Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 18 August 2021 12:32 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0757A3A172B for <tls@ietfa.amsl.com>; Wed, 18 Aug 2021 05:32:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v1uy1oLFxi3g for <tls@ietfa.amsl.com>; Wed, 18 Aug 2021 05:32:33 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CAB13A1740 for <tls@ietf.org>; Wed, 18 Aug 2021 05:32:31 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2169.outbound.protection.outlook.com [104.47.71.169]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-48-8w7ITXTAO-q4vbDkjw_AOg-1; Wed, 18 Aug 2021 22:32:27 +1000
X-MC-Unique: 8w7ITXTAO-q4vbDkjw_AOg-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SYBPR01MB6810.ausprd01.prod.outlook.com (2603:10c6:10:117::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.17; Wed, 18 Aug 2021 12:32:20 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b031:1772:e7da:9550]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::b031:1772:e7da:9550%4]) with mapi id 15.20.4415.024; Wed, 18 Aug 2021 12:32:19 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: David Benjamin <davidben@chromium.org>, Filippo Valsorda <filippo@ml.filippo.io>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
Thread-Index: AQHXhMP8/Z9VMq5/a0KfoC2agG2HlatxjJmAgAA42ACABUQmgIAAxGAAgAAoHQCAAVokAw==
Date: Wed, 18 Aug 2021 12:32:19 +0000
Message-ID: <SY4PR01MB6251B73CC0E5771FF4E04DDCEEFF9@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <CAOgPGoC4C0bWz0h0iyzGzMPEoDKAPv4euoOkmS+6Uuxncux4Zg@mail.gmail.com> <cc9c9d9f-d6b1-3b93-1231-a9a9c34a7fcd@gmail.com> <67533325-2983-47B7-871C-D90799D09532@ll.mit.edu> <CAOgPGoDAvnFic3VmEsge3i8C2FEfWp74ac_ievtfNo=MQB+C8g@mail.gmail.com> <385b963a-9627-4ede-b4a9-95b5badebc58@www.fastmail.com> <CAF8qwaA64fHrvUA9WjjRYQkg_zUV3AjgLaENSyo5C79U1XsPfg@mail.gmail.com>
In-Reply-To: <CAF8qwaA64fHrvUA9WjjRYQkg_zUV3AjgLaENSyo5C79U1XsPfg@mail.gmail.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1d5a57b7-594d-4edf-2111-08d9624438a5
x-ms-traffictypediagnostic: SYBPR01MB6810:
x-microsoft-antispam-prvs: <SYBPR01MB68102F68993600EEE185D806EEFF9@SYBPR01MB6810.ausprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: DRl139n6G5GfY2eWL4v/YQMDOeEQRtzfAoc4tnkt96/yAsnUNbRwuWWce5W33up2GDyJaqUjA2+sAun44+pSBCFGJcQq7TvDySh2pgdKjrBXk1kGQzEaGVmJC2Y8k6Kd7jLYld1/XBpaW6FG6Fb7EPDNCh7o35r6LLHjqZTB4/h0+ZuZZ039Ny2W+/RZ7ufqgl1/TfwObXPvdnIWS4fqWPcEtObK1sPlcFsJt+AfHB/kVfK+JioU9088Yq3BYo9ZAWBAMYncYsxpOPK1Y9e93UtL8Jl/o5J5f5WFbojUxKeDxJ7gUuSoAAajpAkpbIvNyq+ki4b+f+ZZV25ibBYnRQxBbVUHc3uXYQ0mFy775BpyfkWGsBfGyXDuAkXPvrMg8lCoGVRag3LIZKg9Nfo0GmAHRrxFD1IN46H3qEZiWgJ2VbjE8wqKbzrwT2MTf0ygKRbwtArJlctv3odE78BNzXOGW+dK4WojtRqCi+ok2/Vd8XthfW2MmC5C9hA/CsMnGP2l2Gi0D+Fx6Y8VKiSf11QGLPCvuZham/OmQcQIBtXMaAITfzgnFjQo4M+N8cmy2y/c8/Gj8GNY3p6bzE8ljblvui9UBRLL1T5bqypaDHTJ3XpCvEMP/Qb8ILLyJVhXQbQc247n4CaS/XUKiIkRYoYVTtQf0QOTIJ/4w8LCqvedJDec77GB4sozLlq3C4ivICYNFB1OlT81LYUsqVSGjQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(376002)(39850400004)(396003)(366004)(71200400001)(4326008)(38100700002)(26005)(110136005)(33656002)(186003)(478600001)(6506007)(5660300002)(8676002)(38070700005)(8936002)(122000001)(7696005)(316002)(2906002)(66476007)(9686003)(55016002)(76116006)(52536014)(66556008)(66446008)(86362001)(786003)(66946007)(64756008); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: eGbhgFpTHkZhPnbG4wUACytRLpbPWRywoHFx+TYNa6NjshvC0sZqUKmUO1lQ/9JZ9KCTAsYjgjhezLzKXwGy03dxbkf4503X+IBWqPHgCLhrBF/5CQLkdsABh75YLfIZ3Ncwct5FEzPIldGHhciPKYY1Cp7FSaFlg5DljGO0VBCdPrxsOgQA/wLybEt1WQhIW5eSEVBEFzHGKiS7VkBsgGtZJGqMoBHQDeYX/rpMmqvIebuuldbmmoIk1l9KKHGB1mSPsA2As9WzfxobWw7IQVVTPSKXxDP1CVbHO2cWXf06gZEZX8t4IdtD4TRA6AXWT6nv5WOwIJ/8YQT0mr6tfvz5Orj0DUqZewGiFv5cB2Un00l0AzxD+f1SyDZTRXb55GYsXQcfnEC7TflFMqg/dgZEVmUPFgFlMPlhjsUt+2Eal5/ZcCyvysu1FNcpVSpAms3Q2s2iKipt0l1q3VtDDCVuorDCZRjqLrTYT5pkzBWpEl3mnbWTUX8TuYFrmO0ySbLR+hwY/k+Iq5aJu3cUKRyl7JmzyVtbqeb2pldBoHfK/0I8apBvuDrIJnuomGZKoXRmkSnKdRDjJo4zvzibNDOQ2xLX5RspelPrGDh3aMC2MBNwg+/4EZ/jdg1TRaFbi/saRVhNwhGbZeq39pgD04jClZPLB219GI89hSHTf+bGlWZlh2XmddWo/smjAoDowxgmAIROIuC5P08GBv71Y7hl/BuLzLoxJNaV8crmE4nzwLC7PKPF7fhudzBvVXl/BylDfeUQZ5Eo2GJQnJH1TFPCgV8vkQvh0RlFDVpJ0z1HncQMCEDOKxU1pF60DtaFkwZWnK46I0qNdVHQN906aeIPfOKJF1XA9Q2XprvUTVRljP9Pov/d4mucDa2I0F57SgyefFhiBakupwoj8Olsw4t34kuhZFQIBpqpW3Jlqn+aaKmL2EoTkWcciiVkA1QhmGzz+6iPLTrk/U4pvTgl1qf/wvZfSWicfAt6uV+NKPSGKdvZ7JCro8FASBGItFd3lHFqgkSlHDmkq7i2CtDhyG0UmSH2viHLxarP57h5qwt4tBmJzkOEeyCE/Vd0isftf2ZruvOu8ir+MmHhgDawpSsgCPJhQAaanVhs1H7QUxs+QOKhmWpF/Njw3AKNfV4fHHrDBfif0lss4Bw95+Uy8vbPwTm4gOb8pufQqq8acAW/wNjRqZLVhVUEVgJFfUYqS4eqqdd82mC03LCeFfEqgIql8MXHXYGcyvik3nobYpR1AXHBtyiDbQ9g2C1nwNI3IO31LOmUbIQTx6D+alTZ9gADmt2TuFYMLyzFnTj/OqQ=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d5a57b7-594d-4edf-2111-08d9624438a5
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Aug 2021 12:32:19.0589 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jGV+Qn2XDDsN1vlLCKDj6+daO5kof8mB3avhk+/3P/kKcylE3wu7SJRwPUM95cxoVNfbESK6fOYXIYzfR09lZPXDxVlVDDya49xNAdUaqzs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBPR01MB6810
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mp0rXxcIWHSLFQrR9Zy6Qqk36ZY>
Subject: Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2021 12:32:38 -0000
David Benjamin <davidben@chromium.org> writes: >RFC7919 tried to solve the problem but, by reusing the old cipher suites, it >fails to solve the problem. It didn't just not solve the problem, it made things worse: 7919 doesn't say "I want to do DHE, if possible with these parameters", it says "I will only accept DHE if you use these parameters, otherwise you cannot use DHE but must drop back to RSA". Because of this and other issues, a discussion on this list in 2019 indicated that no-one was planning to implement it. >We don't have a way to tell the server to only consider DHE ciphers if it >would have used a group the client supports. Why would that be an issue? I know 7919 invents a bunch of reasons why this could be a problem, but in practice you just connect and take what the server gives you. If you don't like it you can always choose not to connect, but it's not like someone is going to rekey or rebuild the server if the client says it doesn't like the DH group it's offering. Given that everyone seems to have a different idea of what is and isn't a problem and what does and doesn't need to be addressed, perhaps we first need to define what we're trying to achieve... Peter.
- [TLS] Adoption call for Deprecating FFDH(E) Ciphe… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Martin Thomson
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Martin Thomson
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Ilari Liusvaara
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Viktor Dukhovni
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Viktor Dukhovni
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Benjamin Kaduk
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… David Benjamin
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Eric Rescorla
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Loganaden Velvindron
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Benjamin Kaduk
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Dan Brown
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Peter Gutmann
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Filippo Valsorda
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Nimrod Aviram
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rene Struik
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rob Sayre
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Nimrod Aviram
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Rob Sayre
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Carrick Bartle
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Joseph Salowey
- Re: [TLS] Adoption call for Deprecating FFDH(E) C… Salz, Rich