Re: [TLS] New Version Notification for draft-bzwu-tls-ecdhe-keyshare-00.txt
" 武炳正(允中) " <bingzheng.wbz@alibaba-inc.com> Tue, 28 April 2015 02:53 UTC
Return-Path: <bingzheng.wbz@alibaba-inc.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40F931ACE27 for <tls@ietfa.amsl.com>; Mon, 27 Apr 2015 19:53:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.5
X-Spam-Level: *
X-Spam-Status: No, score=1.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CHARSET_FARAWAY_HEADER=3.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dk82U1AwhzLr for <tls@ietfa.amsl.com>; Mon, 27 Apr 2015 19:53:19 -0700 (PDT)
Received: from out4133-114.mail.aliyun.com (out4133-114.mail.aliyun.com [42.120.133.114]) by ietfa.amsl.com (Postfix) with ESMTP id AB1C51ACE26 for <tls@ietf.org>; Mon, 27 Apr 2015 19:53:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1430189597; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; bh=J+lTpbOMZ9Gn/PbxydsZ1aqrVOZEeRhTyP/1UOAxNP4=; b=xAJjmJXt6b/IMRtyU1O2siHvh9rFbK28xDi/njNvFNvktvcGtJNabOiuq/6tqrKmj0/PmSTzl6E63mwsRoJQcDuiHm29+6BSPeIErURZkX242Grw91qGmCq8Za/xILXMdN15hS3lmpxKkNT/1pRhOzKv6qjaudvmtlgSLJQJ2Cc=
X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R281e4; FP=0|-1|-1|-1|0|-1|-1|-1; HT=r41g03048; MF=bingzheng.wbz@alibaba-inc.com; PH=DS; RN=2; RT=2; SR=0;
Received: from ali074145n(mailfrom:bingzheng.wbz@alibaba-inc.com ip:42.120.74.185) by smtp.aliyun-inc.com(127.0.0.1); Tue, 28 Apr 2015 10:53:13 +0800
From: "武炳正(允中)" <bingzheng.wbz@alibaba-inc.com>
To: 'Ilari Liusvaara' <ilari.liusvaara@elisanet.fi>
References: <20150427023926.28938.22369.idtracker@ietfa.amsl.com> <008e01d080e5$a2db6de0$e89249a0$@alibaba-inc.com> <20150427173533.GA910@LK-Perkele-VII>
In-Reply-To: <20150427173533.GA910@LK-Perkele-VII>
Date: Tue, 28 Apr 2015 10:53:13 +0800
Message-ID: <001c01d0815e$783cbde0$68b639a0$@alibaba-inc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQINWeqB9X5GafILLq6JDjmchKPzTALdk8vxAddxaV6cwlu5sA==
Content-Language: zh-cn
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/lprVXNoU69BdavrH9Gl5ne0VgCI>
Cc: tls@ietf.org
Subject: Re: [TLS] New Version Notification for draft-bzwu-tls-ecdhe-keyshare-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: "武炳正(允中)" <bingzheng.wbz@alibaba-inc.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2015 02:53:20 -0000
> -----Original Message----- > From: Ilari Liusvaara [mailto:ilari.liusvaara@elisanet.fi] > Sent: Tuesday, April 28, 2015 1:36 AM > To: 武炳正(允中) > Cc: tls@ietf.org > Subject: Re: [TLS] New Version Notification for > draft-bzwu-tls-ecdhe-keyshare-00.txt > > On Mon, Apr 27, 2015 at 08:28:16PM +0800, 武炳正(允中) wrote: > > > > https://datatracker.ietf.org/doc/draft-bzwu-tls-ecdhe-keyshare/ > > > > This extension allows a TLS client to carry ECDHE keyshare in ClientHello > message, so as to reduce the full handshake latency of 1RTT. > > > > Please kindly review it. Any comments are welcomed. > > Taking a quick look (not considering if this a good idea or not): > > > In fact the new version, TLS verion 1.3 [draft] which works in > > progress, supports only ECDHE for key exchange. > > This is just wrong. In TLS 1.3 editor's copy and in latest draft, non-ECC DHE is > supported (2k, 3k, 4k and 8k). Thanks for reminding. Maybe a 'type' should be added in each ClientKeyShareOffer, to indicate different Diffie-Hellman exchange. And change this extension's name from ECDHE-keyshare to DH-keyshare. > > (The value list seems to be out-of-sync with ffdhe draft, which also has 6k). > > > ECParameters curve_params; > > I consider supporting arbitrary curves here a bad idea. Why not just use values > out of EC Named Curve Registry (16-bit)? > > (That's the way TLS 1.3 does it). I tried to change as less as possible, to avoid unnecessary trouble, both in protocol or implementation. > > > So I have not find any security problem about this extension yet. > > Another problem: > > Defintion of extended_master_secret (security fix!) refers to > ClientKeyExchange. The relevant part would have to be redefined (I guess > taking session_hash after ServerKeyExchange would work). I think so too. I will add this in the draft after reading this extension carefully. > > (Let's not get into working around THS by key checks). > > > > -Ilari Thanks for your comments again Bingzheng Wu
- Re: [TLS] New Version Notification for draft-bzwu… 武炳正(允中)
- Re: [TLS] New Version Notification for draft-bzwu… Ilari Liusvaara
- Re: [TLS] New Version Notification for draft-bzwu… 武炳正(允中)
- Re: [TLS] New Version Notification for draft-bzwu… Ilari Liusvaara
- Re: [TLS] New Version Notification for draft-bzwu… 武炳正(允中)
- Re: [TLS] New Version Notification for draft-bzwu… Ilari Liusvaara
- Re: [TLS] New Version Notification for draft-bzwu… 武炳正(允中)