Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
John Mattsson <john.mattsson@ericsson.com> Mon, 12 October 2015 17:08 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6879F1A8974 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 10:08:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rssi_1f0v3cV for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 10:08:33 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CF0A1A8973 for <tls@ietf.org>; Mon, 12 Oct 2015 10:08:32 -0700 (PDT)
X-AuditID: c1b4fb25-f79a26d00000149a-f0-561be90ec909
Received: from ESESSHC003.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 89.D8.05274.E09EB165; Mon, 12 Oct 2015 19:08:30 +0200 (CEST)
Received: from ESESSMB307.ericsson.se ([169.254.7.184]) by ESESSHC003.ericsson.se ([153.88.183.27]) with mapi id 14.03.0248.002; Mon, 12 Oct 2015 19:08:30 +0200
From: John Mattsson <john.mattsson@ericsson.com>
To: Quynh Dang <quynh97@gmail.com>
Thread-Topic: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
Thread-Index: AQHRBMydOHy9F9/ta0KlukZnanicFp5ntdgAgABcjYD//+H4AIAAI0SA
Date: Mon, 12 Oct 2015 17:08:29 +0000
Message-ID: <D241B5A3.3DA33%john.mattsson@ericsson.com>
References: <D2414396.3D932%john.mattsson@ericsson.com> <9BB2A2C5-005B-4F2C-9CAB-EA23F07FE0D5@sn3rd.com> <D241AF4D.3D9FD%john.mattsson@ericsson.com> <CAE3-qLSrQ42iOAEnHM01mTW==jgVr7b5ojpPQVzP0d7+CNLbEA@mail.gmail.com>
In-Reply-To: <CAE3-qLSrQ42iOAEnHM01mTW==jgVr7b5ojpPQVzP0d7+CNLbEA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.4.150722
x-originating-ip: [153.88.183.20]
Content-Type: multipart/alternative; boundary="_000_D241B5A33DA33johnmattssonericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGIsWRmVeSWpSXmKPExsUyM+JvjS7fS+kwg8XvDS2On3zFbnFlVSOz xafzXYwOzB47Z91l91iy5CeTx8GDjAHMUVw2Kak5mWWpRfp2CVwZiw7/ZC2YlVRx4+F19gbG g/FdjJwcEgImEju+HmSGsMUkLtxbz9bFyMUhJHCUUeLgvn3sEM4SRomrb6czglSxCRhIzN3T wAZiiwgoSTxfsA2sm1nAXuL20aNMILawgKvErZ5/UDVuElObZjPD2N1nfoHVsAioShw9dBQs zitgLvFkzwpWiGX3GSWONVwDa+YUCJQ4feEV2GJGoPO+n1rDBLFMXOLWk/lMEGcLSCzZcx7q BVGJl4//AQ3i4BAV0JPYs1wSIqwocXX6cqjWGIk/Wz+zQOwVlDg58wnLBEaxWUimzkJSNgtJ 2SygqcwCmhLrd+lDlChKTOl+yA5ha0i0zpkLZVtL3Fm9nh1ZzQJGjlWMosWpxUm56UbGeqlF mcnFxfl5enmpJZsYgRF7cMtv1R2Ml984HmIU4GBU4uF9cFsqTIg1say4MvcQozQHi5I4bzPT g1AhgfTEktTs1NSC1KL4otKc1OJDjEwcnFINjBkrqrbkNc2a9cxYIulMbnL75a128UaLNnDm fhZY+k4l/ebJYGGnD4Ft5jmzmBa4vD67qHOBGNfGfKd8pXXLOTnOmvJttlO8ZPRimUi2QvEr 38uz9fdc0G9MVzPx7t3Qe+X+mccM4cdLEopm8XsoT7pxbi+bbenqzEteS8422uZ80l+iIONy R4mlOCPRUIu5qDgRAMFhHEO5AgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/szweKVTvIAm4lXWmXZUsIEeqLNs>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 17:08:35 -0000
Yes, my fault. From: Quynh Dang <quynh97@gmail.com<mailto:quynh97@gmail.com>> Date: Monday 12 October 2015 19:02 To: John Mattsson2 <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>> Cc: "TLS@ietf.org<mailto:TLS@ietf.org>" <TLS@ietf.org<mailto:TLS@ietf.org>>, Sean Turner <sean@sn3rd.com<mailto:sean@sn3rd.com>> Subject: Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security Hi John, Sha384 in the ciphersuite is the hash function to be used in hmac, not signatures, and the security of this hmac depends on the strenght of the hmac key and the tag size. Regards, Quynh. On Oct 12, 2015 12:50 PM, "John Mattsson" <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>> wrote: The statement i [1] is about AES, and is very true. AES-192 is very seldom used, and people tend to jump directly to AES-256. For ECC curves, the opposite is true, people tend to use P-384 instead of P-521. Most likely because of that P-384 is used in suite B. According to [2], Google Chrome recently dropped support of P-521. [2] https://support.globalsign.com/customer/portal/articles/1995283-ecc-compati bility The security level of the AES_256_GCM_SHA384-algorithms is clearly no more than 192 as SHA-384 is used. On 12/10/15 15:18, "Sean Turner" <sean@sn3rd.com<mailto:sean@sn3rd.com>> wrote: >It is interesting to note that in discussing update IPSec’s RFC 4307 >somebody suggested making 192 a MAY because folks only use 128/256 [1]. > >spt > >[1] http://mailarchive.ietf.org/arch/msg/ipsec/1F5h4j-dP5dLPCCAqg4iqgjjYFE > >On Oct 12, 2015, at 05:01, John Mattsson <john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com>> >wrote: > >> I think the selection of MTI Cipher Suites (Section 8.1 of >>draft-ietf-tls-tls13-09) is excellent, but I am missing a recommended >>ECC curve for the “SHOULD” cipher suites. Little benefit of using >>AES-256 with P-256 or curve25519. Shouldn’t there be a SHOULD implement >>ECC curve giving at least 192-bit security? E.g. >> >> "These cipher suites SHOULD support both digital signatures and key >>exchange with secp384r1 (NIST P-384)." >> >> Cheers, >> John >> >> <13DEFB94-F735-49B0-8196-BDB5C9017A32[3].png> >> >> JOHN MATTSSON >> MSc Engineering Physics, MSc Business Administration and Economics >> Ericsson IETF Security Coordinator >> Senior Researcher, Security >> >> Ericsson AB >> Ericsson Research >> Färögatan 6 >> SE-164 80 Stockholm, Sweden >> Phone +46 10 71 43 501 >> SMS/MMS +46 76 11 53 501 >> john.mattsson@ericsson.com<mailto:john.mattsson@ericsson.com> >> www.ericsson.com<http://www.ericsson.com> >> >> >> <D377E800-0A1A-43D3-AF5E-165F697789B5[3].png> >> >> This Communication is Confidential. We only send and receive email on >>the basis of the terms set out atwww.ericsson.com/email_disclaimer<http://atwww.ericsson.com/email_disclaimer> >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org<mailto:TLS@ietf.org> >> https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
- [TLS] TLS 1.3 Recommended ECC curve for 192-bit s… John Mattsson
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Michał Staruch
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… John Mattsson
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Sean Turner
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Yoav Nir
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… John Mattsson
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Quynh Dang
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… John Mattsson