IETF Logo Mail Archive

Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security

John Mattsson <john.mattsson@ericsson.com> Mon, 12 October 2015 16:49 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27B5B1A88E4 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 09:49:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eKcEZ9KO-FMa for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 09:49:49 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3741C1A88EC for <TLS@ietf.org>; Mon, 12 Oct 2015 09:49:49 -0700 (PDT)
X-AuditID: c1b4fb3a-f79136d0000071e2-e7-561be4abdd96
Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 12.3F.29154.BA4EB165; Mon, 12 Oct 2015 18:49:47 +0200 (CEST)
Received: from ESESSMB307.ericsson.se ([169.254.7.184]) by ESESSHC017.ericsson.se ([153.88.183.69]) with mapi id 14.03.0248.002; Mon, 12 Oct 2015 18:49:46 +0200
From: John Mattsson <john.mattsson@ericsson.com>
To: Sean Turner <sean@sn3rd.com>
Thread-Topic: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
Thread-Index: AQHRBMydOHy9F9/ta0KlukZnanicFp5ntdgAgABcjYA=
Date: Mon, 12 Oct 2015 16:49:46 +0000
Message-ID: <D241AF4D.3D9FD%john.mattsson@ericsson.com>
References: <D2414396.3D932%john.mattsson@ericsson.com> <9BB2A2C5-005B-4F2C-9CAB-EA23F07FE0D5@sn3rd.com>
In-Reply-To: <9BB2A2C5-005B-4F2C-9CAB-EA23F07FE0D5@sn3rd.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.4.150722
x-originating-ip: [153.88.183.20]
Content-Type: text/plain; charset="utf-8"
Content-ID: <5365B4596050AC4DBCB3A1BE7CDD73DA@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphkeLIzCtJLcpLzFFi42KZGfG3Rnf1E+kwg4nTBSyurGpktvh0vovR gcljyZKfTB4HDzIGMEVx2aSk5mSWpRbp2yVwZZxcVluwSbzi5fInTA2MT8S6GDk5JARMJJqv fmGDsMUkLtxbD2RzcQgJHGWUmDDxCyOEs4RRYmXrLhaQKjYBA4m5exrAOkQEFCSajj5gBbGZ BRQl9mw7yQ5iCwu4Stzq+QdV4yYxtWk2M4RtJdGyaC5YPYuAqsSrH+vAangFzCXWNR1gBLGF BLIk1mw4BBTn4OAUsJX4td4FJMwIdNz3U2uYIFaJS9x6Mp8J4mgBiSV7zjND2KISLx//YwVp FRXQk9izXBIirChxdfpyJpAws4CmxPpd+hBTrCXmzv/HAnP8lO6H7BDHCEqcnPmEZQKjxCwk y2YhdM9C0j0LSfcsJN0LGFlXMYoWpxYX56YbGemlFmUmFxfn5+nlpZZsYgRG38Etv612MB58 7niIUYCDUYmH98FtqTAh1sSy4srcQ4zSHCxK4rzNTA9ChQTSE0tSs1NTC1KL4otKc1KLDzEy cXBKNTC2nFzo9uokk2ntrDdLeKTN19QuCjvcl/CeLyLe6PqleW0HV7SWHDvcOvPVaa0O5av8 wv3f2MPMz0fsW6iscuvvvBfBsyLEnZ7d1HcXVN48Pd/YIPm3YOo0p33Sy6QMPgf8dr3kU/f/ v5OVqAC3dcZK9lWspyK/eHfV7HA+456WofE8q3fn1udKLMUZiYZazEXFiQAqXN/vnwIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Y-6lb-AW4-ydnvEzgYvp-pKVpSc>
Cc: "TLS@ietf.org" <TLS@ietf.org>
Subject: Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 16:49:51 -0000

The statement i [1] is about AES, and is very true. AES-192 is very seldom
used, and people tend to jump directly to AES-256.

For ECC curves, the opposite is true, people tend to use P-384 instead of
P-521. Most likely because of that P-384 is used in suite B. According to
[2], Google Chrome recently dropped support of P-521.

[2] 
https://support.globalsign.com/customer/portal/articles/1995283-ecc-compati
bility



The security level of the AES_256_GCM_SHA384-algorithms is clearly no more
than 192 as SHA-384 is used.

On 12/10/15 15:18, "Sean Turner" <sean@sn3rd.com> wrote:

>It is interesting to note that in discussing update IPSec’s RFC 4307
>somebody suggested making 192 a MAY because folks only use 128/256 [1].
>
>spt
>
>[1] http://mailarchive.ietf.org/arch/msg/ipsec/1F5h4j-dP5dLPCCAqg4iqgjjYFE
>
>On Oct 12, 2015, at 05:01, John Mattsson <john.mattsson@ericsson.com>
>wrote:
>
>> I think the selection of MTI Cipher Suites (Section 8.1 of
>>draft-ietf-tls-tls13-09) is excellent, but I am missing a recommended
>>ECC curve for the “SHOULD” cipher suites. Little benefit of using
>>AES-256 with P-256 or curve25519. Shouldn’t there be a SHOULD implement
>>ECC curve giving at least 192-bit security? E.g.
>> 
>> "These cipher suites SHOULD support both digital signatures and key
>>exchange with secp384r1 (NIST P-384)."
>> 
>> Cheers,
>> John
>>  
>> <13DEFB94-F735-49B0-8196-BDB5C9017A32[3].png>
>> 
>> JOHN MATTSSON
>> MSc Engineering Physics, MSc Business Administration and Economics
>> Ericsson IETF Security Coordinator
>> Senior Researcher, Security
>> 
>> Ericsson AB
>> Ericsson Research
>> Färögatan 6
>> SE-164 80 Stockholm, Sweden
>> Phone +46 10 71 43 501
>> SMS/MMS +46 76 11 53 501
>> john.mattsson@ericsson.com
>> www.ericsson.com
>> 
>> 
>> <D377E800-0A1A-43D3-AF5E-165F697789B5[3].png>
>>  
>> This Communication is Confidential. We only send and receive email on
>>the basis of the terms set out atwww.ericsson.com/email_disclaimer
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email