Return-Path: <bmoeller@acm.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id A293F12DB31
 for <tls@ietfa.amsl.com>; Wed, 17 Aug 2016 09:50:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level: 
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_SOFTFAIL=0.665]
 autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id MaYp7lM0Nxy5 for <tls@ietfa.amsl.com>;
 Wed, 17 Aug 2016 09:50:04 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.133])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id ECE2D12D685
 for <tls@ietf.org>; Wed, 17 Aug 2016 09:50:03 -0700 (PDT)
Received: from mail-wm0-f47.google.com ([74.125.82.47]) by
 mrelayeu.kundenserver.de (mreue005) with ESMTPSA (Nemesis) id
 0MKMb4-1bZVoC1MZy-001k0Y for <tls@ietf.org>; Wed, 17 Aug 2016 18:50:02 +0200
Received: by mail-wm0-f47.google.com with SMTP id i5so244225013wmg.0
 for <tls@ietf.org>; Wed, 17 Aug 2016 09:50:02 -0700 (PDT)
X-Gm-Message-State: AEkooutyd+lw3wesYU4lnUjxq08pWEyzoYvmREC78aejy0gW9FZtlyiS38OAOg+kEz89BcgdIdQtNW+Jspd4TQ==
X-Received: by 10.25.139.135 with SMTP id n129mr7088029lfd.111.1471452601838; 
 Wed, 17 Aug 2016 09:50:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.33.201 with HTTP; Wed, 17 Aug 2016 09:50:00 -0700 (PDT)
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4CF1AC9@uxcn10-5.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4CF009C@uxcn10-5.UoA.auckland.ac.nz>
 <20160816145548.GQ4670@mournblade.imrryr.org>
 <9A043F3CF02CD34C8E74AC1594475C73F4CF1AC9@uxcn10-5.UoA.auckland.ac.nz>
From: Bodo Moeller <bmoeller@acm.org>
Date: Wed, 17 Aug 2016 09:50:00 -0700
X-Gmail-Original-Message-ID: <CADMpkc+vbkWz_TQ2Ch5JfaVRPse4qeXPPitsBV=d2yDtSx4eLA@mail.gmail.com>
Message-ID: <CADMpkc+vbkWz_TQ2Ch5JfaVRPse4qeXPPitsBV=d2yDtSx4eLA@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary=001a113fc2f6a30a6c053a47418e
X-Provags-ID: V03:K0:6lit9UG8VdN4Gniv3w1XjAMehEzsBgU4UeflPQ5RX+fSms8vSpM
 NbQ8uwtBomZhcTmnxL1fAWahE/grA42VPStJthB/hYYknkbQeNtjGnZPK8xTrt2tBOxSxKB
 nB7K1E3LlNkHGkMOPIdDwwhi6pz2vlkPQM6XYW8udS17+UO6B6TYBvAOGvBM9EtS+0makZt
 oK5Tkrm44HecBamYizrfg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:xsAJFmPDTvk=:k26SqrUJ/GpqdEPggjsUCu
 XVAtW609wfcoqP86BIKOidmocxWrb+JDH01NevJAixACC+bxpmez8EGf3ElmwesQEd7//2Tfd
 UzHYkwBvHnRj00C2gXUWDNQWafHOSJ8p1NSfOUyXVntnW51r8SUrWcASYVW/1FQ+m7l4QDTzo
 pP81kf5pZEf7injYe9FnB4g6Zm2iAZ9MxVNN2QTIMXvOjMbKPKUgpnFpWDwZoOc2KDLAt7hEI
 IsAWe01O3OZA7ZVrjyr1WZTJRvwPmkvdLglAGVyEYD+AR6sSWV+bvrokX94m2dYoEuYbbrrO2
 0BoMQW6rBVVgwOsoabmKWRBETZgwWrZ7uT+1kQuBNOn7T8viDX1jBO5iQBifc5z/PqEbHW9jN
 baolNILvl49WhTtU5sR+TaiacGj8tPM0WC7+rUC+ELuOnASEuTNAeHPN2yKPx72f6/AX/2Dqq
 yCzdlzDOu+jygVdUBVlDkPg6XxcEYkCy7J752v3zUg06f/PH9CCVcOCVrykDRF1qXaACjSGxi
 crY4g5FMVDrnF41yeBDK8PD0NAMSluYSolOXbu2SYck7lkC9tvrILXJmOyp6CcmMysfnMtYeU
 vXkQNWh536UWD8XNNiPcW70wU1d740mu5mOcRsZ3R8AjlKj+qLV1475fcImDy2Kp8VTMSLVJp
 z6BTGtlHEED2KEjanLsplOoQDT+tp/O9HxZFEAbAP1dbsBYMBJptgPvSkamHcdiwA7lmeG89R
 H2w5uoT3eiTLnU8D
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/meYDdl30e_0VXTRNvlEo7wymNbw>
Subject: Re: [TLS] RFC 7919 on Negotiated Finite Field Diffie-Hellman
 Ephemeral Parameters for Transport Layer Security (TLS)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
 <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
 <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2016 16:50:06 -0000

--001a113fc2f6a30a6c053a47418e
Content-Type: text/plain; charset=UTF-8

Peter, so your complaint is about the lack of support for explicitly
specified (non-"named") groups? That's completely intentional, see the
RFC's abstract. (It *shouldn't* be that much of a problem that the server
might be using a ill-chosen group, because if the server does dumb things
we can't save it anyway. However, given all the complexities of the TLS
handshake, there's actually more that can fall apart if the group is bad.)

Bodo

--001a113fc2f6a30a6c053a47418e
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">Pete=
r, so your complaint is about the lack of support for explicitly specified =
(non-&quot;named&quot;) groups? That&#39;s completely intentional, see the =
RFC&#39;s abstract. (It *shouldn&#39;t* be that much of a problem that the =
server might be using a ill-chosen group, because if the server does dumb t=
hings we can&#39;t save it anyway. However, given all the complexities of t=
he TLS handshake, there&#39;s actually more that can fall apart if the grou=
p is bad.)</div><div class=3D"gmail_quote"><br></div><div class=3D"gmail_qu=
ote">Bodo</div><div class=3D"gmail_quote"><br></div></div></div>

--001a113fc2f6a30a6c053a47418e--