Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

Ralph Holz <> Tue, 17 September 2013 13:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 325B311E8120 for <>; Tue, 17 Sep 2013 06:38:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YVUxP+EmVfHl for <>; Tue, 17 Sep 2013 06:38:46 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id C5BB411E81EB for <>; Tue, 17 Sep 2013 06:38:45 -0700 (PDT)
Received: by (Postfix, from userid 5001) id 76E3480A17; Tue, 17 Sep 2013 15:38:44 +0200 (CEST)
Received: from [] ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 0389C809A9 for <>; Tue, 17 Sep 2013 15:38:38 +0200 (CEST)
Message-ID: <>
Date: Tue, 17 Sep 2013 15:39:32 +0200
From: Ralph Holz <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.97.8 at ex6
X-Virus-Status: Clean
X-Mailman-Approved-At: Wed, 18 Sep 2013 14:12:51 -0700
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 Sep 2013 13:38:51 -0000


> To get DHE-2048, we'd need to patch Apache, change Windows, get
> everyone to use the new Windows, probably some more I forgot.
> To get ECDH we need to change a compilation option of RedHat (and
> probably some other distributions).
> I think the choice is pretty much a no-brainer.

I do think we should mention DHE-2048. It's the classic, well-understood
concept. I take a very conservative POV here, but ECC is younger and
less tested. Add to that the NSA speculations.

You're right about the Apaches, but Windows users, I think, should not
be too much of a problem once Microsoft decides to enable DHE-2048 and
push it out with their update mechanism.

> And if you're worried about NIST curves, there are people pushing
> brainpool and other curves on the TLS list.

Brainpool and/or djb's curves will take some time for adaption, too,
especially for secure implementations. Another reason to mention the
classic DHE alternative.


Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
Phone +
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF