IETF Logo Mail Archive

Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group

Nikos Mavrogiannopoulos <nmav@redhat.com> Tue, 04 November 2014 19:14 UTC

Return-Path: <nmavrogi@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FA1E1A6EE4 for <tls@ietfa.amsl.com>; Tue, 4 Nov 2014 11:14:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.496
X-Spam-Level:
X-Spam-Status: No, score=-7.496 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.594, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o23ionmdYmbR for <tls@ietfa.amsl.com>; Tue, 4 Nov 2014 11:14:53 -0800 (PST)
Received: from mx4-phx2.redhat.com (mx4-phx2.redhat.com [209.132.183.25]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 504961A6FD4 for <tls@ietf.org>; Tue, 4 Nov 2014 11:14:53 -0800 (PST)
Received: from zmail22.collab.prod.int.phx2.redhat.com (zmail22.collab.prod.int.phx2.redhat.com [10.5.83.26]) by mx4-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id sA4JElt8032669; Tue, 4 Nov 2014 14:14:47 -0500
Date: Tue, 04 Nov 2014 14:14:47 -0500
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Sean Turner <turners@ieca.com>
Message-ID: <1181732170.4489590.1415128487858.JavaMail.zimbra@redhat.com>
In-Reply-To: <8E6B8F53-9E8C-46B2-A721-85E918576F3A@ieca.com>
References: <8E6B8F53-9E8C-46B2-A721-85E918576F3A@ieca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.5.82.12]
X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF31 (Linux)/8.0.6_GA_5922)
Thread-Topic: STRAW POLL: Size of the Minimum FF DHE group
Thread-Index: wd5fT+EIUaIWnfIHzWVHaI1RcJP0WQ==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/iC1_w9MhdV8ZjiP2Savn2KVAXOE
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 19:14:54 -0000

----- Original Message -----
[...]
> Background: Regardless of whether you agree with what follows or not, the
> following has been put forward as the rationale. We don’t need comments on
> the rationale, we’re just providing it for background.
> 
> 1) 3DES has a 112-bit work factor and is still considered acceptable in TLS
> 1.2 and the DLOG keying material shouldn’t be any weaker than the symmetric
> cipher.
> 
> 2) There is some disagreement about the work factor for the DLOG keys - e.g.,
> NIST says 112-bit work factor correlates to 2048-bit DLOG keys but ECRYPT-II
> says 112-bit work factor correlates to 2432-bit DLOG keys (see references in
> draft).
> 
> 3) The other point made about 2048-bit DLOG is that it’s a power of 2 and
> there’s parity with the public key sizes.

I vote for 2432. Since we have two conflicting advices (NIST and ECRYPT), IMO
the best is to go with the most conservative one (especially given that this
draft is going to be fully deployed years from now).

regards,
Nikos

v2.23.0 | Report a Bug | By Email