Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-10.txt

Tony Arcieri <bascule@gmail.com> Mon, 01 June 2015 23:02 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F8631A1AFF for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 16:02:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VNrncgo03bSs for <tls@ietfa.amsl.com>; Mon, 1 Jun 2015 16:02:45 -0700 (PDT)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 289781A1B15 for <tls@ietf.org>; Mon, 1 Jun 2015 16:02:45 -0700 (PDT)
Received: by oiww2 with SMTP id w2so113229116oiw.0 for <tls@ietf.org>; Mon, 01 Jun 2015 16:02:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=BmIXmuae13Nx36s4VFpF6DpTa6R4/LqtiaakHNaTO50=; b=nRNKfniewEmVx8QYSgnxzaWjBhvrIba1BUwyL1CPJwr2L0yAWGMXCfGMsyMnlsmvpE kljK11YijEfde5jN1OxkIv09068MdoqcNrPeqZVk1OOvUwp4KKD+HO0EGxTgyTs7T5xz q79prqfOXKleMYPFk4z/pF3abUdXQCwTYTaVXrcl8cXCLj8slb24GGDYXn3voGCXDXFY Au2+mJFgB0FozdvG1OxQ+iMAb8lIomCIyQHEqg5ucMW6c1gqFBPm5DSZscqU9PTITyNA vLb/a1DN16sAdo2rkGJcvF6wlWF6Kc2mRTTsNTcdN3Csz66tjoHru3qhcyGLwiWX5NcP 6TDg==
X-Received: by 10.60.92.198 with SMTP id co6mr14533565oeb.3.1433199764561; Mon, 01 Jun 2015 16:02:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.110.241 with HTTP; Mon, 1 Jun 2015 16:02:24 -0700 (PDT)
In-Reply-To: <20150601225057.17500.96911.idtracker@ietfa.amsl.com>
References: <20150601225057.17500.96911.idtracker@ietfa.amsl.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Mon, 1 Jun 2015 16:02:24 -0700
Message-ID: <CAHOTMVJ1xu+mEaROWKuEtW1E8Ks3r3gKagEM9mJdBOKW3kSZJQ@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary=047d7b33d544dbe50605177cd261
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/s-r_E-C-6l6872i6o7QYWkykI2Q>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-10.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 23:02:47 -0000

Alternative suggestion: DHE diediedie

Is there really a compelling reason to keep it around? I expect the
response is going to be "What if there's some catastrophic failure of ECC?"
but if that really happens, can't we just temporarily forego forward
secrecy rather than further complecting TLS with a backup we probably won't
need?

On Mon, Jun 1, 2015 at 3:50 PM, <internet-drafts@ietf.org>; wrote:

>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
>  This draft is a work item of the Transport Layer Security Working Group
> of the IETF.
>
>         Title           : Negotiated Finite Field Diffie-Hellman Ephemeral
> Parameters for TLS
>         Author          : Daniel Kahn Gillmor
>         Filename        : draft-ietf-tls-negotiated-ff-dhe-10.txt
>         Pages           : 26
>         Date            : 2015-06-01
>
> Abstract:
>    Traditional finite-field-based Diffie-Hellman (DH) key exchange
>    during the TLS handshake suffers from a number of security,
>    interoperability, and efficiency shortcomings.  These shortcomings
>    arise from lack of clarity about which DH group parameters TLS
>    servers should offer and clients should accept.  This document offers
>    a solution to these shortcomings for compatible peers by using a
>    section of the TLS "EC Named Curve Registry" to establish common
>    finite-field DH parameters with known structure and a mechanism for
>    peers to negotiate support for these groups.
>
>    This draft updates TLS versions 1.0 [RFC2246], 1.1 [RFC4346], and 1.2
>    [RFC5246], as well as the TLS ECC extensions [RFC4492].
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-negotiated-ff-dhe/
>
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-10
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-negotiated-ff-dhe-10
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>



-- 
Tony Arcieri