[TLS] changes to draft-ietf-tls-negotiated-ff-dhe-09
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 12 May 2015 21:50 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4E951AD324 for <tls@ietfa.amsl.com>; Tue, 12 May 2015 14:50:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oUxQ499D8Egv for <tls@ietfa.amsl.com>; Tue, 12 May 2015 14:50:54 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 008E71A9173 for <tls@ietf.org>; Tue, 12 May 2015 14:50:54 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 0AF48F984 for <tls@ietf.org>; Tue, 12 May 2015 17:50:50 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id AB07B20624; Tue, 12 May 2015 17:50:26 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: IETF TLS Working Group <tls@ietf.org>
User-Agent: Notmuch/0.20~rc1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Tue, 12 May 2015 17:50:25 -0400
Message-ID: <873831bh3y.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/WaP574mb_IwI-J8-k6opa26Wk2w>
Subject: [TLS] changes to draft-ietf-tls-negotiated-ff-dhe-09
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2015 21:50:55 -0000
Hi TLS folks-- As a result of ongoing feedback, i've made several more minor changes to draft-ietf-tls-negotiated-ff-dhe, which are now visible in version 09 of that document. There were several minor nits addressed, but the following minor changes are slightly more than nits: * the draft clarifies that the named ffdhe* groups do have a small subgroup, but that it is easily avoided (as opposed to custom groups, in which possible small subgroups are either unknown or expensive to avoid). * slight tuning of some of the RFC 2119 language. * explicitly relaxing the old requirement that the Supported Groups extension needed to be sent only when ECDHE ciphersuites were offered, which no one appears to have followed anyway * Added a new section describing local policy for compatible clients that are considering accepting custom groups from the server, with baseline guidance for how to protect users by at least ensuring that the length of the group is minimally strong (no attempt is made to enumerate all possible local policy or to claim there is only one legitimate local policy). * encourage bounds checking of the public share against the group modulus, regardless of whether a named group is used. Thanks to all the folks who gave feedback on the draft. Regards, --dkg
- [TLS] changes to draft-ietf-tls-negotiated-ff-dhe… Daniel Kahn Gillmor
- [TLS] IANA questions (was Re: changes to draft-ie… Sean Turner
- Re: [TLS] IANA questions (was Re: changes to draf… Martin Thomson