IETF Logo Mail Archive

Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 18 August 2021 12:32 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0757A3A172B for <tls@ietfa.amsl.com>; Wed, 18 Aug 2021 05:32:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v1uy1oLFxi3g for <tls@ietfa.amsl.com>; Wed, 18 Aug 2021 05:32:33 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CAB13A1740 for <tls@ietf.org>; Wed, 18 Aug 2021 05:32:31 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2169.outbound.protection.outlook.com [104.47.71.169]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-48-8w7ITXTAO-q4vbDkjw_AOg-1; Wed, 18 Aug 2021 22:32:27 +1000
X-MC-Unique: 8w7ITXTAO-q4vbDkjw_AOg-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SYBPR01MB6810.ausprd01.prod.outlook.com (2603:10c6:10:117::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.17; Wed, 18 Aug 2021 12:32:20 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b031:1772:e7da:9550]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b031:1772:e7da:9550%4]) with mapi id 15.20.4415.024; Wed, 18 Aug 2021 12:32:19 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: David Benjamin <davidben@chromium.org>, Filippo Valsorda <filippo@ml.filippo.io>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
Thread-Index: AQHXhMP8/Z9VMq5/a0KfoC2agG2HlatxjJmAgAA42ACABUQmgIAAxGAAgAAoHQCAAVokAw==
Date: Wed, 18 Aug 2021 12:32:19 +0000
Message-ID: <SY4PR01MB6251B73CC0E5771FF4E04DDCEEFF9@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <CAOgPGoC4C0bWz0h0iyzGzMPEoDKAPv4euoOkmS+6Uuxncux4Zg@mail.gmail.com> <cc9c9d9f-d6b1-3b93-1231-a9a9c34a7fcd@gmail.com> <67533325-2983-47B7-871C-D90799D09532@ll.mit.edu> <CAOgPGoDAvnFic3VmEsge3i8C2FEfWp74ac_ievtfNo=MQB+C8g@mail.gmail.com> <385b963a-9627-4ede-b4a9-95b5badebc58@www.fastmail.com> <CAF8qwaA64fHrvUA9WjjRYQkg_zUV3AjgLaENSyo5C79U1XsPfg@mail.gmail.com>
In-Reply-To: <CAF8qwaA64fHrvUA9WjjRYQkg_zUV3AjgLaENSyo5C79U1XsPfg@mail.gmail.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1d5a57b7-594d-4edf-2111-08d9624438a5
x-ms-traffictypediagnostic: SYBPR01MB6810:
x-microsoft-antispam-prvs: <SYBPR01MB68102F68993600EEE185D806EEFF9@SYBPR01MB6810.ausprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: DRl139n6G5GfY2eWL4v/YQMDOeEQRtzfAoc4tnkt96/yAsnUNbRwuWWce5W33up2GDyJaqUjA2+sAun44+pSBCFGJcQq7TvDySh2pgdKjrBXk1kGQzEaGVmJC2Y8k6Kd7jLYld1/XBpaW6FG6Fb7EPDNCh7o35r6LLHjqZTB4/h0+ZuZZ039Ny2W+/RZ7ufqgl1/TfwObXPvdnIWS4fqWPcEtObK1sPlcFsJt+AfHB/kVfK+JioU9088Yq3BYo9ZAWBAMYncYsxpOPK1Y9e93UtL8Jl/o5J5f5WFbojUxKeDxJ7gUuSoAAajpAkpbIvNyq+ki4b+f+ZZV25ibBYnRQxBbVUHc3uXYQ0mFy775BpyfkWGsBfGyXDuAkXPvrMg8lCoGVRag3LIZKg9Nfo0GmAHRrxFD1IN46H3qEZiWgJ2VbjE8wqKbzrwT2MTf0ygKRbwtArJlctv3odE78BNzXOGW+dK4WojtRqCi+ok2/Vd8XthfW2MmC5C9hA/CsMnGP2l2Gi0D+Fx6Y8VKiSf11QGLPCvuZham/OmQcQIBtXMaAITfzgnFjQo4M+N8cmy2y/c8/Gj8GNY3p6bzE8ljblvui9UBRLL1T5bqypaDHTJ3XpCvEMP/Qb8ILLyJVhXQbQc247n4CaS/XUKiIkRYoYVTtQf0QOTIJ/4w8LCqvedJDec77GB4sozLlq3C4ivICYNFB1OlT81LYUsqVSGjQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(376002)(39850400004)(396003)(366004)(71200400001)(4326008)(38100700002)(26005)(110136005)(33656002)(186003)(478600001)(6506007)(5660300002)(8676002)(38070700005)(8936002)(122000001)(7696005)(316002)(2906002)(66476007)(9686003)(55016002)(76116006)(52536014)(66556008)(66446008)(86362001)(786003)(66946007)(64756008); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eGbhgFpTHkZhPnbG4wUACytRLpbPWRywoHFx+TYNa6NjshvC0sZqUKmUO1lQ/9JZ9KCTAsYjgjhezLzKXwGy03dxbkf4503X+IBWqPHgCLhrBF/5CQLkdsABh75YLfIZ3Ncwct5FEzPIldGHhciPKYY1Cp7FSaFlg5DljGO0VBCdPrxsOgQA/wLybEt1WQhIW5eSEVBEFzHGKiS7VkBsgGtZJGqMoBHQDeYX/rpMmqvIebuuldbmmoIk1l9KKHGB1mSPsA2As9WzfxobWw7IQVVTPSKXxDP1CVbHO2cWXf06gZEZX8t4IdtD4TRA6AXWT6nv5WOwIJ/8YQT0mr6tfvz5Orj0DUqZewGiFv5cB2Un00l0AzxD+f1SyDZTRXb55GYsXQcfnEC7TflFMqg/dgZEVmUPFgFlMPlhjsUt+2Eal5/ZcCyvysu1FNcpVSpAms3Q2s2iKipt0l1q3VtDDCVuorDCZRjqLrTYT5pkzBWpEl3mnbWTUX8TuYFrmO0ySbLR+hwY/k+Iq5aJu3cUKRyl7JmzyVtbqeb2pldBoHfK/0I8apBvuDrIJnuomGZKoXRmkSnKdRDjJo4zvzibNDOQ2xLX5RspelPrGDh3aMC2MBNwg+/4EZ/jdg1TRaFbi/saRVhNwhGbZeq39pgD04jClZPLB219GI89hSHTf+bGlWZlh2XmddWo/smjAoDowxgmAIROIuC5P08GBv71Y7hl/BuLzLoxJNaV8crmE4nzwLC7PKPF7fhudzBvVXl/BylDfeUQZ5Eo2GJQnJH1TFPCgV8vkQvh0RlFDVpJ0z1HncQMCEDOKxU1pF60DtaFkwZWnK46I0qNdVHQN906aeIPfOKJF1XA9Q2XprvUTVRljP9Pov/d4mucDa2I0F57SgyefFhiBakupwoj8Olsw4t34kuhZFQIBpqpW3Jlqn+aaKmL2EoTkWcciiVkA1QhmGzz+6iPLTrk/U4pvTgl1qf/wvZfSWicfAt6uV+NKPSGKdvZ7JCro8FASBGItFd3lHFqgkSlHDmkq7i2CtDhyG0UmSH2viHLxarP57h5qwt4tBmJzkOEeyCE/Vd0isftf2ZruvOu8ir+MmHhgDawpSsgCPJhQAaanVhs1H7QUxs+QOKhmWpF/Njw3AKNfV4fHHrDBfif0lss4Bw95+Uy8vbPwTm4gOb8pufQqq8acAW/wNjRqZLVhVUEVgJFfUYqS4eqqdd82mC03LCeFfEqgIql8MXHXYGcyvik3nobYpR1AXHBtyiDbQ9g2C1nwNI3IO31LOmUbIQTx6D+alTZ9gADmt2TuFYMLyzFnTj/OqQ=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d5a57b7-594d-4edf-2111-08d9624438a5
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Aug 2021 12:32:19.0589 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jGV+Qn2XDDsN1vlLCKDj6+daO5kof8mB3avhk+/3P/kKcylE3wu7SJRwPUM95cxoVNfbESK6fOYXIYzfR09lZPXDxVlVDDya49xNAdUaqzs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBPR01MB6810
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mp0rXxcIWHSLFQrR9Zy6Qqk36ZY>
Subject: Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2021 12:32:38 -0000

David Benjamin <davidben@chromium.org> writes:

>RFC7919 tried to solve the problem but, by reusing the old cipher suites, it
>fails to solve the problem.

It didn't just not solve the problem, it made things worse: 7919 doesn't say
"I want to do DHE, if possible with these parameters", it says "I will only
accept DHE if you use these parameters, otherwise you cannot use DHE but must
drop back to RSA".  Because of this and other issues, a discussion on this
list in 2019 indicated that no-one was planning to implement it.

>We don't have a way to tell the server to only consider DHE ciphers if it
>would have used a group the client supports.

Why would that be an issue?  I know 7919 invents a bunch of reasons why this
could be a problem, but in practice you just connect and take what the server
gives you.  If you don't like it you can always choose not to connect, but
it's not like someone is going to rekey or rebuild the server if the client
says it doesn't like the DH group it's offering.

Given that everyone seems to have a different idea of what is and isn't a
problem and what does and doesn't need to be addressed, perhaps we first need
to define what we're trying to achieve...

Peter.

v2.23.0 | Report a Bug | By Email