Re: [TLS] draft-deprecate-obsolete-kex - Comments from WG Meeting
Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 29 July 2022 17:48 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18AAAC14CF1D for <tls@ietfa.amsl.com>; Fri, 29 Jul 2022 10:48:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wjLXQLJd3xFr for <tls@ietfa.amsl.com>; Fri, 29 Jul 2022 10:48:21 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4b.welho.com [83.102.41.30]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B88DFC14F740 for <tls@ietf.org>; Fri, 29 Jul 2022 10:48:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 341FF6B79D for <tls@ietf.org>; Fri, 29 Jul 2022 20:48:17 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id U3vvE9WvAzAa for <tls@ietf.org>; Fri, 29 Jul 2022 20:48:17 +0300 (EEST)
Received: from LK-Perkele-VII2 (87-92-216-160.rev.dnainternet.fi [87.92.216.160]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 0BC662315 for <tls@ietf.org>; Fri, 29 Jul 2022 20:48:16 +0300 (EEST)
Date: Fri, 29 Jul 2022 20:48:15 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Message-ID: <YuQdX10fR27Z2iKd@LK-Perkele-VII2.locald>
References: <CABiKAoSvJqewOs=pqS+ggyWBCasoQYU9GoGMMOq6V4HZqmUH+Q@mail.gmail.com> <SY4PR01MB6251B80C4F35F6921854DC72EE999@SY4PR01MB6251.ausprd01.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <SY4PR01MB6251B80C4F35F6921854DC72EE999@SY4PR01MB6251.ausprd01.prod.outlook.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/e880ke8IsQ0zDC2cfUEtXvfTaMs>
Subject: Re: [TLS] draft-deprecate-obsolete-kex - Comments from WG Meeting
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2022 17:48:26 -0000
On Fri, Jul 29, 2022 at 01:59:58PM +0000, Peter Gutmann wrote: > An additional comment on this, a pretty straightforward solution is > to use the TLS-LTS one: Unfortunately, that does not work because it would require protocol modifications requiring coordinated updates to both clients and servers. Renego fix was over 12 years ago, and I still sometimes hit servers that have not fixed that. I think the best current practices are: Client side: - Do not implement DH and ECDH. - Disable DHE entierely. Server side: - Do not implement RSA kex. - Prefer ECDHE to DHE. No idea what is the best practice DHE size to use on server side if supported. Note that anything that does not support TLS 1.2 (since it can not connect) or supports ECDHE (since ECDHE is preferred) is irrelevant here. For 1024-bit, one wants custom group, for 2048-bit one wants ffdhe2048. -Ilari
- [TLS] draft-deprecate-obsolete-kex - Comments fro… Nimrod Aviram
- Re: [TLS] draft-deprecate-obsolete-kex - Comments… Peter Gutmann
- Re: [TLS] draft-deprecate-obsolete-kex - Comments… Ilari Liusvaara
- Re: [TLS] draft-deprecate-obsolete-kex - Comments… Peter Gutmann
- Re: [TLS] draft-deprecate-obsolete-kex - Comments… David Benjamin
- Re: [TLS] draft-deprecate-obsolete-kex - Comments… Peter Gutmann