Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
John Mattsson <john.mattsson@ericsson.com> Mon, 12 October 2015 09:47 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05CCE1AC3C3 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 02:47:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.9
X-Spam-Level:
X-Spam-Status: No, score=-3.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ILsuzAxIUEpV for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 02:47:45 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 818A01AC39E for <TLS@ietf.org>; Mon, 12 Oct 2015 02:47:44 -0700 (PDT)
X-AuditID: c1b4fb25-f79a26d00000149a-93-561b81be2f69
Received: from ESESSHC014.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id A8.9E.05274.EB18B165; Mon, 12 Oct 2015 11:47:42 +0200 (CEST)
Received: from ESESSMB307.ericsson.se ([169.254.7.184]) by ESESSHC014.ericsson.se ([153.88.183.60]) with mapi id 14.03.0248.002; Mon, 12 Oct 2015 11:47:41 +0200
From: John Mattsson <john.mattsson@ericsson.com>
To: Michał Staruch <msta@cinkciarz.pl>
Thread-Topic: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
Thread-Index: AQHRBMydOHy9F9/ta0KlukZnanicFp5ndysAgAAlTQA=
Date: Mon, 12 Oct 2015 09:47:41 +0000
Message-ID: <D2414B81.3D964%john.mattsson@ericsson.com>
References: <D2414396.3D932%john.mattsson@ericsson.com> <CAN1diftLbtGPQh6Bb4aVdjK-oc=OvP5snD9Tq-Gv1we9EzzOeg@mail.gmail.com>
In-Reply-To: <CAN1diftLbtGPQh6Bb4aVdjK-oc=OvP5snD9Tq-Gv1we9EzzOeg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.4.150722
x-originating-ip: [153.88.183.147]
Content-Type: multipart/mixed; boundary="_005_D2414B813D964johnmattssonericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprPKsWRmVeSWpSXmKPExsUyM+Jvje6+Rukwg0+L9C1eHf7IbvHpfBej A5NH38o1LB5LlvxkCmCK4rJJSc3JLEst0rdL4Mrom3aDrWBHF1NF1/qpTA2M75uYuhg5OSQE TCRmz3vFAmGLSVy4t56ti5GLQ0jgKKNE49RHTBDOEkaJWUensoFUsQkYSMzd0wBkc3CICFhI TLmUBBJmFlCU2LPtJDuILSzgKnGr5x9YuYiAm8TUptnMELaVxOXnzWCLWQRUJZ50tIAt5hUw l/jV0QDWKyRQJ/Hm0kGwGk6BQInG2xD1jEDHfT+1hglil7jErSfzoR4QkXh48TQbhC0q8fLx P1aQ00QF9CT2LJcEMSUElCSmbU2D6AyTWPL3OxvEVkGJkzOfsExgFJuFZOgsJGWzkJRBxGMk lt59yzwLaCqzgKbE+l36s6B+n9L9kB3C1pBonTMXyraWaH9xjQVTjbfEhD1f2SBsB4mvv7cD 1XAB2acYJR7OP8QGMd9IYsM2Tmx6r+zZxw5R4iAxZ5YuRBio9fE8bwjbSGLJvZ+MyFoXMAqv YhQtTi1Oyk03MtZLLcpMLi7Oz9PLSy3ZxAhMUQe3/FbdwXj5jeMhRgEORiUe3ge3pcKEWBPL iitzDzFKc7AoifM2Mz0IFRJITyxJzU5NLUgtii8qzUktPsTIxMEp1cConPSyc53WZv6fSbEP uCY17LEoVzzxdNYFL5ufu68WvhV2UXitfSSy0irnAEP3jsuN82Z7XJjCscV1p8bOZue6VseJ Qfy39969X5v1Lz8o5eEhrkrb+n+zZm6+on1RamWb8lrjmyd4z06Nu8hutPSBH9/PyPA/jlrX w5mWz5PYtOd5dOrE7sRoJZbijERDLeai4kQAvt3xlzIDAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/asTPdlFrvLkC35_DzG9JjTTySFk>
Cc: "TLS@ietf.org" <TLS@ietf.org>
Subject: Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 09:47:48 -0000
From: Michał Staruch <msta@cinkciarz.pl<mailto:msta@cinkciarz.pl>> Date: Monday 12 October 2015 11:34 To: John Mattsson2 <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>> Cc: "TLS@ietf.org<mailto:TLS@ietf.org>" <TLS@ietf.org<mailto:TLS@ietf.org>> Subject: Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security >We already have "SHOULD support key exchange with X25519" in this section, Yes, but X25519 is also only providing 128-bit security (or 127.5). >so people implementing it should have no problems with adopting X448<https://tools.ietf.org/html/draft-irtf-cfrg-curves-10#section-6.2> to achieve ~224 bit security where it's needed (and >better performance than P-384). People will probably not have any problems adopting X448, P-384, or brainpoolP384r1. The problem is that different libraries may support different curves and start diverging. Stating SHOULD support for TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 without specifying a matching ECC curve is just half of what is needed for interoperability. The sentence "These cipher suites SHOULD support both digital signatures and key exchange with X448.” would be equally good. On Mon, Oct 12, 2015 at 11:01 AM, John Mattsson <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>> wrote: I think the selection of MTI Cipher Suites (Section 8.1 of draft-ietf-tls-tls13-09) is excellent, but I am missing a recommended ECC curve for the “SHOULD” cipher suites. Little benefit of using AES-256 with P-256 or curve25519. Shouldn’t there be a SHOULD implement ECC curve giving at least 192-bit security? E.g. "These cipher suites SHOULD support both digital signatures and key exchange with secp384r1 (NIST P-384)." Cheers, John JOHN MATTSSON MSc Engineering Physics, MSc Business Administration and Economics Ericsson IETF Security Coordinator Senior Researcher, Security Ericsson AB Ericsson Research Färögatan 6 SE-164 80 Stockholm, Sweden Phone +46 10 71 43 501 SMS/MMS +46 76 11 53 501 john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com> www.ericsson.com<http://www.ericsson.com/> [http://www.ericsson.com/]<http://www.ericsson.com/> This Communication is Confidential. We only send and receive email on the basis of the terms set out atwww.ericsson.com/email_disclaimer<http://www.ericsson.com/email_disclaimer> _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls -- Pozdrawiam | Best Regards Michał Staruch | Information Security Officer ul. Sienkiewicza 9, 65-001 Zielona Góra msta@cinkciarz.pl<mailto:msta@cinkciarz.pl> Find us on Bloomberg CKPL <GO> [Cinkciarz.pl Sp. z.o.o]<https://cinkciarz.pl> Cinkciarz.pl Sp. z o.o. Siedziba: ul. Sienkiewicza 9, 65-001 Zielona Góra Biuro PL: Al. Jerozolimskie 123A, 00-965 Warszawa Biuro UK: The Broadgate Tower, 20 Primrose Street, London EC2A 2EW Biuro USA: 401 North Michigan Avenue, Chicago, Illinois, 60611 Sekretariat: +48 726 666 655 | Infolinia: +48 68 410 99 50 biuro@cinkciarz.pl<mailto:biuro@cinkciarz.pl> | https://cinkciarz.pl KRS 0000364722 | Kapitał zakładowy 23.263.500 zł REGON 080465538 | NIP 9291830388 Audited by: Grant Thornton [Oficjalny sponsor Reprezentacji Polski w piłce nożnej] Treść tej wiadomości zawiera informacje poufne, przeznaczone tylko dla adresata. Udostępnianie, ujawnianie, powielanie, rozpowszechnianie bądź powoływanie się na jakikolwiek jej fragment przez inne osoby jest zabronione. W razie przypadkowego otrzymania tej wiadomości prosimy o powiadomienie o tym nadawcy oraz trwałe jej usunięcie. Informacje zawarte w tej wiadomości mogą być objęte tajemnicą zawodową lub chronione innymi przepisami prawnymi. Nadawca nie bierze odpowiedzialności za jakiekolwiek szkody spowodowane wirusem komputerowym przetransmitowanym w tej wiadomości. Poglądy i opinie przedstawione w tej wiadomości są wyłącznie poglądami i opiniami jej autora i niekoniecznie reprezentują poglądy i opinie firmy. This is a confidential e-mail intended solely for the use of the entity or the individual to whom it is addressed. Unauthorized publication, use, dissemination or disclosure of this message, either in whole or in part is strictly prohibited. If you have received this message in error please send it back to the sender and delete it. It may also be privileged or otherwise protected by work product immunity or other legal rules. The company accepts no liability for any damage caused by any virus transmitted by this e-mail. Any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company.
- [TLS] TLS 1.3 Recommended ECC curve for 192-bit s… John Mattsson
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Michał Staruch
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… John Mattsson
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Sean Turner
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Yoav Nir
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… John Mattsson
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Quynh Dang
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… John Mattsson