Re: [TLS] Do we need DH?

Brian Smith <brian@briansmith.org> Tue, 30 December 2014 08:34 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EFA91A8A0B for <tls@ietfa.amsl.com>; Tue, 30 Dec 2014 00:34:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.079
X-Spam-Level:
X-Spam-Status: No, score=-0.079 tagged_above=-999 required=5 tests=[FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNorXDEC8jYP for <tls@ietfa.amsl.com>; Tue, 30 Dec 2014 00:34:48 -0800 (PST)
Received: from mail-oi0-f48.google.com (mail-oi0-f48.google.com [209.85.218.48]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 244DC1A8768 for <tls@ietf.org>; Tue, 30 Dec 2014 00:34:48 -0800 (PST)
Received: by mail-oi0-f48.google.com with SMTP id u20so31736588oif.7 for <tls@ietf.org>; Tue, 30 Dec 2014 00:34:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=oWsskznYxHjQc8FC1lEYYhwrQbe5HWtk2oj+pBpoVGM=; b=l6teqAI697CBt6fgUyYpcOc0FK/jCtgSBnmT+2spKIBiKHO3nSKIwDxUHxETT2OAVo A959mavdhyb1hImsCa3vJdGIADl0s3YiAkz6XDYCy3s70wjBRo7zh98xOe/qWfqh+wRq LCYdI2apFUgrpdp37KREuA2ED1QDsS1+l2Vd8GV9NKwI/Ge8gpw3Cn6teE8Zglc5xGEO YMTFsDJMYoNIXFzVLx6g9Pevb0pXsFd6/d+bzv83fVJLV383K6TV5FoDY2Ii5wMi47O0 8RONKWdqWjt+6hwYmqeOzuVOIcZ0i2nxGQG/AO7HF0XN8dlKgXL+0TouW5HxMmi82Hsd Wvxg==
X-Gm-Message-State: ALoCoQlUPRbNqAu+uYpz0Ts2WS9BeBgYCLVpBUGZD6ErFMC9bPWip/ApHteYKm5thbEgklSzvbwU
MIME-Version: 1.0
X-Received: by 10.182.125.72 with SMTP id mo8mr35554418obb.61.1419928487592; Tue, 30 Dec 2014 00:34:47 -0800 (PST)
Received: by 10.76.71.228 with HTTP; Tue, 30 Dec 2014 00:34:47 -0800 (PST)
In-Reply-To: <54A252EA.1010905@iki.fi>
References: <CACsn0cmD=YA4i889f--e_b-OahUVoYdKyQUaiUN--QKOmqn8uA@mail.gmail.com> <54A252EA.1010905@iki.fi>
Date: Tue, 30 Dec 2014 00:34:47 -0800
Message-ID: <CAFewVt7RrjWr8qfDOm3ogwGZHe0waZpsdEcNt-gpwoN4y0ce8Q@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Tapio Sokura <tapio.sokura@iki.fi>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/c_0_FQ5GWX2XkiyXjhLXSnaoYCI
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Do we need DH?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Dec 2014 08:34:52 -0000

Tapio Sokura <tapio.sokura@iki.fi> wrote:
> I'm a bit vary of putting all eggs in the same basket (here ECDH).

The main problems with FF-DHE as a fallback mechanism for if/when
ECC-DH is borken are (1) It seems unlikely that the ECC-DH problem
will be solved without solving the FF-DH problem too, (2) Even if that
were to happen, FF-DH with acceptable security parameters would result
in unacceptable performance. Consequently, I don't think it makes
sense to consider FF-DH a reasonable fallback for ECC-DH.

Cheers,
Brian