Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-00.txt

Hanno Böck <hanno@hboeck.de> Tue, 10 September 2013 09:47 UTC

Return-Path: <hanno@hboeck.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80B2421F9CBD for <tls@ietfa.amsl.com>; Tue, 10 Sep 2013 02:47:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U+72rzD6ccjZ for <tls@ietfa.amsl.com>; Tue, 10 Sep 2013 02:47:39 -0700 (PDT)
Received: from zucker.schokokeks.org (zucker.schokokeks.org [178.63.68.96]) by ietfa.amsl.com (Postfix) with ESMTP id 4930721E80DC for <tls@ietf.org>; Tue, 10 Sep 2013 02:47:38 -0700 (PDT)
Received: from localhost (91-66-72-249-dynip.superkabel.de [::ffff:91.66.72.249]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3, 128bits, AES128-GCM-SHA256) by zucker.schokokeks.org with ESMTPSA; Tue, 10 Sep 2013 11:47:28 +0200 id 00000000000000DE.00000000522EEAB0.00004E81
Date: Tue, 10 Sep 2013 11:47:18 +0200
From: Hanno =?UTF-8?B?QsO2Y2s=?= <hanno@hboeck.de>
To: tls@ietf.org
Message-ID: <20130910114718.3f7ca50e@hboeck.de>
In-Reply-To: <522C3497.9020301@gmail.com>
References: <20130907224638.32356.96972.idtracker@ietfa.amsl.com> <522C3497.9020301@gmail.com>
X-Mailer: Claws Mail 3.9.2-dirty (GTK+ 2.24.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=PGP-SHA256; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-20097-1378806449-0001-2"
Subject: Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2013 09:47:44 -0000

On Sun, 08 Sep 2013 11:25:59 +0300
Yaron Sheffer <yaronf.ietf@gmail.com> wrote:

> This is an early version of my proposal for a BCP-like document, to 
> inform the industry on what can be done with existing
> implementations, while TLS 1.3 is still not ready.
> 
> I would appreciate your comments of course. Specifically,
> I would like to fill in the Implementation Status table (Sec. 5) and 
> would be glad to receive solid information (dates, planned dates, 
> version numbers) from implementers.

I was asked on another list to cross-post my comments on it here:

I don't really see from the document why the authors discourage
ECDHE-suites and AES-256. Both should be okay and we end up with four
suites:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Also, DHE should only be considered secure with a large enough modulus
(>=2048 bit). Apache hard-fixes this to 1024 bit and it's not  
configurable. So there even can be made an argument that ECDHE is more
secure - it doesn't have a widely deployed webserver using it in an
insecure way.


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42