Re: [TLS] Using Brainpool curves in TLS

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 19 October 2013 10:51 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E61FE11E819F for <tls@ietfa.amsl.com>; Sat, 19 Oct 2013 03:51:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FWBSZhkGkKsK for <tls@ietfa.amsl.com>; Sat, 19 Oct 2013 03:51:21 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) by ietfa.amsl.com (Postfix) with ESMTP id 258F611E8164 for <tls@ietf.org>; Sat, 19 Oct 2013 03:51:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1382179879; x=1413715879; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=DS5RTuw78EKKAK4Rn2vJLM/yORdH74pEtEw5fbUD4fg=; b=AwY/a+7evHrmOdu9vELcvLa8SMVVRYnJoIsBUroIKGazK3qmJzKbGbGh G4h5U+DYR7hx3Rsa2y3JSb0CFPYdb9zhdU3uLMW9bNMIFjkY7S/5vtjh2 rjFW4h9vOp7Fx9CK4oR/LjiIE7hUmmAqi8V0Nod9NHm89XZjD5PSD0J6m c=;
X-IronPort-AV: E=Sophos;i="4.93,528,1378814400"; d="scan'208";a="218317725"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from uxchange10-fe4.uoa.auckland.ac.nz ([130.216.4.171]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 19 Oct 2013 23:51:04 +1300
Received: from UXCN10-6.UoA.auckland.ac.nz ([169.254.10.152]) by uxchange10-fe4.UoA.auckland.ac.nz ([130.216.4.171]) with mapi id 14.03.0158.001; Sat, 19 Oct 2013 23:51:04 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>, Paul Bakker <p.j.bakker@offspark.com>
Thread-Topic: [TLS] Using Brainpool curves in TLS
Thread-Index: Ac7MuRrcCntznbKaQWC508EekXIjdw==
Date: Sat, 19 Oct 2013 10:51:03 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C735568E7D4@uxcn10-6.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] Using Brainpool curves in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Oct 2013 10:51:30 -0000

Paul Bakker <p.j.bakker@offspark.com>; writes:
> For now I've just put up a test server at:
> 141.138.204.107:4433
>
> Running PolarSSL 1.3.1 with Brainpool curves supported..

Works fine with cryptlib.

Just out of interest, how many other implementations noticed the major and
minor security issue when connecting to this server?  Curious to see how much
checking gets done...

Peter.