Re: [TLS] AD review of draft-ietf-tls-negotiated-ff-dhe-08
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 03 April 2015 21:16 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DCDE1A886B for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 14:16:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FhK6AxoFfw_A for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 14:16:54 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id E859C1A8775 for <tls@ietf.org>; Fri, 3 Apr 2015 14:16:53 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id F14B4F984; Fri, 3 Apr 2015 17:16:50 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 819E4207B2; Fri, 3 Apr 2015 16:16:37 -0500 (CDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, IETF TLS Working Group <tls@ietf.org>
In-Reply-To: <551EFC9A.8070804@cs.tcd.ie>
References: <551B3415.5080105@cs.tcd.ie> <2D4BF0F9-E771-4E79-848F-11617E77A36C@ieca.com> <551ED3DD.8080409@cs.tcd.ie> <87wq1t9cnf.fsf@alice.fifthhorseman.net> <551EFC9A.8070804@cs.tcd.ie>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Fri, 03 Apr 2015 17:16:37 -0400
Message-ID: <87k2xsap56.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/nDOCII775PoFmcJ4rHHgJRymFk8>
Subject: Re: [TLS] AD review of draft-ietf-tls-negotiated-ff-dhe-08
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 21:16:56 -0000
On Fri 2015-04-03 16:48:26 -0400, Stephen Farrell wrote:
> It's not that I disagree with 'em, but I don't find them
> that compelling tbh. The best (to me) seems to be that
> additional usage in multiple protocols makes for a more
> attractive target. But the MODP groups are already used
> in TLS, and naming them in this way might reduce the
> liklihood that some implementation accepts groups without
> checking 'em.
The MODP groups are not explicitly used anywhere in the TLS specs
(though of course nothing prevents a TLS server from chooing to use one
of them). Some of the MODP groups (with different generators in some
cases) are used in TLS SRP (this is not the standard FFDHE handshake),
but aiui, we're talking about killing off SRP anyway.
> (E.g. an updated client would have the code to check that a
> known-named group has been selected by the server, so might benefit
> even if the server hasn't been updated).
If it were already common practice to use strong MODP groups for FFDHE,
this might be a convincing argument. But in the surveys i've seen, most
DHE implementations restrict themselves to 1024-bit FFDHE anyway,
possibly due to client incompatibility or lack of understanding of the
protocol. Whether that's MODP 1024 or some other 1024-bit DHE group,
this is still too weak for most guarantees i'd like to see TLS be able
to make.
> However, let's proceed and please treat the above as just
> another last call comment. In this case, you've responded
> already so if nobody else wants to pursue the discussion
> then we'll be all set.
sounds good to me. thanks for the review and the feedback, Stephen.
--dkg
- [TLS] AD review of draft-ietf-tls-negotiated-ff-d… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Martin Thomson
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Martin Rex
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Martin Rex
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Sean Turner
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Daniel Kahn Gillmor
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Daniel Kahn Gillmor
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Daniel Kahn Gillmor
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Geoffrey Keating
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Daniel Kahn Gillmor
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Stephen Farrell
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Peter Gutmann
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Santiago Zanella
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Santiago Zanella
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Peter Gutmann
- Re: [TLS] AD review of draft-ietf-tls-negotiated-… Santiago Zanella