Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
Alfred Hönes <ah@tr-sys.de> Fri, 03 October 2008 18:45 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E3D6928C192; Fri, 3 Oct 2008 11:45:17 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9944328C192 for <tls@core3.amsl.com>; Fri, 3 Oct 2008 11:45:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.267
X-Spam-Level: *
X-Spam-Status: No, score=1.267 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VtpTB0zun8RO for <tls@core3.amsl.com>; Fri, 3 Oct 2008 11:45:15 -0700 (PDT)
Received: from WOTAN.TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by core3.amsl.com (Postfix) with ESMTP id 7C08228C0D8 for <tls@ietf.org>; Fri, 3 Oct 2008 11:45:14 -0700 (PDT)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3) id AA174249465; Fri, 3 Oct 2008 20:44:25 +0200
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id UAA15155; Fri, 3 Oct 2008 20:44:19 +0200 (MESZ)
From: Alfred Hönes <ah@tr-sys.de>
Message-Id: <200810031844.UAA15155@TR-Sys.de>
To: Mark_Tillinghast@symantec.com, tls@ietf.org
Date: Fri, 03 Oct 2008 20:44:18 +0200
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Subject: Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
At Thu, 2 Oct 2008 12:13:39 -0700, Mark Tillinghast wrote: > > I would like to remove the SHA-1 stuff completely. > Compatibility with SHA-1 is anathema to me. > > Mark Mark, could you please explain why this argument has not been raised during WGLC, when the draft *only* contained backwards compatible cipher suites that could also be supported in previous versions of TLS that lack support of SHA-2 ? The draft was intended to complement RFC 4279 and RFC 4785 in an equivalent manner with the ECC [1] based key exchanges from RFC 4492, and as such had been adopted as a WG work item. And why have similar arguments not been raised before the publication of RFC 5246 and other recent documents ? If I understand your reasoning, consequently TLS 1.2 ought to have deprecated all pre-existent TLS cipher suites using SHA-1 and covered by that document, as should have RFC 5288 and 5289 for the respectively related earlier cipher suites. Did you mean that? I am posting this message because, if I recall correctly, the recent additions are based on a question I had raised during WGLC, which triggered a discussion thread. This would perhaps have been the proper time to make your voice audible. As a follow-up, the TLS session in Dublin has consented to solicit an update of the draft taking the WGLC comments into proper consideration, and to then forward it to the IESG. The first step has been done. The author has judged to include the SHA-2 cipher suites taking into account that, after the draft had been delayed by a busy working group until TLS 1.2 had been completed, this would be now be a commensurate step forward. Reading the diffs I cannot see that the updated draft violates the rough consensus achieved at WGLC. The additions look clearly structured and follow the spirit of the previous versions in a straightforward manner. I am not aware of any recent striking developments in cryptanalysis since the WGLC that would necessitate an immediate fundamental reconsideration. The NIST reportedly intends to support SHA-1 for more than two years to come. The primary use of it here anyway is within HMAC -- and that's commonly still considered not being attacked successfully. Other IETF WGs currently even hesitate to remove MD-2 and MD-5 from document updates in progress, because they want to leave the decision to the deployment and the applications using theirs specifications. Equally, the PSK cipher suites are targetted at managed environments that should be able to make educated decisions on which cryptographic strenght they need. Mark, therefore I kindly ask you to study the "Working Group Guidelines and Procedures" (BCP 25, RFC 2418) before you try to disrupt these procedures. Thanks. Kind regards, Alfred. -- P.S.: [1] An interesting (less technical) reading about the development and the socialization of ECC can be found in a recent research paper from two of the 'cradles of ECC' : A. H. Koblitz, N. Koblitz & A. Menezes; "Ellitic Curve Cryptography: The Serpentine Course of a Paradigm Shift"; Univ. of Washington / Univ. of Waterloo; Aug 2008, revised Sep 2008 available at: <http://www.cacr.math.uwaterloo.ca/techreports/2008/cacr2008-19.pdf> Have a nice reading! { The authors must also have visited IETF meetings and followed WG discussions. :-) } If in hurry, skip to Section 13 and look into the mirror. :-) +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] New version of draft-ietf-tls-ecdhe-psk aft… Mohamad Badra
- Re: [TLS] New version of draft-ietf-tls-ecdhe-psk… Pasi.Eronen
- [TLS] RE: New version of draft-ietf-tlRE: New v… badra
- Re: [TLS] New version of draft-ietf-tls-ecdhe-psk… Mohamad Badra
- Re: [TLS] New version of draft-ietf-tls-ecdhe-psk… Mohamad Badra
- Re: [TLS] New version of draft-ietf-tls-ecdhe-psk… Pasi.Eronen
- Re: [TLS] New version of draft-ietf-tls-ecdhe-psk… Mohamad Badra
- Re: [TLS] New version of draft-ietf-tls-ecdhe-psk… Mark Tillinghast
- Re: [TLS] New version of draft-ietf-tls-ecdhe-psk… Alfred Hönes
- Re: [TLS] New version of draft-ietf-tls-ecdhe-psk… Mark Tillinghast