Re: [TLS] Contemplated major revision to draft-ietf-negotiated-ff-dhe
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Sat, 20 September 2014 09:20 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75DC41A03A9 for <tls@ietfa.amsl.com>; Sat, 20 Sep 2014 02:20:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x5YbLuhczLcH for <tls@ietfa.amsl.com>; Sat, 20 Sep 2014 02:20:07 -0700 (PDT)
Received: from emh03.mail.saunalahti.fi (emh03.mail.saunalahti.fi [62.142.5.109]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 351171A0040 for <tls@ietf.org>; Sat, 20 Sep 2014 02:20:06 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh03.mail.saunalahti.fi (Postfix) with ESMTP id 9C0AF188884; Sat, 20 Sep 2014 12:20:03 +0300 (EEST)
Date: Sat, 20 Sep 2014 12:20:03 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Martin Thomson <martin.thomson@gmail.com>
Message-ID: <20140920092003.GA9982@LK-Perkele-VII>
References: <87bnqbxu9s.fsf@alice.fifthhorseman.net> <CABkgnnU00599-v67aDM5rMgvz=Nt5rha3pw8Z0t5-WWZCAp9_Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CABkgnnU00599-v67aDM5rMgvz=Nt5rha3pw8Z0t5-WWZCAp9_Q@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/eQigUBEBnwpwJzCQChY3oVV3Scc
Cc: IETF TLS Working Group <tls@ietf.org>
Subject: Re: [TLS] Contemplated major revision to draft-ietf-negotiated-ff-dhe
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Sep 2014 09:20:11 -0000
On Fri, Sep 19, 2014 at 03:05:36PM -0700, Martin Thomson wrote: > On 19 September 2014 12:52, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > > == Advantages == > > Great. This is much nicer as a rule. Yeah, I think this proposal sounds good. Process question: Does this need to update 4492 (it repurposes extensions defined there)? > I think that the issues Ilari points are entirely orthogonal to this > proposal, those are largely existing problems with the existing stuff. > I do have one suggestion below that might help alleviate concerns like > those though. I actually figured out solutions to those issues, without impacting this specification (and I consider those less radical than this spec). > > This proposal suggests carving out a small space of that registry for > > finite field groups. > > I would rather you add a parameter to the registry so that entities > that understand the code point can identify if the group is FF or EC. > It would be informative only, scoping the registration appropriately. Yeah, I think it should be done that way. > I'm not sure that that helps on the ServerHello end of things though. Talking about TLS 1.0-1.2 or 1.3? If 1.0-1.2, I don't see how ServerHello is involved (you don't have to signal the DH group used in elliptic_curves). If 1.3, where the group used is signaled anyway? I can't find it it in either SH or SKE. Regarding server key misinterpretation problems (only affects TLS 1.0-1.2), the notation differences between 1.2 and 4492 make seeing what is actually signed hard. So I can't say about possiblity of misinterpretting SKE. Also, regarding TLS libs not accepting <9 bit DHE, I have seen certain infamous TLS library accept some ridiculously short DHE prime (I think it was 16 bits or something like that)... But such problems should be fixed. -Ilari
- Re: [TLS] Contemplated major revision to draft-ie… Ilari Liusvaara
- [TLS] Contemplated major revision to draft-ietf-n… Daniel Kahn Gillmor
- Re: [TLS] Contemplated major revision to draft-ie… Martin Thomson
- Re: [TLS] Contemplated major revision to draft-ie… Ilari Liusvaara