Re: [TLS] IANA questions (was Re: changes to draft-ietf-tls-negotiated-ff-dhe-09)

Martin Thomson <martin.thomson@gmail.com> Fri, 15 May 2015 17:43 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74C971A00C0 for <tls@ietfa.amsl.com>; Fri, 15 May 2015 10:43:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nipVLH9MITRO for <tls@ietfa.amsl.com>; Fri, 15 May 2015 10:43:16 -0700 (PDT)
Received: from mail-yk0-x22e.google.com (mail-yk0-x22e.google.com [IPv6:2607:f8b0:4002:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79BD81A00DB for <tls@ietf.org>; Fri, 15 May 2015 10:43:16 -0700 (PDT)
Received: by ykep21 with SMTP id p21so36253461yke.3 for <tls@ietf.org>; Fri, 15 May 2015 10:43:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=rMAQ1d2xk9SxNiFJO++YdeUF7QrO75zkwrGPqwhOpD8=; b=DxgJRRBSIkvK+9movy63XMsXFEWgw+T0IdCHtzLYpQZeC6Mt9EHlY0DrKgRCvBDLdq AiFBYRPLVC1wmrUaiAeq9ZknWQ6RlDU3eUdk6oJyzzITs4WJr460kCKJamuTrnKzUave /7HERKlIt/MtxpBFyHlBjA9Gs01enrUvrh488YKUgjZq98R/D9zB4ofn8MiHYKkhmvOG 5JbYdyJIycUa6/1VS6eOqlJOh1IErryajA81jAP4sVs9WDxeFjdwiT5M8YmkpmrxHpXz 2JZ/lb9jD3NIotUEs3QeZZg3TKQe0Tv+je5nzx73c0cX9mxJNM2uOc2HGNj8KlEvCJTw p7Ag==
MIME-Version: 1.0
X-Received: by 10.170.44.208 with SMTP id 199mr11943869ykm.101.1431711795881; Fri, 15 May 2015 10:43:15 -0700 (PDT)
Received: by 10.13.247.71 with HTTP; Fri, 15 May 2015 10:43:15 -0700 (PDT)
In-Reply-To: <6F8DEA05-0BC6-464E-8E6A-BF762484E039@ieca.com>
References: <873831bh3y.fsf@alice.fifthhorseman.net> <6F8DEA05-0BC6-464E-8E6A-BF762484E039@ieca.com>
Date: Fri, 15 May 2015 10:43:15 -0700
Message-ID: <CABkgnnU8FD_bAjS1uTL6OfPOxH0OJzrZEcX3HS0Xa4uCtkqusw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Sean Turner <turners@ieca.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/XXsXi_us_Bo2PpFnV4cJ1f41HA0>
Cc: IETF TLS Working Group <tls@ietf.org>
Subject: Re: [TLS] IANA questions (was Re: changes to draft-ietf-tls-negotiated-ff-dhe-09)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2015 17:43:18 -0000

These are good changes.

On 15 May 2015 at 02:43, Sean Turner <turners@ieca.com> wrote:
> During the review process, IANA regularly verifies that they understand what they’re do wrt any IANA assignments noted in the IANA considerations section.  Their questions got us to thinking about the following two points:
>
> 1. Currently the registry in which the FFDHE groups will be added is named "EC Named Curve Registry.”  Now that we’re adding DH groups into that registry it would be clearer if it were renamed “Supported Groups Registry”.  This change does not affect interoperability, it only impacts the name of the registry.  We can also get them to add a note that indicates this registry was renamed, i.e., “Renamed from EC Named Curve Registry” so folks can follow along. The registry can be found here:
> http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
>
> 2.  The “Extensions Type” registry associated with this extension is “elliptic_curves”, see value #10 in the registry, this should/could also be changed to “supported_groups”.  The registry can be found here:
> http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1
>
> If you object to these changes please let us know by May 20th.
>
> spt
>
> On May 12, 2015, at 23:50, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
>
>> Hi TLS folks--
>>
>> As a result of ongoing feedback, i've made several more minor changes to
>> draft-ietf-tls-negotiated-ff-dhe, which are now visible in version 09 of
>> that document.
>>
>> There were several minor nits addressed, but the following minor changes
>> are slightly more than nits:
>>
>> * the draft clarifies that the named ffdhe* groups do have a small
>>   subgroup, but that it is easily avoided (as opposed to custom groups,
>>   in which possible small subgroups are either unknown or expensive to
>>   avoid).
>>
>> * slight tuning of some of the RFC 2119 language.
>>
>> * explicitly relaxing the old requirement that the Supported Groups
>>   extension needed to be sent only when ECDHE ciphersuites were
>>   offered, which no one appears to have followed anyway
>>
>> * Added a new section describing local policy for compatible clients
>>   that are considering accepting custom groups from the server, with
>>   baseline guidance for how to protect users by at least ensuring that
>>   the length of the group is minimally strong (no attempt is made to
>>   enumerate all possible local policy or to claim there is only one
>>   legitimate local policy).
>>
>> * encourage bounds checking of the public share against the group
>>   modulus, regardless of whether a named group is used.
>>
>> Thanks to all the folks who gave feedback on the draft.
>>
>> Regards,
>>
>>        --dkg
>>
>>
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls