Re: [TLS] Why are the brainpool curves not allowed in TLS 1.3?
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 17 July 2018 17:28 UTC
Return-Path: <prvs=073670ba5c=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC8D4130EC9 for <tls@ietfa.amsl.com>; Tue, 17 Jul 2018 10:28:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmcFvGSCbrns for <tls@ietfa.amsl.com>; Tue, 17 Jul 2018 10:28:47 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id 6844A130EDA for <tls@ietf.org>; Tue, 17 Jul 2018 10:28:46 -0700 (PDT)
Received: from LLE2K16-MBX01.mitll.ad.local (LLE2K16-MBX01.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id w6HHSjA7032764; Tue, 17 Jul 2018 13:28:45 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Eric Rescorla <ekr@rtfm.com>, Johannes Merkle <johannes.merkle@secunet.com>
CC: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Why are the brainpool curves not allowed in TLS 1.3?
Thread-Index: AdQdyutxd5brAeCrTvCBnUE+fi65pAALHowAAAJk44AAAYQtAAACBV4AAAFTmYD//76KAA==
Date: Tue, 17 Jul 2018 17:28:44 +0000
Message-ID: <6B005B2A-148F-4459-B7B5-E4ECC063EBC3@ll.mit.edu>
References: <DE8E4C1F24911E469CC24DD4819274AA2770426C@mail-essen-01.secunet.de> <20180717155550.1a18202e@computer> <5cde94e3-416a-6773-c35c-9bb3952f5097@secunet.com> <CABcZeBNjewd4B3BcjXB8ePk7LCxR8HaiQpb+7oa9dBHYihLWMQ@mail.gmail.com> <ad0fe288-3ecc-3855-e40b-8ee161ecba74@secunet.com> <CABcZeBMTvHx06W67T5F-sM2rw9J+V9Z1s09xBTDWOmthA6MVmw@mail.gmail.com>
In-Reply-To: <CABcZeBMTvHx06W67T5F-sM2rw9J+V9Z1s09xBTDWOmthA6MVmw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.d.1.180523
x-originating-ip: [172.25.1.90]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3614678962_2182951530"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-17_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=980 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807170182
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_4vXir0MszJoNEvnS9x_sOjzZes>
Subject: Re: [TLS] Why are the brainpool curves not allowed in TLS 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2018 17:28:51 -0000
> We've > generally decided to limit the number of algorithms we recommend (the > Recommended) column in the registry. I have trouble seeing any situation in > which we would have these curves as Recommended. And so "at hand" really > means (1) code points assigned and (2) some small number of people who > don't follow our Recommended advice do them But the draft states Values within "obsolete_RESERVED" ranges are used in previous versions of TLS and MUST NOT be offered or negotiated by TLS 1..3 So its not merely a recommendation. Yes, what I am saying is that even if we were to remove that text it would not significantly change matters. I think “MUST NOT” is way too strong in this context, and “must” be softened.
- [TLS] Why are the brainpool curves not allowed in… Bruckert, Leonie
- Re: [TLS] Why are the brainpool curves not allowe… Ilari Liusvaara
- Re: [TLS] Why are the brainpool curves not allowe… Hanno Böck
- Re: [TLS] Why are the brainpool curves not allowe… Dan Brown
- Re: [TLS] Why are the brainpool curves not allowe… Eric Rescorla
- Re: [TLS] Why are the brainpool curves not allowe… Johannes Merkle
- Re: [TLS] Why are the brainpool curves not allowe… Tony Arcieri
- Re: [TLS] Why are the brainpool curves not allowe… Eric Rescorla
- Re: [TLS] Why are the brainpool curves not allowe… Johannes Merkle
- Re: [TLS] Why are the brainpool curves not allowe… Johannes Merkle
- Re: [TLS] Why are the brainpool curves not allowe… Eric Rescorla
- Re: [TLS] Why are the brainpool curves not allowe… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Why are the brainpool curves not allowe… Salz, Rich
- Re: [TLS] Why are the brainpool curves not allowe… Peter Gutmann
- Re: [TLS] Why are the brainpool curves not allowe… Hubert Kario
- Re: [TLS] Why are the brainpool curves not allowe… Bruckert, Leonie
- Re: [TLS] Why are the brainpool curves not allowe… Salz, Rich
- Re: [TLS] Why are the brainpool curves not allowe… Salz, Rich
- Re: [TLS] Why are the brainpool curves not allowe… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Why are the brainpool curves not allowe… Salz, Rich
- Re: [TLS] Why are the brainpool curves not allowe… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Why are the brainpool curves not allowe… Johannes Merkle
- Re: [TLS] Why are the brainpool curves not allowe… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Why are the brainpool curves not allowe… Salz, Rich
- Re: [TLS] Why are the brainpool curves not allowe… Dan Brown
- Re: [TLS] Why are the brainpool curves not allowe… Blumenthal, Uri - 0553 - MITLL