Re: [TLS] New Algorithm identifier for EDH > 1024 bits?
Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 27 September 2013 06:41 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A84D21E80E7 for <tls@ietfa.amsl.com>; Thu, 26 Sep 2013 23:41:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.587
X-Spam-Level:
X-Spam-Status: No, score=-2.587 tagged_above=-999 required=5 tests=[AWL=0.012, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ovDFmmNQNupA for <tls@ietfa.amsl.com>; Thu, 26 Sep 2013 23:41:16 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) by ietfa.amsl.com (Postfix) with ESMTP id 4F37621E808F for <tls@ietf.org>; Thu, 26 Sep 2013 23:41:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1380264074; x=1411800074; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=kP25js6bM2VW0vIR62NZpHIALP+U/8UQOCgpIf1Uf8g=; b=F8KkuZyMgXfBuRqvvQgECb7ay8fvN6AOpLEoWYk8bbwGa1GX1SIAArDq mGhMm90x5FLF1qpUEcmPWNAfgtRxZj+O4gFzEmJ+6y6siUzif2/IKp+7y AeqJNrN1JVldnOGYFHC3lJhJPMk0wQ4yn+dORQQ/ctOVEUXjLyzvoW7BB Y=;
X-IronPort-AV: E=Sophos;i="4.90,991,1371038400"; d="scan'208";a="214508260"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.125 - Outgoing - Outgoing
Received: from uxchange10-fe3.uoa.auckland.ac.nz ([130.216.4.125]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 27 Sep 2013 18:41:10 +1200
Received: from UXCN10-6.UoA.auckland.ac.nz ([169.254.10.92]) by uxchange10-fe3.UoA.auckland.ac.nz ([130.216.4.125]) with mapi id 14.02.0318.004; Fri, 27 Sep 2013 18:41:09 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] New Algorithm identifier for EDH > 1024 bits?
Thread-Index: Ac67TImS2B3T+9kATv+sBl6Xqb9E8Q==
Date: Fri, 27 Sep 2013 06:41:09 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C735567E500@uxcn10-6.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] New Algorithm identifier for EDH > 1024 bits?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2013 06:41:22 -0000
Phillip Hallam-Baker <hallam@gmail.com> writes: >My understanding of the 1024 bit Ephemeral DH key issue is that it is not >currently possible to use longer keys because a certain number of deployed >Web servers will abort the connection if a client presents a longer key. > >Hmmm, wonder who made that decision... Could that be because of all of the TLS_DHE_DSS_* suites, with DSS limited to 1024 bits so implementers also limited the matching DH to 1024 bits? Just wondering what other reason there could possibly be for artificially limiting the size to 1024 bits. Peter.
- [TLS] New Algorithm identifier for EDH > 1024 bit… Phillip Hallam-Baker
- Re: [TLS] New Algorithm identifier for EDH > 1024… Wan-Teh Chang
- Re: [TLS] New Algorithm identifier for EDH > 1024… Yngve N. Pettersen
- Re: [TLS] New Algorithm identifier for EDH > 1024… Yaron Sheffer
- Re: [TLS] New Algorithm identifier for EDH > 1024… Peter Gutmann
- Re: [TLS] New Algorithm identifier for EDH > 1024… Yoav Nir
- [TLS] DHE key derivation Yaron Sheffer
- Re: [TLS] DHE key derivation Michael D'Errico
- Re: [TLS] DHE key derivation Martin Rex
- Re: [TLS] DHE key derivation Daniel Kahn Gillmor
- Re: [TLS] DHE key derivation Michael D'Errico
- Re: [TLS] DHE key derivation Michael D'Errico
- Re: [TLS] DHE key derivation Michael D'Errico
- Re: [TLS] DHE key derivation Daniel Kahn Gillmor
- Re: [TLS] DHE key derivation Hanno Böck
- Re: [TLS] DHE key derivation Hanno Böck
- Re: [TLS] DHE key derivation Yaron Sheffer
- Re: [TLS] DHE key derivation Yoav Nir
- [TLS] Private Key Security [Was Re: DHE key deriv… Michael StJohns
- Re: [TLS] Private Key Security [Was Re: DHE key d… Martin Rex
- Re: [TLS] New Algorithm identifier for EDH > 1024… Martin Rex
- Re: [TLS] New Algorithm identifier for EDH > 1024… Daniel Kahn Gillmor