Re: [TLS] AD review of draft-ietf-tls-negotiated-ff-dhe-08
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 03 April 2015 17:54 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B47F1ACE7B for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 10:54:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id upEBR0Yy0Tqs for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 10:54:41 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A34001ACE77 for <tls@ietf.org>; Fri, 3 Apr 2015 10:54:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 28155BEDC; Fri, 3 Apr 2015 18:54:39 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U5TB_LcbU4lw; Fri, 3 Apr 2015 18:54:38 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.18.59]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id F2543BEC9; Fri, 3 Apr 2015 18:54:37 +0100 (IST)
Message-ID: <551ED3DD.8080409@cs.tcd.ie>
Date: Fri, 03 Apr 2015 18:54:37 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Sean Turner <turners@ieca.com>
References: <551B3415.5080105@cs.tcd.ie> <2D4BF0F9-E771-4E79-848F-11617E77A36C@ieca.com>
In-Reply-To: <2D4BF0F9-E771-4E79-848F-11617E77A36C@ieca.com>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Zq-IU_rimj65G6yWLoqoEjDQznc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] AD review of draft-ietf-tls-negotiated-ff-dhe-08
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 17:54:44 -0000
On 03/04/15 15:22, Sean Turner wrote: > On Mar 31, 2015, at 19:56, Stephen Farrell > <stephen.farrell@cs.tcd.ie> wrote: > >> #2 I've never quite gotten the reasoning behind not giving any >> names to any of the RFC3526 curves and I think that question >> deserves an answer (to be in the list archive). So - why not? > > Maybe I’m not following but are you asking that we retroactively name > the "4096-bit MODP Group”? Right, that and any others we still like. The thought is that we might get a minor security benefit if the client says that they're ok with e.g. the 2048-bit MODP group thereby causing some server to not try use a custom group or the old smaller groups. (I mean that'd be a minor benefit compared to the current situation, not compared to what the draft proposes.) It's not a major thing as the client can still just check for the RFC3626 groups but I'm not sure how likely it is that'd be done. OTOH, anyone who updates their code to handle this can just as easily adopt the new groups, and I don't think there's any particular benefit to sticking with the RFC3526 groups (e.g. there's no dedicated h/w for those I think). So if the answer is "yeah, we considered that and didn't like it because <foo>" that's fine, I just don't recall having seen it on the list. It's also fine if the answer is "we didn't think of that, but we still don't like it" btw:-) S. > > spt >
- [TLS] AD review of draft-ietf-tls-negotiated-ff-d… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Martin Thomson
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Martin Rex
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Martin Rex
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Sean Turner
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Daniel Kahn Gillmor
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Daniel Kahn Gillmor
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Daniel Kahn Gillmor
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Geoffrey Keating
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Daniel Kahn Gillmor
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Peter Gutmann
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Santiago Zanella
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Santiago Zanella
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Peter Gutmann
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Santiago Zanella