Re: [TLS] ID Tracker State Update Notice: <draft-ietf-tls-negotiated-ff-dhe-08.txt>
Andrey Jivsov <crypto@brainhub.org> Fri, 24 April 2015 07:34 UTC
Return-Path: <crypto@brainhub.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4D471B354E for <tls@ietfa.amsl.com>; Fri, 24 Apr 2015 00:34:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V8zhqog4O45U for <tls@ietfa.amsl.com>; Fri, 24 Apr 2015 00:34:08 -0700 (PDT)
Received: from resqmta-po-05v.sys.comcast.net (resqmta-po-05v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:164]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 002171B356B for <tls@ietf.org>; Fri, 24 Apr 2015 00:32:50 -0700 (PDT)
Received: from resomta-po-08v.sys.comcast.net ([96.114.154.232]) by resqmta-po-05v.sys.comcast.net with comcast id KjYg1q001516pyw01jYqhU; Fri, 24 Apr 2015 07:32:50 +0000
Received: from [192.168.1.2] ([71.202.164.227]) by resomta-po-08v.sys.comcast.net with comcast id KjYp1q0024uhcbK01jYpar; Fri, 24 Apr 2015 07:32:50 +0000
Message-ID: <5539F1A1.6030009@brainhub.org>
Date: Fri, 24 Apr 2015 00:32:49 -0700
From: Andrey Jivsov <crypto@brainhub.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: tls@ietf.org
References: <20150403205046.26518.89784.idtracker@ietfa.amsl.com>
In-Reply-To: <20150403205046.26518.89784.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1429860770; bh=SPfcN4mJIlJORhLONc3VWkSQaomhQUZ2UC35RFPZhoM=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=HCeQpsABa+WCVzH83jBH6M4cYO28rvGBpOlrPVr2nDJfejRo9eXEBIMTpFG0ylAtj tjsa5BFiLjgdGjKSLWvTfRpwV3aEPKUzfoChwdrBnSpSbI8hq0fJmhQvwqHrRm92Hq ENGsQEUo1KkiA96+h3WsBdzWUv/eSpx4SdR/LRGrVNlhzJRy1CgxvtCtrcfxjNPr/b sNh487VC9t4lIMDUfWa4AKUWfraOsqLkZKenbZfETrKFSKqLRNTNe3/UiqCS+W0txg QeR1bR/VkjJxbuURxsSY6c4AENwecmTCrpjDi4Dab6burRre8nWaYpmcz/r3LVxpAL 6C/SnIO82qZsw==
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/jJnoYnT124NFlH1N88STxsUE-QI>
Subject: Re: [TLS] ID Tracker State Update Notice: <draft-ietf-tls-negotiated-ff-dhe-08.txt>
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2015 07:34:11 -0000
I have a mostly editorial comment for sec 1. The document calls the composite group with p-1 elements a "group" in sec 5. The document calls the the 2-element group in sec 5.1 a "small subgroup". The document calls the prime group with q=(p-1)/2 elements a "group" in sec. A. Let's say we continue to call the q-element subset of p-1-element group a group, and continue to call the 2-element subset of p-1-element group a subgroup. My concern is that the sec. 1 may be interpreted as that by virtue of using groups from this document a client avoids the issue of small subgroups. In reality, the main benefit of groups in this document is that they give us the minimal small subgroup and there is an efficient check for the membership in the large (sub)group. This check is correctly specified in sec 5.1, but it should not be skipped. 1. The sentences with two first occurrences of "subgroup", both in section 1, should be reworded to not suggest that this document avoids small subgroups. 2. One can go further and try to clear the terminology about the group by assuming that the - _group_ has p-1 - _prime group_ has q - _small subgroup_ has 2 elements. i.e. insert "prime" in front of some "group", where appropriate. BTW, I like the ability for the client to indicate the support for the DH group size.
- [TLS] ID Tracker State Update Notice: <draft-ietf… IETF Secretariat
- [TLS] ID Tracker State Update Notice: <draft-ietf… IETF Secretariat
- [TLS] ID Tracker State Update Notice: <draft-ietf… IETF Secretariat
- [TLS] ID Tracker State Update Notice: <draft-ietf… IETF Secretariat
- Re: [TLS] ID Tracker State Update Notice: <draft-… Andrey Jivsov