Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

Yaron Sheffer <> Wed, 18 September 2013 20:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 40A0411E8111 for <>; Wed, 18 Sep 2013 13:32:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.299
X-Spam-Status: No, score=-102.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id l3dKmYUu5ZpZ for <>; Wed, 18 Sep 2013 13:32:58 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c05::22d]) by (Postfix) with ESMTP id 2C20C11E810B for <>; Wed, 18 Sep 2013 13:32:58 -0700 (PDT)
Received: by with SMTP id hq15so7012864wib.0 for <>; Wed, 18 Sep 2013 13:32:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=594J/HA1kZRQi3ral7RTT6/gqcburKvLvUG5pKlk56o=; b=yTxkgom1cfI3erJlaiSARQIHtpeyca4OT+4k4Swf/lKEzcn3IbOQ9sxLmPMjfatLzu +a6GQo2En0sI/skeWfTSd5+uWF/HDo///QrrORR3WxAD7ZMRRy7z7bLa8RisA+et0nQo Y9y64UnknwGjky7mNrJ/CPyDAgaPFP3m2yzObISqkoo9v4QOT/gmQSwUHu37v84pbfRQ ffZOuWJCPuxYENqRgepPeo1plgWE1JvNbGQ6bV1/i+CmYLctBN8bKUX2vm06COecL2mB qT8N1mBuZ3fNP/YAJRUk4zDcMRLbzXVs20zx58sXzZJ83GT4HAc5nEg0jNtimj71tCLH PsnQ==
X-Received: by with SMTP id by2mr3067851wjc.59.1379536377217; Wed, 18 Sep 2013 13:32:57 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id jf2sm4915799wic.2.1969. (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 18 Sep 2013 13:32:56 -0700 (PDT)
Message-ID: <>
Date: Wed, 18 Sep 2013 23:32:50 +0300
From: Yaron Sheffer <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= <>
References: <>, <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Cc: "" <>
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 18 Sep 2013 20:32:59 -0000

Hi Michael,

Please see below.


On 09/18/2013 09:46 PM, Michael Ströder wrote:
> Yaron Sheffer wrote:
>> please see my mail message that started this thread, way back on Sunday :-)
> Reading this posting your main objections against MODP DH are interop issues
> of today's implementation. Right? This leads me to a more general question...
> First, I really appreciate that you write down this BCP document.
> But I wonder what the exact scope should be.
> In the abstract you say "existing standards and implementations", I guess to
> exclude approaches yet to be defined in a new standard. Agreed.
> But does that also exclude pushing implementors to slightly improve their
> software? The "deployers rather than for implementers" in the introduction
> sounds like it.

This is just my personal opinion (as long as this doc has not been 
adopted by the working group). But I think we are in violent agreement. 
I do not want to depend on any new standards, extensions etc., because 
this could take forever. I do want to be aware of existing 
implementations as a *baseline*, but definitely to help steer the 
industry in a direction that will improve the overall security of the 
Internet. So, I include a table listing existing implementations, so 
that we know what the current situation is. But I certainly am *not* 
pushing towards a least common denominator of today's implementations 
(which would be TLS 1.0, alas).
> If that's the scope you're stuck into recommending the least common
> denominator of today's implementations and implementors can take your RFC as
> excuse to stop improving their implementations.
> Also you're in the trap of choosing "widely-used" implementations for your
> "Implementation Status" section which is always questionable depending on
> personal deployments, especially since the main focus now seems to be web
> servers and browsers.

I don't understand this point. Browsers and Web servers are obviously 
important, probably the most important "customers" of this document. 
Moreover, other uses (such as Web services) are IMHO much easier to 
improve. Taking as an example the Amazon Web Services set of RESTful 
APIs, they would have a much easier time migrating the finite number of 
SDKs that access them towards more secure TLS, compared with a general 
purpose Web server like Yahoo!.

> Frankly I have no idea how to get out of this though.
> Ciao, Michael.
>> On 09/18/2013 05:21 PM, Michael Ströder wrote:
>>> On Wed, 18 Sep 2013 13:07:58 +0300 Yaron Sheffer <> wrote
>>>> There are multiple issues
>>>> with MODP DH in TLS (performance is just one of them).
>>> Could you please elaborate on this.
>>> Ciao, Michael.
> _______________________________________________
> TLS mailing list