Re: [TLS] ECDH_anon
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 27 January 2016 15:17 UTC
Return-Path: <prvs=0834c21ae2=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48C611B2FB6 for <tls@ietfa.amsl.com>; Wed, 27 Jan 2016 07:17:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4LXkZE26j5q7 for <tls@ietfa.amsl.com>; Wed, 27 Jan 2016 07:17:57 -0800 (PST)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id 6001A1B2FB3 for <tls@ietf.org>; Wed, 27 Jan 2016 07:17:57 -0800 (PST)
Received: from LLE2K10-HUB01.mitll.ad.local (LLE2K10-HUB01.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id u0RFHmCK013159; Wed, 27 Jan 2016 10:17:48 -0500
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>, Martin Thomson <martin.thomson@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] ECDH_anon
Thread-Index: AdFZFeVfmsLQSQMYSkuJskrHUeu4xQ==
Date: Wed, 27 Jan 2016 15:17:55 +0000
Message-ID: <20160127151803.17788998.50067.47728@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="===============1096376150=="
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-01-27_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=inbound_notspam policy=inbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1507310008 definitions=main-1601270250
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/dHGFxl3kkRr-Kpfd3mo1b8Ye4yM>
Subject: Re: [TLS] ECDH_anon
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jan 2016 15:17:59 -0000
IMHO it's not a good idea to re-purpose existing cipher-suites and alter their observed behavior. Likewise for the name overloading. Anon != Ephemeral, despite some similarities. My apologies if I'm missing the point or the frame of a larger issue. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: Nikos Mavrogiannopoulos Sent: Wednesday, January 27, 2016 03:13 To: Martin Thomson; tls@ietf.org Subject: Re: [TLS] ECDH_anon On Wed, 2016-01-27 at 14:51 +1100, Martin Thomson wrote: > 4472bis has a TBD regarding a missing "E" in the name of ECDHE_anon > cipher suites. > > I raised an issue: https://github.com/tlswg/rfc4492bis/issues/17 My understanding of DH_anon and ECDH_anon is that they were made to be used with static keys so even though anonymous one could verify that he connected to the same server by checking the server's keys. I don't believe anyone actually implemented that mode (I'm mostly speculating) and most of the anon usage is with ephemeral keys, thus this proposal makes sense. However if the name is changed to underline the ephemeral part, it would be nice to document the change of the intended purpose of these ciphersuites. regards, Nikos _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] ECDH_anon Martin Thomson
- Re: [TLS] ECDH_anon Yoav Nir
- Re: [TLS] ECDH_anon Nikos Mavrogiannopoulos
- Re: [TLS] ECDH_anon Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] ECDH_anon Martin Thomson
- Re: [TLS] ECDH_anon Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] ECDH_anon Dan Harkins
- Re: [TLS] ECDH_anon Martin Thomson
- Re: [TLS] ECDH_anon Bodo Moeller
- Re: [TLS] ECDH_anon Dan Harkins