Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

Ralph Holz <holz@net.in.tum.de> Tue, 17 September 2013 13:38 UTC

Return-Path: <holz@net.in.tum.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 325B311E8120 for <tls@ietfa.amsl.com>; Tue, 17 Sep 2013 06:38:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YVUxP+EmVfHl for <tls@ietfa.amsl.com>; Tue, 17 Sep 2013 06:38:46 -0700 (PDT)
Received: from smtp.serverkommune.de (serverkommune.de [176.9.61.43]) by ietfa.amsl.com (Postfix) with ESMTP id C5BB411E81EB for <tls@ietf.org>; Tue, 17 Sep 2013 06:38:45 -0700 (PDT)
Received: by smtp.serverkommune.de (Postfix, from userid 5001) id 76E3480A17; Tue, 17 Sep 2013 15:38:44 +0200 (CEST)
Received: from [131.159.20.131] (ex6.serverkommune.de [176.9.61.43]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.serverkommune.de (Postfix) with ESMTPSA id 0389C809A9 for <tls@ietf.org>; Tue, 17 Sep 2013 15:38:38 +0200 (CEST)
Message-ID: <52385B94.5020102@net.in.tum.de>
Date: Tue, 17 Sep 2013 15:39:32 +0200
From: Ralph Holz <holz@net.in.tum.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: tls@ietf.org
References: <20130916211725.6E5E21A971@ld9781.wdf.sap.corp> <5238200E.70500@gmail.com> <07AC3415-536F-4260-B726-476DFFE57F8F@checkpoint.com>
In-Reply-To: <07AC3415-536F-4260-B726-476DFFE57F8F@checkpoint.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.97.8 at ex6
X-Virus-Status: Clean
X-Mailman-Approved-At: Wed, 18 Sep 2013 14:12:51 -0700
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 13:38:51 -0000

Hi,

> To get DHE-2048, we'd need to patch Apache, change Windows, get
> everyone to use the new Windows, probably some more I forgot.
> 
> To get ECDH we need to change a compilation option of RedHat (and
> probably some other distributions).
> 
> I think the choice is pretty much a no-brainer.

I do think we should mention DHE-2048. It's the classic, well-understood
concept. I take a very conservative POV here, but ECC is younger and
less tested. Add to that the NSA speculations.

You're right about the Apaches, but Windows users, I think, should not
be too much of a problem once Microsoft decides to enable DHE-2048 and
push it out with their update mechanism.

> And if you're worried about NIST curves, there are people pushing
> brainpool and other curves on the TLS list.

Brainpool and/or djb's curves will take some time for adaption, too,
especially for secure implementations. Another reason to mention the
classic DHE alternative.

Ralph

-- 
Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
Phone +49.89.289.18043
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF