[TLS] TLS 1.3 Wish List Suggestions
Sajeev S <sajualways@gmail.com> Sat, 23 November 2013 17:28 UTC
Return-Path: <sajualways@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 501EC1AE189 for <tls@ietfa.amsl.com>; Sat, 23 Nov 2013 09:28:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jITxRKAqcQb1 for <tls@ietfa.amsl.com>; Sat, 23 Nov 2013 09:28:18 -0800 (PST)
Received: from mail-ob0-x236.google.com (mail-ob0-x236.google.com [IPv6:2607:f8b0:4003:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id 52D5F1AE182 for <tls@ietf.org>; Sat, 23 Nov 2013 09:28:18 -0800 (PST)
Received: by mail-ob0-f182.google.com with SMTP id wp4so2649609obc.27 for <tls@ietf.org>; Sat, 23 Nov 2013 09:28:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=iqJ5Oc1avcFxHGXOzkgwlDaCe60wiH1HA/QF5+PyLV0=; b=b4MARFlouNjl2Rb0VOs3bBuqcpfOUVXKFj4kniW/oOOdu69sA+f0lpD8Nn/ZTYFYsS N4E8H8QEbTiHRAhqHMO6rN0bv53W1wA9FqiAg5N4mjebm4ikVVCRKE+wu86MOoYzg/sm HMPs3eZZ2HfhzEypGGLvWL0yg1RmALOHAiAu06Di/JYm3PxDiQDPI+4dA5xRWSrIVC/h yBlEEaBZYX1bSAcR40xTzFxx9talkrsq087BZ2vdbLwWOt6hMnks5TQQ2Tjz4sZ7LBjW bb8BGap5rj5l83h/SI4vXzQUUD6wfLSwlDffM27U/tGeCD8FA+NLZSksgPTAAP/b+cij MqDA==
MIME-Version: 1.0
X-Received: by 10.60.44.36 with SMTP id b4mr1193846oem.53.1385227690608; Sat, 23 Nov 2013 09:28:10 -0800 (PST)
Received: by 10.76.95.170 with HTTP; Sat, 23 Nov 2013 09:28:10 -0800 (PST)
Date: Sat, 23 Nov 2013 22:58:10 +0530
Message-ID: <CAPWOt+VMUKdEJoDKN6Px6Q355JMut7Q5UHkkr26AOq7+6v3DKg@mail.gmail.com>
From: Sajeev S <sajualways@gmail.com>
To: ekr@rtfm.com
Content-Type: multipart/alternative; boundary="001a11c301866e8eda04ebdb740c"
X-Mailman-Approved-At: Sat, 23 Nov 2013 12:16:07 -0800
Cc: tls@ietf.org
Subject: [TLS] TLS 1.3 Wish List Suggestions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Nov 2013 17:32:56 -0000
Hi Eric, My self Sajeev, I have over 7+ years of expertise in Testing SSL/TLS protocol and PKI. I read through the " https://www.ietf.org/proceedings/87/slides/slides-87-tls-5.pdf" I have one suggestion for this "TLS 1.3 Wish List" Can we add an TLS Extension field when we use TLS 1.3 as protocol version, which will inform the Certificate key size bits to be used in the SSL/TLS transaction. As we move forward in the SSL/TLS security,the certificate key size bits will play an important role. Proposal-----------> 1. Client hello will have extension saying that we will use 1024/2048/4096 public key bit size certificates 2. Server hello will send an extension which will decide which key size to be used. The above key size bit extension can be used for deciding both Server certificates and client certificates. It is just an idea........need to analyse more because not only RSA/DSA certificates will be used. It also depends on which ciphersuite gets select..........if it is ECC based or DH based. we can also have the size for DH key. For EC based we already have curve and point extensions. Please let me know if it is feasible to add this functionality? Regards, Sajeev
- [TLS] TLS 1.3 Wish List Suggestions Sajeev S
- Re: [TLS] TLS 1.3 Wish List Suggestions Sajeev S
- Re: [TLS] TLS 1.3 Wish List Suggestions Eric Rescorla
- Re: [TLS] TLS 1.3 Wish List Suggestions Sajeev S
- Re: [TLS] TLS 1.3 Wish List Suggestions Quynh Dang
- Re: [TLS] TLS 1.3 Wish List Suggestions Nico Williams
- Re: [TLS] TLS 1.3 Wish List Suggestions Nico Williams
- Re: [TLS] TLS 1.3 Wish List Suggestions Peter Saint-Andre
- Re: [TLS] TLS 1.3 Wish List Suggestions Nico Williams
- Re: [TLS] TLS 1.3 Wish List Suggestions Peter Saint-Andre
- Re: [TLS] TLS 1.3 Wish List Suggestions Salz, Rich
- Re: [TLS] TLS 1.3 Wish List Suggestions Peter Saint-Andre
- Re: [TLS] TLS 1.3 Wish List Suggestions Salz, Rich
- Re: [TLS] TLS 1.3 Wish List Suggestions Peter Saint-Andre
- Re: [TLS] TLS 1.3 Wish List Suggestions Nico Williams