Re: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)

Bodo Moeller <bmoeller@acm.org> Wed, 17 August 2016 16:50 UTC

Return-Path: <bmoeller@acm.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A293F12DB31 for <tls@ietfa.amsl.com>; Wed, 17 Aug 2016 09:50:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MaYp7lM0Nxy5 for <tls@ietfa.amsl.com>; Wed, 17 Aug 2016 09:50:04 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.133]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECE2D12D685 for <tls@ietf.org>; Wed, 17 Aug 2016 09:50:03 -0700 (PDT)
Received: from mail-wm0-f47.google.com ([74.125.82.47]) by mrelayeu.kundenserver.de (mreue005) with ESMTPSA (Nemesis) id 0MKMb4-1bZVoC1MZy-001k0Y for <tls@ietf.org>; Wed, 17 Aug 2016 18:50:02 +0200
Received: by mail-wm0-f47.google.com with SMTP id i5so244225013wmg.0 for <tls@ietf.org>; Wed, 17 Aug 2016 09:50:02 -0700 (PDT)
X-Gm-Message-State: AEkooutyd+lw3wesYU4lnUjxq08pWEyzoYvmREC78aejy0gW9FZtlyiS38OAOg+kEz89BcgdIdQtNW+Jspd4TQ==
X-Received: by 10.25.139.135 with SMTP id n129mr7088029lfd.111.1471452601838; Wed, 17 Aug 2016 09:50:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.33.201 with HTTP; Wed, 17 Aug 2016 09:50:00 -0700 (PDT)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4CF1AC9@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4CF009C@uxcn10-5.UoA.auckland.ac.nz> <20160816145548.GQ4670@mournblade.imrryr.org> <9A043F3CF02CD34C8E74AC1594475C73F4CF1AC9@uxcn10-5.UoA.auckland.ac.nz>
From: Bodo Moeller <bmoeller@acm.org>
Date: Wed, 17 Aug 2016 09:50:00 -0700
X-Gmail-Original-Message-ID: <CADMpkc+vbkWz_TQ2Ch5JfaVRPse4qeXPPitsBV=d2yDtSx4eLA@mail.gmail.com>
Message-ID: <CADMpkc+vbkWz_TQ2Ch5JfaVRPse4qeXPPitsBV=d2yDtSx4eLA@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary=001a113fc2f6a30a6c053a47418e
X-Provags-ID: V03:K0:6lit9UG8VdN4Gniv3w1XjAMehEzsBgU4UeflPQ5RX+fSms8vSpM NbQ8uwtBomZhcTmnxL1fAWahE/grA42VPStJthB/hYYknkbQeNtjGnZPK8xTrt2tBOxSxKB nB7K1E3LlNkHGkMOPIdDwwhi6pz2vlkPQM6XYW8udS17+UO6B6TYBvAOGvBM9EtS+0makZt oK5Tkrm44HecBamYizrfg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:xsAJFmPDTvk=:k26SqrUJ/GpqdEPggjsUCu XVAtW609wfcoqP86BIKOidmocxWrb+JDH01NevJAixACC+bxpmez8EGf3ElmwesQEd7//2Tfd UzHYkwBvHnRj00C2gXUWDNQWafHOSJ8p1NSfOUyXVntnW51r8SUrWcASYVW/1FQ+m7l4QDTzo pP81kf5pZEf7injYe9FnB4g6Zm2iAZ9MxVNN2QTIMXvOjMbKPKUgpnFpWDwZoOc2KDLAt7hEI IsAWe01O3OZA7ZVrjyr1WZTJRvwPmkvdLglAGVyEYD+AR6sSWV+bvrokX94m2dYoEuYbbrrO2 0BoMQW6rBVVgwOsoabmKWRBETZgwWrZ7uT+1kQuBNOn7T8viDX1jBO5iQBifc5z/PqEbHW9jN baolNILvl49WhTtU5sR+TaiacGj8tPM0WC7+rUC+ELuOnASEuTNAeHPN2yKPx72f6/AX/2Dqq yCzdlzDOu+jygVdUBVlDkPg6XxcEYkCy7J752v3zUg06f/PH9CCVcOCVrykDRF1qXaACjSGxi crY4g5FMVDrnF41yeBDK8PD0NAMSluYSolOXbu2SYck7lkC9tvrILXJmOyp6CcmMysfnMtYeU vXkQNWh536UWD8XNNiPcW70wU1d740mu5mOcRsZ3R8AjlKj+qLV1475fcImDy2Kp8VTMSLVJp z6BTGtlHEED2KEjanLsplOoQDT+tp/O9HxZFEAbAP1dbsBYMBJptgPvSkamHcdiwA7lmeG89R H2w5uoT3eiTLnU8D
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/meYDdl30e_0VXTRNvlEo7wymNbw>
Subject: Re: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2016 16:50:06 -0000

Peter, so your complaint is about the lack of support for explicitly
specified (non-"named") groups? That's completely intentional, see the
RFC's abstract. (It *shouldn't* be that much of a problem that the server
might be using a ill-chosen group, because if the server does dumb things
we can't save it anyway. However, given all the complexities of the TLS
handshake, there's actually more that can fall apart if the group is bad.)

Bodo