Re: [TLS] I-D Action: draft-ietf-tls-curve25519-00.txt

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Fri, 12 June 2015 19:56 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E6171AD362 for <tls@ietfa.amsl.com>; Fri, 12 Jun 2015 12:56:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BjvYvRcKC_xY for <tls@ietfa.amsl.com>; Fri, 12 Jun 2015 12:56:57 -0700 (PDT)
Received: from emh01.mail.saunalahti.fi (emh01.mail.saunalahti.fi [62.142.5.107]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CE841AD066 for <tls@ietf.org>; Fri, 12 Jun 2015 12:56:57 -0700 (PDT)
Received: from LK-Perkele-VII (a91-155-194-207.elisa-laajakaista.fi [91.155.194.207]) by emh01.mail.saunalahti.fi (Postfix) with ESMTP id AC34490054 for <tls@ietf.org>; Fri, 12 Jun 2015 22:56:54 +0300 (EEST)
Date: Fri, 12 Jun 2015 22:56:54 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: tls@ietf.org
Message-ID: <20150612195654.GA9401@LK-Perkele-VII>
References: <20150612180230.4804.45802.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20150612180230.4804.45802.idtracker@ietfa.amsl.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/fvn_bmw6S4-maUFQiW2fPzGJcOg>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-curve25519-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jun 2015 19:56:59 -0000

On Fri, Jun 12, 2015 at 11:02:30AM -0700, internet-drafts@ietf.org wrote:
> 	Filename        : draft-ietf-tls-curve25519-00.txt

"Servers MUST NOT select an ECDHE_ECDSA ciphersuite if there are no
common curves suitable for ECDSA."

You mean MUST NOT select ECDSA certificate? Because TLS 1.2 rules
seemingly allow selecting ECDHE_RSA ciphersuite with ECDSA
certificate.

"This section defines a new point format suitable to encode Curve25519
public keys, as well as an identifier to negotiate this new format in
TLS, and includes guidance on their use."

Is this format going to be the chosen one for TLS 1.3? Because TLS 1.3
can't negotiate point formats for ECDHE.

Also, I don't see the value of trying to negotiate the point format,
and I think that the negotiation will act as an implementation error
source.


-Ilari