Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group
Yoav Nir <ynir.ietf@gmail.com> Tue, 04 November 2014 18:55 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78CC61ACD88 for <tls@ietfa.amsl.com>; Tue, 4 Nov 2014 10:55:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qY2Q3pJMm7nr for <tls@ietfa.amsl.com>; Tue, 4 Nov 2014 10:55:07 -0800 (PST)
Received: from mail-wg0-x236.google.com (mail-wg0-x236.google.com [IPv6:2a00:1450:400c:c00::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CA0F1ACD7F for <tls@ietf.org>; Tue, 4 Nov 2014 10:55:07 -0800 (PST)
Received: by mail-wg0-f54.google.com with SMTP id n12so8927174wgh.27 for <tls@ietf.org>; Tue, 04 Nov 2014 10:55:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LwIEuRFQ4NM+VxT76N6plekoNQtnd99vldbI1sb3ps4=; b=hF45tcG7ygUkctbc5oKhzK///JAteZjFKq9gAFOWQNGf/fMzbH+7c0ybW1XGdSjof2 FtViChWNEHrDcZjYUesz4Kfkk1zcZKLqEiHN3ZWZwajykfV9yR7wtJr1dSG0qB4joaN3 T+K/s75ZjVBMehdrzgPQcRHE0Fo+UN6i4uK8d3qUfqOCCKgpppj9sG27bi8rUULTvsDB edKCvu9XywPtMW6+dCRV8mvUhhz8Q4xDzFJMZUpjtCEQ/CKVfsCGbDeFbOArIclnt/WT 3IRTAe03GhaAASl2PBayyUBYRgP1ZGlYgccAIDNUF5pg0WAuH3atNQbSK5WVvXbKxuQq MWNA==
X-Received: by 10.194.63.79 with SMTP id e15mr19208845wjs.79.1415127305449; Tue, 04 Nov 2014 10:55:05 -0800 (PST)
Received: from [192.168.1.103] (IGLD-84-228-87-161.inter.net.il. [84.228.87.161]) by mx.google.com with ESMTPSA id wx3sm1480543wjc.19.2014.11.04.10.55.04 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 04 Nov 2014 10:55:05 -0800 (PST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <8E6B8F53-9E8C-46B2-A721-85E918576F3A@ieca.com>
Date: Tue, 04 Nov 2014 20:55:02 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <2BBD35FD-9573-415F-AEAB-FAFF37BB0255@gmail.com>
References: <8E6B8F53-9E8C-46B2-A721-85E918576F3A@ieca.com>
To: Sean Turner <TurnerS@ieca.com>
X-Mailer: Apple Mail (2.1990.1)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/qCpHTusoPDQcoQGtlpiRi5p2oc4
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] STRAW POLL: Size of the Minimum FF DHE group
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 18:55:09 -0000
2048 I have very little use for FF DHE, but matching the strength of the certificates that are in use (and RSA 2048 is overwhelmingly more popular at this point than ECDSA or RSA with greater values). Yoav > On Nov 4, 2014, at 7:49 PM, Sean Turner <TurnerS@ieca.com> wrote: > > Hi! > > At the TLS Interim meeting in Paris, the WG discussed the FF DHE draft (https://datatracker.ietf.org/doc/draft-ietf-tls-negotiated-ff-dhe/). The chairs would like to poll the WG on one of the issues in the draft namely the size of the minimum group. > > The draft currently includes a minimum group size of 2432 but the WG also discussed 2048. Groups smaller than 2048 were discounted for a standards track document as too weak for use but might be documented in a separate “historic” draft. To help us reach consensus on this point, please reply to this email indicating whether you favor a “2048" or “2432” minimum group size. Note we’re also looking to specify the smallest number of options for groups as is acceptable - i.e., we’re not looking at specifying both 2048 and 2432. > > Background: Regardless of whether you agree with what follows or not, the following has been put forward as the rationale. We don’t need comments on the rationale, we’re just providing it for background. > > 1) 3DES has a 112-bit work factor and is still considered acceptable in TLS 1.2 and the DLOG keying material shouldn’t be any weaker than the symmetric cipher. > > 2) There is some disagreement about the work factor for the DLOG keys - e.g., NIST says 112-bit work factor correlates to 2048-bit DLOG keys but ECRYPT-II says 112-bit work factor correlates to 2432-bit DLOG keys (see references in draft). > > 3) The other point made about 2048-bit DLOG is that it’s a power of 2 and there’s parity with the public key sizes. > > Cheers, > j&s > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] STRAW POLL: Size of the Minimum FF DHE group Sean Turner
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Martin Thomson
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Peter Gutmann
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Yoav Nir
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Manuel Pégourié-Gonnard
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Paul Hoffman
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Nikos Mavrogiannopoulos
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Stephen Checkoway
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Daniel Kahn Gillmor
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Nikos Mavrogiannopoulos
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Andrey Jivsov
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Martin Thomson
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Viktor Dukhovni
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Watson Ladd
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Russ Housley
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Bodo Moeller
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Bodo Moeller
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Hanno Böck
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Michael Sweet
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Bodo Moeller
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Manuel Pégourié-Gonnard
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Bodo Moeller
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Michael Sweet
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Bodo Moeller
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Manuel Pégourié-Gonnard
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Hubert Kario
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Daniel Kahn Gillmor
- Re: [TLS] STRAW POLL: Size of the Minimum FF DHE … Rene Struik
- [TLS] closing - Re: STRAW POLL: Size of the Minim… Sean Turner