Re: [TLS] Deprecating Obsolete Key Exchange Methods in TLS
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 02 March 2022 17:19 UTC
Return-Path: <prvs=10608f698c=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3CCE3A0A1F for <tls@ietfa.amsl.com>; Wed, 2 Mar 2022 09:19:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFT6gXL6hXHm for <tls@ietfa.amsl.com>; Wed, 2 Mar 2022 09:19:08 -0800 (PST)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FC593A0923 for <tls@ietf.org>; Wed, 2 Mar 2022 09:19:08 -0800 (PST)
Received: from LLEX2019-2.mitll.ad.local (llex2019-2.llan.ll.mit.edu [172.25.4.124]) by MX3.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 222HJ4wr327200 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 2 Mar 2022 12:19:04 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=tLocCdge+3jjLeuP5Kfbfe23ozit+w3ZPnzSbAjkW/uxpenHM6cgnukBSgOi9dMSnHf0UuyQUMfGSVuK1LSiuieJ94DFjpeZPY5WBCpJpc3wy2ZysaznZV/qEi3GfQZXZfTJJKjCpjcKzHop8s9uUiSg/LO0MIWfD21QbfyGxuH/go5AQ+++Z6KAjHKcDAwbAi3Z660Mzrvm9miagqmM5BpTaJiTmrD8OKfdLEQAS73Snb9U9FyrV2NSvNIatM2Olm/I/kG1LY1LfSz4/qRkV6R6qqfEXWcjacP3AHAlaAiQSRN0JZwsVfXXIS8FRH6dmJkZMF74JfairJj3vtX7Hg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Humtw8xtXr2r8DtzoUYJV0josrtTFoEIjlFGjTNMxuA=; b=f+237SODbod2REDusxldtmfzxi5aCGyvowe2cyy5UWIGF80lKA+HqdZT1PeVj9ZbamZpS5arRwYG+N2XCYh6k6tS/jQAZQh7EEfJRDuZ9gmHVdRwbWgbjES3fDMUTbf3ktZBCC7xb5Wf19L4/ZMp2eCvnCq0hhxwI4+cmZkVx3nzpRixgHEq6HSFyey1620ddXcfGEYcxGpmx782I2CzHxOKg0BN1rrv5Gu5hWFRXo0cGTzoQ5qEyyVZMzVaZK7oLXhL6eYEpbuf8SqDLZaiUcwaLKtim7NtwhfSYmZAAwXo95T3ve+AqeydgUZwkBBYcOjV+HsZ/nDKIl5ZAkFwEA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "<tls@ietf.org>" <tls@ietf.org>
CC: Carrick Bartle <cbartle@apple.com>, Nimrod Aviram <nimrod.aviram@gmail.com>
Thread-Topic: [TLS] Deprecating Obsolete Key Exchange Methods in TLS
Thread-Index: AQHYLljW8RK+90nAFU6uQSikzmPAqaysAq2A
Date: Wed, 02 Mar 2022 17:18:56 +0000
Message-ID: <F631C8A5-3684-4693-B828-4CAA7820125B@ll.mit.edu>
References: <CABiKAoRZZy2Bqgf_QJOQxiyREwLscOWJ9LeqgEvam7Lz+dqyCA@mail.gmail.com>
In-Reply-To: <CABiKAoRZZy2Bqgf_QJOQxiyREwLscOWJ9LeqgEvam7Lz+dqyCA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.56.21121100
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 392d3b62-00e2-44e1-6024-08d9fc70bbce
x-ms-traffictypediagnostic: BN0P110MB1077:EE_
x-microsoft-antispam-prvs: <BN0P110MB10779E8F1B05DE546D2B4A0B90039@BN0P110MB1077.NAMP110.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: j9nW8kAyUS/l4+Xg7bx/3RMI8ncvPSH07xsAPYCgHB9V9DuPY3GgfIbo1P9PZCFmuiw6HaPehFikyXYfHA9TGN2OZkbR8T6fax+cGNR5tNlfM8Bi70PyG62Mt0wvMifHenKPxr+JTotmh7Z/ojb8sDPOoeK/FivOLmu6CRSyMttjgBNOI2Ey6M5xr3jdAPeSgsek/XQO3xybKgHcSzourmoylD//6ZpbjcD2bEU5HzW2dOjyUqX3YiUxyJ1fG4HQhLzHbScyp+QuS9t/1LFRVv4YQQbitL9jFn5O6O9aPcRui6D1k9rsauRbX6ac1TUMjQY7VdnhoxDL2nSLgnmH7yPeic/SVaYVDAZh9WNweZd79Bt+NhfkuBJyRf5R8H+6MAHccLr2Ei0CKzPXuXg9FVk57Lz/2NraR3Ad+RDVjHuURlgQaL+6Z+UZtVhT2ZAZjmUb8rI6fr65VyXIgbj8Lx8Syc1xjtwcKWte4w1VMJ/dLu1bTqWXVs2CEbqmOT89001A8RWlMl6zg2cWAjqjpPq+gDXs71I/McZE4ghh2eG9iWEObULQjT+cQXl440ZfeIo4b7LGPcClHTpv6d5qNToTJrYeIatzWx+ZB1mQjHUGxLZebmlmsic+sreygaPKxjxKwWZkbAUbCyWV+Gv95xZ2k65xj2JRCKlvBPvtTHMwYCwhbTetakXbwc23s0kVzJnhmAC+RGKauFhNKEm6VX+2owvr7fD+PtkywC7aIQM8soQBNd5YR1Oo7bhH5BFb
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230001)(366004)(186003)(5660300002)(4744005)(26005)(54906003)(122000001)(6506007)(33656002)(2616005)(38100700002)(2906002)(166002)(71200400001)(66446008)(8936002)(66476007)(66556008)(6512007)(64756008)(66946007)(4326008)(8676002)(6486002)(76116006)(86362001)(38070700005)(498600001)(75432002)(99936003)(491001)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: YtB+JjZtUlaId9jyyf84txT0/gFMKXRwB9XZrPIL7de+MGI0PI/n0HObN7rtI+zv9mAPEdozhGmFQggf1jp1V37xh3jTL4mhtBJIXeQLc3UKjhCn/li+3L+apShDr71LFwmz2p9f74myXSvaNu7Djg==
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3729068335_319087950"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 392d3b62-00e2-44e1-6024-08d9fc70bbce
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2022 17:18:56.5318 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1077
X-Proofpoint-GUID: eU_KyRQ7_4OInK8lJ_tz68NnKNVExXNs
X-Proofpoint-ORIG-GUID: eU_KyRQ7_4OInK8lJ_tz68NnKNVExXNs
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.425, 18.0.816 definitions=2022-03-02_05:2022-02-26, 2022-03-02 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 spamscore=0 adultscore=0 phishscore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2203020076
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aOsRWeaIojZVHsvb1GJKUyGxsQA>
Subject: Re: [TLS] Deprecating Obsolete Key Exchange Methods in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2022 17:19:17 -0000
Following the discussions around draft-bartle-tls-deprecate-ffdh and draft-aviram-tls-deprecate-obsolete-kex, and after consulting the chairs, we have merged the two drafts into draft-aviram-tls-deprecate-obsolete-kex. The merged draft prescribes the following: RSA key exchange is a MUST NOT. NIST PQC API is Key Encapsulation – conceptually similar to RSA key exchange. Non-ephemeral finite-field DH is a MUST NOT. Overkill, and unnecessary. Should be SHOULD NOT. Non-ephemeral ECDH is a SHOULD NOT. OK. Ephemeral finite-field DH (DHE) is a MAY, only when fully ephemeral, and only using a well-known group of size at least 2048 bits. Overkill, though requiring sufficiently large group size is fine. We added greater justification for point 3 above to address concerns previously raised on the list. We'd love to hear your thoughts. best wishes, Carrick and Nimrod
- [TLS] Deprecating Obsolete Key Exchange Methods i… Nimrod Aviram
- Re: [TLS] Deprecating Obsolete Key Exchange Metho… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Deprecating Obsolete Key Exchange Metho… David Benjamin
- Re: [TLS] Deprecating Obsolete Key Exchange Metho… Salz, Rich
- Re: [TLS] Deprecating Obsolete Key Exchange Metho… Carrick Bartle