Re: [TLS] draft-ietf-tls-rfc4346-04 available
"Yngve Nysaeter Pettersen" <yngve@opera.com> Tue, 24 July 2007 15:24 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IDMFf-0000Yr-Hw; Tue, 24 Jul 2007 11:24:43 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IDMFe-0000Yg-Rs for tls@ietf.org; Tue, 24 Jul 2007 11:24:42 -0400
Received: from mail.opera.com ([213.236.208.66] helo=mailbox.opera.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IDMFd-0001oY-7U for tls@ietf.org; Tue, 24 Jul 2007 11:24:42 -0400
Received: from killashandra-ii.oslo.opera.com (pat-tdc.opera.com [213.236.208.22]) by mailbox.opera.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l6OFOVrg028185; Tue, 24 Jul 2007 15:24:35 GMT
Date: Tue, 24 Jul 2007 17:25:00 +0200
To: Eric Rescorla <ekr@networkresonance.com>, tls@ietf.org
Subject: Re: [TLS] draft-ietf-tls-rfc4346-04 available
From: Yngve Nysaeter Pettersen <yngve@opera.com>
Organization: Opera Software
Content-Type: text/plain; format="flowed"; delsp="yes"; charset="iso-8859-15"
MIME-Version: 1.0
References: <20070708145051.4C2B033C55@delta.rtfm.com>
Content-Transfer-Encoding: 7bit
Message-ID: <op.tvy6fydnvqd7e2@killashandra-ii.oslo.opera.com>
In-Reply-To: <20070708145051.4C2B033C55@delta.rtfm.com>
User-Agent: Opera Mail/9.21 (Win32)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: yngve@opera.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
On Sun, 08 Jul 2007 16:50:51 +0200, Eric Rescorla <ekr@networkresonance.com> wrote: > I just submitted draft-ietf-tls-rfc4346-04. > > Until it's in the repository, you can find it at: > https://svn.resiprocate.org/rep/ietf-drafts/ekr/tls/tls.txt > > The changes are: > > - Added some guidance about checking DH groups and exponents. > [Issues 15 and 43] I think this: "The client SHOULD also verify that the DH public exponent appears to be of adequate size." ought to be worded stronger, perhaps something like "The client SHOULD also verify that the DH public exponent is of equvalent cryptograhic strength as the key used to sign the public key." (Yesterday there were two reports to Opera about such weak keys at Hushmail) This might also be phrased in a way that allows it to apply to other temporary key methods, as well. Perhaps there should be some advice on what a client should do in case the key is considered too weak? My suggestion would be that the client should renogiate with the ephemeral ciphersuites less preferred than non-ephemeral ciphersuites. The drawback is that this will make the negotiation process more complicated. Another possibility would be to send the insufficient_security alert as a warning (which would require redefining the alert) even if the connection is accepted. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ******************************************************************** _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] draft-ietf-tls-rfc4346-04 available Eric Rescorla
- Re: [TLS] draft-ietf-tls-rfc4346-04 available Yngve Nysaeter Pettersen
- Re: [TLS] draft-ietf-tls-rfc4346-04 available Eric Rescorla
- Re: [TLS] draft-ietf-tls-rfc4346-04 available Yngve N. Pettersen