Re: [TLS] draft-dkg-tls-reject-static-dh

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 05 December 2018 19:34 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D918130DF1 for <tls@ietfa.amsl.com>; Wed, 5 Dec 2018 11:34:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 88NB2eueb5zr for <tls@ietfa.amsl.com>; Wed, 5 Dec 2018 11:34:47 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E27B12D4EB for <tls@ietf.org>; Wed, 5 Dec 2018 11:34:47 -0800 (PST)
Received: from [10.200.0.109] (unknown [8.2.105.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id 80821A4FCB for <tls@ietf.org>; Wed, 5 Dec 2018 14:34:45 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.101.1\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
X-Priority: Medium
In-Reply-To: <1677fd00312.126588f7d311133.5876875696654149093@nerd.ninja>
Date: Wed, 05 Dec 2018 14:34:44 -0500
Reply-To: IETF TLS WG <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9D8FEAB5-B06F-42B8-9C3C-B3E8CC4BAEF9@dukhovni.org>
References: <9a9be8fb-9667-0c6a-9fac-cc167f94599f@cs.tcd.ie> <1677fd00312.126588f7d311133.5876875696654149093@nerd.ninja>
To: IETF TLS WG <tls@ietf.org>
X-Mailer: Apple Mail (2.3445.101.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gfydmQWbvSR3u1pSWsodyNeD4WM>
Subject: Re: [TLS] draft-dkg-tls-reject-static-dh
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2018 19:34:49 -0000

> On Dec 5, 2018, at 2:19 PM, R duToit <r@nerd.ninja> wrote:
> 
> Quote:  "As we will discuss later, we empirically find that at least 7.2% of HTTPS domains in the Alexa Top Million reuse DHE values and 15.5% reuse ECDHE values."

That survey is now dated.  Library defaults matter, and it used to be
the case in OpenSSL that it was all to easy to re-use (EC)DHE keys.

This is no longer the case, and if that survey were repeated today,
servers not running unpatched EOL code would not re-use (EC)DHE keys.
I rather expect the amount of re-use is much lower now, and will be
essentially zero in the next couple of years (as most of the remaining
outdated software is replaced).

Some Internet metrics can change in just a few years.

-- 
	Viktor.