Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

mrex@sap.com (Martin Rex) Mon, 16 September 2013 21:17 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E602511E81C8 for <tls@ietfa.amsl.com>; Mon, 16 Sep 2013 14:17:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.063
X-Spam-Level:
X-Spam-Status: No, score=-10.063 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NxF6KY8bEu6v for <tls@ietfa.amsl.com>; Mon, 16 Sep 2013 14:17:27 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id 9073911E81BE for <tls@ietf.org>; Mon, 16 Sep 2013 14:17:27 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id r8GLHPqZ016735 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 16 Sep 2013 23:17:25 +0200 (MEST)
In-Reply-To: <52360658.7050203@gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Date: Mon, 16 Sep 2013 23:17:25 +0200 (CEST)
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20130916211725.6E5E21A971@ld9781.wdf.sap.corp>
From: mrex@sap.com (Martin Rex)
X-SAP: out
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2013 21:17:33 -0000

Yaron Sheffer wrote:
> 
> Problem #1 goes away if we say that the server only sends 2048-bit DH 
> parameters to "new" clients (those that offer TLS 1.2), and assume these 
> can all deal with DH of any length. Our draft recommends a TLS 1.2-only 
> cipher suite anyway. And since new clients are still rare, this could work.
> 
> This partial solution is complicated by IE10, which (AFAIK) supports TLS 
> 1.2, but has this support off by default, and does not support larger 
> than 1024-bit DH.

IE10 is an awkward way to refer to an implementation.
What matters is what Microsoft's SChannel from the underlying OS supports.
And Microsoft seems to not support DHE with RSA
(only DHE_DSA, ECDHE_RSA and ECDHE_ECDSA).


Windows 7 & 2008R2 
http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757%28v=vs.85%29.aspx 

Windows Vista & 2008:
http://msdn.microsoft.com/en-us/library/windows/desktop/ff468651%28v=vs.85%29.aspx

Windows XP & 2003
http://msdn.microsoft.com/en-us/library/windows/desktop/aa380512%28v=vs.85%29.aspx



-Martin