Re: [TLS] FFDHE and SHOULDs on usage
Thijs van Dijk <schnabbel@inurbanus.nl> Sat, 18 April 2015 06:31 UTC
Return-Path: <schnabbel@inurbanus.nl>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BC881A0027 for <tls@ietfa.amsl.com>; Fri, 17 Apr 2015 23:31:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.712
X-Spam-Level:
X-Spam-Status: No, score=-0.712 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYEBBs7VK3B7 for <tls@ietfa.amsl.com>; Fri, 17 Apr 2015 23:31:50 -0700 (PDT)
Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D3811A0006 for <tls@ietf.org>; Fri, 17 Apr 2015 23:31:50 -0700 (PDT)
Received: by wiun10 with SMTP id n10so41049608wiu.1 for <tls@ietf.org>; Fri, 17 Apr 2015 23:31:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inurbanus.nl; s=google-inurb; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Kpr7cxcYN/Zjes09wDKZxfj3x5uk3bO2FGv6sm/DYU4=; b=rNc1T2gVFDk4FKhvqG5NL3zKhZKIS8A2PSc2GSE4pE80HNmuWbzkqx0fhbEPjWA6sd ZeqUcD55Fen8UTKMkTdaUXos9lbGOVdh/awSORd9rRBer7iICW85wuugqHb7AQ9FwEeI b2b73mfZzPCCFG5mqtWWT1OugfDsT81kdxIp4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Kpr7cxcYN/Zjes09wDKZxfj3x5uk3bO2FGv6sm/DYU4=; b=B8bt65BYxAYkwFrdY9IaPLWEfqCznxGjC4fM9yOn8jQWspQnWKAmslOMn1B+UnpgXX BpTI9MlSyfC/frIiUM6HB7LsvGYWiznO3EW2NCp+WUNgBElH9OzyEkG4isODIIPcV0D1 uICz/kzmVd300Hjc4YE+boQbUoyPRRPt2nftS/Tj1IZearXnwQdD/4W3YOMZ6RQ2llUP 1Vw5vVRHIcipsfA1goOyhDR4wVgLryM4R0Arq0f3O+/JK1UAubAmkAFsdl6sCsJ/VwP/ gb9gQZSMihydr5TOBlqNDnE1QfmPVjqPb/GLy4f36AUins2pDF8bVeLjnT/NQWtNpDfv ueWw==
X-Gm-Message-State: ALoCoQlHWWGeijcfSGSWK79xfpO7hSIHfY5SqYrFxYO/Tf/nOBZV+kcwmpffbU+bquu4u+/YBEtu
MIME-Version: 1.0
X-Received: by 10.180.230.226 with SMTP id tb2mr7241978wic.64.1429338709103; Fri, 17 Apr 2015 23:31:49 -0700 (PDT)
Received: by 10.28.104.138 with HTTP; Fri, 17 Apr 2015 23:31:49 -0700 (PDT)
In-Reply-To: <20150418031052.221221B2A1@ld9781.wdf.sap.corp>
References: <87fv80nnev.fsf@alice.fifthhorseman.net> <20150418031052.221221B2A1@ld9781.wdf.sap.corp>
Date: Sat, 18 Apr 2015 08:31:49 +0200
Message-ID: <CADGaDpHneH3FN6aOo8W6nCCPJ=-d+_ZbRo3RkmeyfBVuZ6u1fg@mail.gmail.com>
From: Thijs van Dijk <schnabbel@inurbanus.nl>
To: mrex@sap.com
Content-Type: multipart/alternative; boundary="001a113612bc05293a0513f9da14"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/YngPagmTygFUs8ljaYY4w9kq_5I>
Cc: tls@ietf.org
Subject: Re: [TLS] FFDHE and SHOULDs on usage
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Apr 2015 06:31:52 -0000
On 18 April 2015 at 05:10, Martin Rex <mrex@sap.com> wrote: > Could we just scrap the "based on xxx preference" nonsense entirely? > > The sender of the list sends whatever it sees fit, and the receiver > of the list has the privilege to pick what ever the receiver believes > is most appropriate from the receivers point of view. > > I never understood why (a) such a silly suggestion was made for > the ordering of cipher suites in ClientHello and (b) why any TLS server > implementaion would care for the client's ordering rather than enforcing > the server preference. If the client does not want something, it must > not offer it. If the server does not want something, it must not pick it. > I still think it's a reasonable safeguard against lazy server implementations (e.g. mine): The naive way of implementing cipher agreement is to loop through the client's suggestions and pick the first one both client and server suport. If that happens to be an EXPORT/RC4 combo you're out of luck. However if either the client or the server exhibits a preference, you're almost guaranteed to do better than both sides' worst case. Furthermore, I think that conceptually, dropping client preference would equate to making server preference a requirement. The TLS1.3 spec should reflect this in some way, so it's not very language-economic either. -Thijs
- [TLS] FFDHE and SHOULDs on usage Martin Thomson
- Re: [TLS] FFDHE and SHOULDs on usage Bodo Moeller
- Re: [TLS] FFDHE and SHOULDs on usage Martin Thomson
- Re: [TLS] FFDHE and SHOULDs on usage Daniel Kahn Gillmor
- Re: [TLS] FFDHE and SHOULDs on usage Martin Thomson
- [TLS] please review (was: Re: FFDHE and SHOULDs o… Sean Turner
- Re: [TLS] FFDHE and SHOULDs on usage Daniel Kahn Gillmor
- Re: [TLS] FFDHE and SHOULDs on usage Martin Thomson
- Re: [TLS] FFDHE and SHOULDs on usage Martin Rex
- Re: [TLS] FFDHE and SHOULDs on usage Andrey Jivsov
- Re: [TLS] FFDHE and SHOULDs on usage Thijs van Dijk
- Re: [TLS] FFDHE and SHOULDs on usage Hubert Kario