local policy or to claim there is only one
   legitimate local policy).

 * encourage bounds checking of the public share against the group
   modulus, regardless of whether a named group is used.

Thanks to all the folks who gave feedback on the draft.