Re: [TLS] EllipticCurveList is not expressive enough
Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 23 July 2010 18:01 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C6153A681C for <tls@core3.amsl.com>; Fri, 23 Jul 2010 11:01:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.045
X-Spam-Level:
X-Spam-Status: No, score=-3.045 tagged_above=-999 required=5 tests=[AWL=0.554, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F0IvzE9Yife0 for <tls@core3.amsl.com>; Fri, 23 Jul 2010 11:01:01 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id 596F23A676A for <tls@ietf.org>; Fri, 23 Jul 2010 11:01:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1279908080; x=1311444080; h=from:to:subject:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20brian@briansmith.org,=20tls@ietf.org|Subject:=20Re :=20[TLS]=20EllipticCurveList=20is=20not=20expressive=20e nough|In-Reply-To:=20<004401cb2a8a$78007360$68015a20$@bri ansmith.org>|Message-Id:=20<E1OcMYY-0006LP-8U@wintermute0 2.cs.auckland.ac.nz>|Date:=20Sat,=2024=20Jul=202010=2006: 01:10=20+1200; bh=Qvq2yNJVK7uf4OLpP5hb9S1FxO1wozsU8tx7jnY2ttw=; b=iTk5FphrUt/kiG7jZTj5671FVYW9uJKFQp6wTdZfbVa5+InJDSnNOiHt mPLaTeCRKkZzgGLoM3/D+RkdaRZMOzr0hXeD4crsqac9klkvjQF/crpn4 os6WPADWbltqxqh5cFU/0qo+mnUj/PwCOBKDaBeh1DAw9W0gTq7PDgY0F Q=;
X-IronPort-AV: E=Sophos;i="4.55,249,1278244800"; d="scan'208";a="17122333"
X-Ironport-HAT: UNIVERSITY - $RELAY-THROTTLE
X-Ironport-Source: 130.216.207.92 - Outgoing - Outgoing
Received: from wintermute02.cs.auckland.ac.nz ([130.216.207.92]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 24 Jul 2010 06:01:11 +1200
Received: from pgut001 by wintermute02.cs.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@cs.auckland.ac.nz>) id 1OcMYY-0006LP-8U; Sat, 24 Jul 2010 06:01:10 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: brian@briansmith.org, tls@ietf.org
In-Reply-To: <004401cb2a8a$78007360$68015a20$@briansmith.org>
Message-Id: <E1OcMYY-0006LP-8U@wintermute02.cs.auckland.ac.nz>
Date: Sat, 24 Jul 2010 06:01:10 +1200
Subject: Re: [TLS] EllipticCurveList is not expressive enough
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jul 2010 18:01:03 -0000
"Brian Smith" <brian@briansmith.org> writes: >Consequently, I think it would be very useful to have a different extension >that allowed the client to spell out its exact requirements: For ciphersuites ><C>, I accept curves <K> for ECDH, curves <E> for the ECDSA signature, and >curves <I> for certificate signatures. Given that pretty much the only thing that's ever likely to use this is something doing Suite B, why not just make it a simple flag, { suite-B-medium, suite-B-strong, suite-B-RFU }? That makes it much easier than even further complicating an already pretty awkward negotiation process when ECC is involved (and by "complicating" I mean "providing implementors with lots of scope for creating a non-interoperable mess"). It also goes with the spirit of working with complete suites, being able to negotiate everything in bits and pieces in order to make a mess is more an IPsec thing. In fact you don't even need the choice-of-suite flag, all you need to do is tell the other side to follow Suite B semantics, so an empty extension is enough. The other side can then decide, based on whether you specify p256 or p384, what other things need to be switched on. Given that the spec more or less outlaws any non-Suite-B stuff, my guess is that you'd either be operating in Suite-B-only mode or generic mode, in which case you wouldn't even need that. >Also, does the Suite B profile really need to be that strict? As far as I can >tell, it should be acceptable (if wasteful) to use the secp384r1 curves at >the 128-bit security level, but the Suite B profile doesn't allow that. You wanna feed at the USG funding trough, you gotta jump through their hoops :-). Peter.
- [TLS] EllipticCurveList is not expressive enough Brian Smith
- Re: [TLS] EllipticCurveList is not expressive eno… Peter Gutmann
- Re: [TLS] EllipticCurveList is not expressive eno… Kyle Hamilton
- Re: [TLS] EllipticCurveList is not expressive eno… Dean Anderson
- Re: [TLS] EllipticCurveList is not expressive eno… Jeffrey A. Williams
- Re: [TLS] EllipticCurveList is not expressive eno… Kyle Hamilton