Re: [TLS] WG: New Version Notification for draft-bruckert-brainpool-for-tls13-00.txt

"Bruckert, Leonie" <Leonie.Bruckert@secunet.com> Mon, 03 September 2018 11:58 UTC

Return-Path: <Leonie.Bruckert@secunet.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD251130E43 for <tls@ietfa.amsl.com>; Mon, 3 Sep 2018 04:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QeoJ6DlAnhd6 for <tls@ietfa.amsl.com>; Mon, 3 Sep 2018 04:58:26 -0700 (PDT)
Received: from a.mx.secunet.com (a.mx.secunet.com [62.96.220.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E374C130E3C for <tls@ietf.org>; Mon, 3 Sep 2018 04:58:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 45D59201D4 for <tls@ietf.org>; Mon, 3 Sep 2018 15:58:05 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FI3FQgUY06Qp for <tls@ietf.org>; Mon, 3 Sep 2018 15:58:00 +0200 (CEST)
Received: from mail-essen-02.secunet.de (mail-essen-02.secunet.de [10.53.40.205]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a.mx.secunet.com (Postfix) with ESMTPS id 7663320185 for <tls@ietf.org>; Mon, 3 Sep 2018 15:58:00 +0200 (CEST)
Received: from MAIL-ESSEN-01.secunet.de ([fe80::1c79:38b7:821e:46b4]) by mail-essen-02.secunet.de ([fe80::4431:e661:14d0:41ce%16]) with mapi id 14.03.0415.000; Mon, 3 Sep 2018 13:58:17 +0200
From: "Bruckert, Leonie" <Leonie.Bruckert@secunet.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] WG: New Version Notification for draft-bruckert-brainpool-for-tls13-00.txt
Thread-Index: AQHUQPWlf4ORiwH5jEuKN+gT8h8traTZ4EGQgARr/4CAACfWUA==
Date: Mon, 03 Sep 2018 11:58:17 +0000
Message-ID: <DE8E4C1F24911E469CC24DD4819274AA2C1D48C7@mail-essen-01.secunet.de>
References: <153569768626.3253.16680905114240291331.idtracker@ietfa.amsl.com> <DE8E4C1F24911E469CC24DD4819274AA2C1D4534@mail-essen-01.secunet.de> <3913526.cHZGfsP5Hs@pintsize.usersys.redhat.com>
In-Reply-To: <3913526.cHZGfsP5Hs@pintsize.usersys.redhat.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-g-data-mailsecurity-for-exchange-state: 0
x-g-data-mailsecurity-for-exchange-error: 0
x-g-data-mailsecurity-for-exchange-sender: 23
x-g-data-mailsecurity-for-exchange-server: cbe3d3f7-b9e3-4256-b890-f24c4306a01c
x-exclaimer-md-config: 2c86f778-e09b-4440-8b15-867914633a10
x-g-data-mailsecurity-for-exchange-guid: 47CD3F49-1167-45AB-AAFD-2146F4799C4A
Content-Type: multipart/alternative; boundary="_000_DE8E4C1F24911E469CC24DD4819274AA2C1D48C7mailessen01secu_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fdVXitaw8Eqh8MCxNvN7ExBoxhI>
Subject: Re: [TLS] WG: New Version Notification for draft-bruckert-brainpool-for-tls13-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Sep 2018 11:58:29 -0000

See my response inline.

-----Ursprüngliche Nachricht-----
Von: Hubert Kario [mailto:hkario@redhat.com]
Gesendet: Montag, 3. September 2018 13:19
An: tls@ietf.org
Cc: Bruckert, Leonie
Betreff: Re: [TLS] WG: New Version Notification for draft-bruckert-brainpool-for-tls13-00.txt

*** gpg4o | Die E-Mail wurde von einem unbekannten Schlüssel unterzeichnet: 92A8D1B801D2F5F5 ***

On Sunday, 2 September 2018 15:30:45 CEST Bruckert, Leonie wrote:
> Htmlized:
> https://tools.ietf.org/html/draft-bruckert-brainpool-for-tls13-00
>
> Abstract:
>
>    This document specifies the use of several ECC Brainpool curves for
>
>    authentication and key exchange in the Transport Layer Security (TLS)
>
>    protocol version 1.3.

So I understand why you need SignatureScheme registrations, but I'm completely
missing the need for NamedGroup registrations – are the 26, 27 and 28 tainted
somehow?

Yes! In section B.3.1.4 (https://tools.ietf.org/html/rfc8446#appendix-B.3.1.4) these numbers are deprecated.

For a previous discussion on the tls mailing list see https://www.ietf.org/mail-archive/web/tls/current/msg26646.html

I also don't see the need to redefine curves from RFC 5639.

I referred to RFC 5639 since it defines the Brainpool curve parameters first, without any relation to protocols.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic