[TLS] AD review of draft-ietf-tls-negotiated-ff-dhe-08

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 31 March 2015 23:56 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 3DE3E1A879A for <tls@ietfa.amsl.com>; Tue, 31 Mar 2015 16:56:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 5J_N-WQlCngf for <tls@ietfa.amsl.com>; Tue, 31 Mar 2015 16:56:12 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 842FC1A877B for <tls@ietf.org>; Tue, 31 Mar 2015 16:56:12 -0700 (PDT)
Received: from localhost (localhost []) by mercury.scss.tcd.ie (Postfix) with ESMTP id 736E9BEBB; Wed, 1 Apr 2015 00:56:10 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([]) by localhost (mercury.scss.tcd.ie []) (amavisd-new, port 10024) with ESMTP id p3fj_o64bRMV; Wed, 1 Apr 2015 00:56:09 +0100 (IST)
Received: from [] (unknown []) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id A2CFABE50; Wed, 1 Apr 2015 00:56:08 +0100 (IST)
Message-ID: <551B3415.5080105@cs.tcd.ie>
Date: Wed, 01 Apr 2015 00:56:05 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: "tls@ietf.org" <tls@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/YY2f_x-2OqXPdVPIRfG-OnuRAao>
Subject: [TLS] AD review of draft-ietf-tls-negotiated-ff-dhe-08
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Mar 2015 23:56:15 -0000


I've done my AD review of this, and it's very good. I have
two questions I'd like to check on before starting IETF
last call. If the answers are already in the list archive,
then just pointing there is entirely fine. If not, well,
they're not such hard questions:-)

#1 Have we tested in the wild that using elliptic_curves (10)
in the ClientHello won't trigger some ECC code that causes
handshakes to barf?

#2 I've never quite gotten the reasoning behind not giving
any names to any of the RFC3526 curves and I think that
question deserves an answer (to be in the list archive).
So - why not?


PS: I also have a bunch of nitty nits, feel free to handle
those however is best.

- intro: What is "Traditional TLS"? Ye olde something or
other? :-)

- intro: "p > 1024 bits" is fine by me but better would be
to say "p is longer than 1024 bits"

- s3, 2nd para: I suggest a para break before you get to the
bit about both ECC and DHE.

- s3, 3rd para: what is the "these" in here? This reads a
bit oddly.

- 5.1: "public key" is less common than "public value" I
think, when talking about DH. FWIW, I prefer value as saying
key confuses some people into thinking this is a long term

- 5.2: 4419 has a reference to a Paul Van Oorschot paper
that justifies the security here. Did we check there are no
more recent results? (Esp ones that might invalidate the
optimisation.) Could also be good to include whatever is
today's best reference for this directly rather than just
via 4419.