Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group

Peter Gutmann <> Tue, 04 November 2014 18:46 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id BFD1B1ACD9C for <>; Tue, 4 Nov 2014 10:46:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.794
X-Spam-Status: No, score=-4.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yxBu02iNu56L for <>; Tue, 4 Nov 2014 10:46:07 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A50DF1ACD9D for <>; Tue, 4 Nov 2014 10:46:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=uoa; t=1415126765; x=1446662765; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=u3k9Rg3hvLAIsJafuYbtw6XnihetPn7BIo15ih8SSsc=; b=Z4Nme8DOoAra8HI4/Yf2NXfXWOL4l7naqg3HIINyjrZloJ5R1sL02Dou oIoLUH+JR46DYBAXgvs7zER2AbhxcfD+ZR+QatUWOwrPPB8aNABTwiCZG SCpxxH59HTjAYAEXaC+vi6mQVRwNDsEtrrkW422Ftu/kPb4SbvlcPOfcr 4=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="287664316"
X-Ironport-Source: - Outgoing - Outgoing
Received: from ([]) by with ESMTP/TLS/AES128-SHA; 05 Nov 2014 07:46:04 +1300
Received: from ([]) by ([]) with mapi id 14.03.0174.001; Wed, 5 Nov 2014 07:46:03 +1300
From: Peter Gutmann <>
To: "<>" <>
Thread-Topic: [TLS] STRAW POLL: Size of the Minimum FF DHE group
Thread-Index: Ac/4X5U+UHOue9GYRdO7jfwZXzI8mA==
Date: Tue, 04 Nov 2014 18:46:02 +0000
Message-ID: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 04 Nov 2014 18:46:09 -0000

Sean Turner <> writes:

>The draft currently includes a minimum group size of 2432 but the WG also
>discussed 2048.  Groups smaller than 2048 were discounted for a standards
>track document as too weak for use but might be documented in a separate 
>=93historic=94 draft.

See my previous comments on this, these groups are still being actively used,
and will continue to be used until the hardware they're used with dies.  So
having them documented would be useful, not least because if the IETF doesn't
do it then some (probably several) other standards groups will do it for them.

>The chairs would like to poll the WG on one of the issues in the draft namely
>the size of the minimum group.

If the only choice is between 2048 and 24something then I'll go with 2048.
What's the significance of 24something anyway?