IETF Logo Mail Archive

[TLS] Singular or multiple NamedGroup(s) in the "HelloRetryRequest"

"Dang, Quynh" <quynh.dang@nist.gov> Fri, 16 January 2015 15:27 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 328121ACD74 for <tls@ietfa.amsl.com>; Fri, 16 Jan 2015 07:27:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7caGiLJrx2jB for <tls@ietfa.amsl.com>; Fri, 16 Jan 2015 07:27:24 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0733.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E862D1ACD73 for <tls@ietf.org>; Fri, 16 Jan 2015 07:27:23 -0800 (PST)
Received: from BN1PR09MB0258.namprd09.prod.outlook.com (25.160.80.19) by BN1PR09MB0257.namprd09.prod.outlook.com (25.160.80.18) with Microsoft SMTP Server (TLS) id 15.1.59.20; Fri, 16 Jan 2015 15:27:00 +0000
Received: from BN1PR09MB0258.namprd09.prod.outlook.com ([25.160.80.19]) by BN1PR09MB0258.namprd09.prod.outlook.com ([25.160.80.19]) with mapi id 15.01.0059.007; Fri, 16 Jan 2015 15:27:00 +0000
From: "Dang, Quynh" <quynh.dang@nist.gov>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Singular or multiple NamedGroup(s) in the "HelloRetryRequest"
Thread-Index: AQHQMaBYsYs5DZhf6k+RjnoRkswrlw==
Date: Fri, 16 Jan 2015 15:26:59 +0000
Message-ID: <1421422017019.67267@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [132.163.219.31]
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-dmarcaction-test: None
x-microsoft-antispam: BCL:0;PCL:0;RULEID:(3005004);SRVR:BN1PR09MB0257;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB0257;
x-forefront-prvs: 04583CED1A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(199003)(53754006)(2900100001)(62966003)(110136001)(77156002)(66066001)(68736005)(2501002)(64706001)(97736003)(36756003)(102836002)(86362001)(46102003)(2656002)(16236675004)(87936001)(40100003)(92566002)(122556002)(101416001)(19625215002)(2351001)(50986999)(54356999)(229853001)(106356001)(105586002)(106116001)(19627405001)(117636001)(99286002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR09MB0257; H:BN1PR09MB0258.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; MX:3; A:3; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
Content-Type: multipart/alternative; boundary="_000_142142201701967267nistgov_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jan 2015 15:26:59.9093 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB0257
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/jD5Kdj7Oc6wUsRdn2Tshtzm_r0M>
Subject: [TLS] Singular or multiple NamedGroup(s) in the "HelloRetryRequest"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2015 15:27:26 -0000

Hi all,


It seems to be fine to improve inter-operability (or efficiency: less back and forth) by allowing multiple groups (multiple "NamedGroup"s) in the "HelloRetryRequest" message since a server might be willing to accept 2 (or more) groups for a particular key exchange method. For example,  a client might offer only one FFDH group in its Client Key Share message and the server is willing to offer two higher level security groups for the client to choose from.


The situation would be similar if we had 3 or more curves.


Quynh.

v2.23.0 | Report a Bug | By Email