IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 11 October 2014 04:55 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3702F1A1AAF for <tls@ietfa.amsl.com>; Fri, 10 Oct 2014 21:55:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LqTgDsBLq7e7 for <tls@ietfa.amsl.com>; Fri, 10 Oct 2014 21:55:20 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 43F9D1A1AAB for <tls@ietf.org>; Fri, 10 Oct 2014 21:55:20 -0700 (PDT)
Received: from [192.168.42.103] (h-67-101-29-238.nycm.ny.dynamic.megapath.net [67.101.29.238]) by che.mayfirst.org (Postfix) with ESMTPSA id 91917F984 for <tls@ietf.org>; Sat, 11 Oct 2014 00:55:15 -0400 (EDT)
Message-ID: <5438B82B.6090600@fifthhorseman.net>
Date: Sat, 11 Oct 2014 00:55:07 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Icedove/32.0
MIME-Version: 1.0
To: tls@ietf.org
References: <20141011044948.27553.93984.idtracker@ietfa.amsl.com>
In-Reply-To: <20141011044948.27553.93984.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="EA55BGjFPXXiOR6xBaqJriubMB3Calucj"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/_f-nBjvK3SUybLuD3iTm8SWGp3M
Subject: Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Oct 2014 04:55:22 -0000

On 10/11/2014 12:49 AM, internet-drafts@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>  This draft is a work item of the Transport Layer Security Working Group of the IETF.
> 
>         Title           : Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
>         Author          : Daniel Kahn Gillmor
> 	Filename        : draft-ietf-tls-negotiated-ff-dhe-02.txt
> 	Pages           : 24
> 	Date            : 2014-10-10
> 
> Abstract:
>    Traditional finite-field-based Diffie-Hellman (DH) key exchange
>    during the TLS handshake suffers from a number of security,
>    interoperability, and efficiency shortcomings.  These shortcomings
>    arise from lack of clarity about which DH group parameters TLS
>    servers should offer and clients should accept.  This document offers
>    a solution to these shortcomings for compatible peers by using a
>    section of the TLS "EC Named Curve Registry" to establish common DH
>    parameters with known structure and a mechanism for peers to
>    negotiate support for these groups.


This update pushed the proposed syntactic changes to the ff-dhe draft,
dropping the explicit extension and making reuse of the NamedCurves
registry for finite field groups as well.

I'd appreciate any comments or suggestions, and particularly review
related to the IANA considerations would be great.

The xml2rfc source for the draft can be found (among other places) on
github:

 https://github.com/dkg/tls-negotiated-ff-dhe

patches welcome,

	--dkg

v2.39.1 | Report a Bug | By Email | System Status