[TLS] draft-ietf-tls-grease and RFC 7919

"David A. Cooper" <david.cooper@nist.gov> Thu, 07 June 2018 20:17 UTC

Return-Path: <david.cooper@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CB61130934 for <tls@ietfa.amsl.com>; Thu, 7 Jun 2018 13:17:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U_zcTDwvlDHi for <tls@ietfa.amsl.com>; Thu, 7 Jun 2018 13:17:34 -0700 (PDT)
Received: from wsget1.nist.gov (wsget1.nist.gov [IPv6:2610:20:6005:13::150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF07E127332 for <tls@ietf.org>; Thu, 7 Jun 2018 13:17:33 -0700 (PDT)
Received: from WSGHUB1.xchange.nist.gov (129.6.42.34) by wsget1.nist.gov (129.6.13.150) with Microsoft SMTP Server (TLS) id 14.3.399.0; Thu, 7 Jun 2018 16:19:02 -0400
Received: from postmark.nist.gov (129.6.16.94) by mail-g.nist.gov (129.6.42.33) with Microsoft SMTP Server id 14.3.399.0; Thu, 7 Jun 2018 16:17:29 -0400
Received: from [129.6.105.183] (cooper-optiplex-9010.campus.nist.gov [129.6.105.183]) by postmark.nist.gov (8.13.8/8.13.1) with ESMTP id w57KHN8N011074 for <tls@ietf.org>; Thu, 7 Jun 2018 16:17:23 -0400
To: "tls@ietf.org" <tls@ietf.org>
From: "David A. Cooper" <david.cooper@nist.gov>
Message-ID: <7604787b-6356-f447-727f-38d376d30677@nist.gov>
Date: Thu, 7 Jun 2018 16:17:31 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-NIST-MailScanner-Information:
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WxPgBgdsl2M5uOO33A9otvKmE_g>
Subject: [TLS] draft-ietf-tls-grease and RFC 7919
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jun 2018 20:17:38 -0000

I would like to suggest that one additional value be added to the list 
of GREASE values for named groups.

Section 2 of RFC 7919 says:

    Codepoints in the "Supported Groups Registry" with a high byte of
    0x01 (that is, between 256 and 511, inclusive) are set aside for
    FFDHE groups.

Section 4 of RFC 7919 says:

    If a compatible TLS server receives a Supported Groups extension from
    a client that includes any FFDHE group (i.e., any codepoint between
    256 and 511, inclusive, even if unknown to the server), and if none
    of the client-proposed FFDHE groups are known and acceptable to the
    server, then the server MUST NOT select an FFDHE cipher suite.


So, it would be helpful in testing this requirement of RFC 7919 if there 
were one GREASE value for named groups between 261 and 507 (according to 
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8, 
these are the values in the specified range that are currently unassigned).

Thank you,

David