Re: [TLS] WGLC: draft-ietf-tls-negotiated-ff-dhe-05

Andrei Popov <Andrei.Popov@microsoft.com> Fri, 23 January 2015 19:55 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 134611A01F0 for <tls@ietfa.amsl.com>; Fri, 23 Jan 2015 11:55:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LtS8yGZWKvGR for <tls@ietfa.amsl.com>; Fri, 23 Jan 2015 11:55:16 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0718.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:718]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6241C1A0195 for <tls@ietf.org>; Fri, 23 Jan 2015 11:55:16 -0800 (PST)
Received: from BN3PR0301MB1252.namprd03.prod.outlook.com (25.161.207.28) by BN3PR0301MB0833.namprd03.prod.outlook.com (25.160.154.143) with Microsoft SMTP Server (TLS) id 15.1.65.19; Fri, 23 Jan 2015 19:54:53 +0000
Received: from BN3PR0301MB1250.namprd03.prod.outlook.com (25.161.207.26) by BN3PR0301MB1252.namprd03.prod.outlook.com (25.161.207.28) with Microsoft SMTP Server (TLS) id 15.1.59.20; Fri, 23 Jan 2015 19:54:52 +0000
Received: from BN3PR0301MB1250.namprd03.prod.outlook.com ([25.161.207.26]) by BN3PR0301MB1250.namprd03.prod.outlook.com ([25.161.207.26]) with mapi id 15.01.0059.007; Fri, 23 Jan 2015 19:54:52 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Sean Turner <turners@ieca.com>, "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Thread-Topic: [TLS] WGLC: draft-ietf-tls-negotiated-ff-dhe-05
Thread-Index: AQHQN0MnOO68smN3ukGG1Zv1jxiD35zOG+TQ
Date: Fri, 23 Jan 2015 19:54:52 +0000
Message-ID: <BN3PR0301MB12502E9A90C5C5981B28A3BD8C360@BN3PR0301MB1250.namprd03.prod.outlook.com>
References: <3F4C76ED-4375-438F-ADC9-66E49A19574B@ieca.com>
In-Reply-To: <3F4C76ED-4375-438F-ADC9-66E49A19574B@ieca.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ed31::2]
authentication-results: ieca.com; dkim=none (message not signed) header.d=none;ieca.com; dmarc=none action=none header.from=microsoft.com;
x-dmarcaction-test: None
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(3005004); SRVR:BN3PR0301MB1252; UriScan:;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1252;
x-forefront-prvs: 0465429B7F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(13464003)(377454003)(164054003)(92566002)(33656002)(86362001)(62966003)(54606007)(54356999)(76176999)(50986999)(40100003)(122556002)(2900100001)(54206007)(76576001)(15975445007)(2950100001)(77156002)(86612001)(74316001)(46102003)(2656002)(87936001)(99286002)(230783001)(102836002)(107886001)(106116001)(19580395003)(19580405001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1252; H:BN3PR0301MB1250.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2015 19:54:52.5209 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0301MB1252
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB0833;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/denpS7xMqtaz2OkgnmVYNz5H8WY>
Subject: Re: [TLS] WGLC: draft-ietf-tls-negotiated-ff-dhe-05
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jan 2015 19:55:20 -0000

Good draft, we need strong DH groups, and a way to negotiate them is a useful, too.

One change I would suggest is to avoid special-form primes.

Thanks,

Andrei

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Sean Turner
Sent: Friday, January 23, 2015 11:31 AM
To: TLS@ietf.org (tls@ietf.org)
Subject: [TLS] WGLC: draft-ietf-tls-negotiated-ff-dhe-05

This is the WGLC (working group last call) for draft-ietf-tls-negotiated-ff-dhe-05:
http://datatracker.ietf.org/doc/draft-ietf-tls-negotiated-ff-dhe-05/
Please send comments on this draft to the TLS list before February 16, 2015.

The chairs and our AD are curious about whether switching to use of "e" as opposed to "pi", as RFC 3526 did, is an issue.  The draft provides rationale for the change, but Stephen asked about this particular point @ our Hawaii session.

spt
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls