Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

Patrick Pelletier <code@funwithsoftware.org> Mon, 23 September 2013 04:27 UTC

Return-Path: <code@funwithsoftware.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5164311E8192 for <tls@ietfa.amsl.com>; Sun, 22 Sep 2013 21:27:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.331
X-Spam-Level:
X-Spam-Status: No, score=-2.331 tagged_above=-999 required=5 tests=[AWL=0.268, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uyob-XSCrlFz for <tls@ietfa.amsl.com>; Sun, 22 Sep 2013 21:27:23 -0700 (PDT)
Received: from asbnvacz-mailrelay01.megapath.net (asbnvacz-mailrelay01.megapath.net [207.145.128.243]) by ietfa.amsl.com (Postfix) with ESMTP id 95EDB11E818E for <tls@ietf.org>; Sun, 22 Sep 2013 21:27:23 -0700 (PDT)
Received: from mail5.sea5.speakeasy.net (mail5.sea5.speakeasy.net [69.17.117.49]) by asbnvacz-mailrelay01.megapath.net (Postfix) with ESMTP id D280F1EE53D9 for <tls@ietf.org>; Mon, 23 Sep 2013 00:27:22 -0400 (EDT)
Received: (qmail 29930 invoked from network); 23 Sep 2013 04:27:22 -0000
Received: by simscan 1.4.0 ppid: 2965, pid: 22137, t: 1.2656s scanners: clamav: 0.88.2/m:52/d:10739 spam: 3.0.4
Received: from dsl017-096-185.lax1.dsl.speakeasy.net (HELO PatrickMBP.local) (ppelleti@[69.17.96.185]) (envelope-sender <code@funwithsoftware.org>) by mail5.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <yaronf.ietf@gmail.com>; 23 Sep 2013 04:27:21 -0000
Message-ID: <523FC31D.2040708@funwithsoftware.org>
Date: Sun, 22 Sep 2013 21:27:09 -0700
From: Patrick Pelletier <code@funwithsoftware.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: Yaron Sheffer <yaronf.ietf@gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C735567407D@uxcn10-6.UoA.auckland.ac.nz> <A3161699-0975-403C-B9C1-8BE548062949@mac.com> <523DCC5D.9040707@pobox.com> <523E2F56.9040307@funwithsoftware.org> <3E26A3FE-2491-4D48-BBE9-A11B995CD28D@checkpoint.com> <523E815E.8080902@gmail.com>
In-Reply-To: <523E815E.8080902@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 04:27:29 -0000

On 9/21/13 10:34 PM, Yaron Sheffer wrote:
> It's not "only" Java, it's Windows (Internet Explorer), too. See
> http://blog.ivanristic.com/2013/08/increasing-dhe-strength-on-apache.html,
> last paragraph.

Yes, that's one of the sources I've been using, but I guess I'm 
interpreting it differently than you are.  My reading is based on the 
last sentence of that last paragraph, "IE does not support DHE in 
combination with RSA, and will never negotiate a DHE suite, anyway."

So, my interpretation is that the 1024-bit limit only applies to DSS in 
IE.  Since IE doesn't support DHE_RSA, the 1024-bit limit doesn't matter 
there.  So yes, that means you can't actually use DHE_RSA with Internet 
Explorer (regardless of bit length), but the important point is that it 
doesn't hurt for the server to support DHE_RSA, since IE won't offer it. 
  This is in contrast to the Java situation, where Java will offer 
DHE_RSA, the server will choose it, and then Java will bail because it 
doesn't support the DH length.  This results in a failed handshake, 
while the Windows situation doesn't.

--Patrick