Re: [TLS] security levels for TLS
Mike <mike-list@pobox.com> Fri, 12 October 2007 21:41 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgSFo-00073J-Ni; Fri, 12 Oct 2007 17:41:08 -0400
Received: from tls by megatron.ietf.org with local (Exim 4.43) id 1IgSFn-000733-Dd for tls-confirm+ok@megatron.ietf.org; Fri, 12 Oct 2007 17:41:07 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IgSFn-00070W-3y for tls@lists.ietf.org; Fri, 12 Oct 2007 17:41:07 -0400
Received: from sceptre.pobox.com ([207.106.133.20]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IgSFW-0005sk-O1 for tls@lists.ietf.org; Fri, 12 Oct 2007 17:40:56 -0400
Received: from sceptre (localhost.localdomain [127.0.0.1]) by sceptre.pobox.com (Postfix) with ESMTP id 1A7A02EF for <tls@lists.ietf.org>; Fri, 12 Oct 2007 17:40:24 -0400 (EDT)
Received: from [192.168.1.8] (wsip-24-234-114-35.lv.lv.cox.net [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sceptre.sasl.smtp.pobox.com (Postfix) with ESMTP id D954A89367 for <tls@lists.ietf.org>; Fri, 12 Oct 2007 17:40:23 -0400 (EDT)
Message-ID: <470FEA1F.7030500@pobox.com>
Date: Fri, 12 Oct 2007 14:41:51 -0700
From: Mike <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: tls@lists.ietf.org
Subject: Re: [TLS] security levels for TLS
References: <c331d99a0710080621g7c0ec91et35c46553c23f4402@mail.gmail.com> <p0624082fc331b0ed0ecc@[192.168.1.100]> <FA998122A677CF4390C1E291BFCF59890849871E@EXCH.missi.ncsc.mil> <470D0243.3050009@pobox.com> <20071010180324.7ABC533C21@delta.rtfm.com> <470E4399.3010008@pobox.com> <20071011155829.965C733C28@delta.rtfm.com> <470EF76B.5050102@pobox.com> <20071012045718.DE16033C21@delta.rtfm.com> <470FB525.7010308@pobox.com> <20071012180445.1D22D33C21@delta.rtfm.com> <470FC52E.6080707@pobox.com> <p06240828c3357a914a76@[192.168.1.3]>
In-Reply-To: <p06240828c3357a914a76@[192.168.1.3]>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 82c9bddb247d9ba4471160a9a865a5f3
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
>> How long do you think it would take >> to add this extension to a TLS toolkit? In my own code, I could >> probably do it in less than a day, with time left over to get in a >> round of 18 holes. > > No doubt. Of what positive and negative value would such code be? Positives: - this would allow a server to maintain multiple sets of keys and certificate chains of varying cryptographic strength; clients with differing requirements could ask for the level they desire, instead of being stuck with the lowest common denominator - a server could support multiple sets of Diffie-Hellman parameters, such as all of the groups in RFC 3526; a client could choose the parameters rather than being forced to accept the server's default (which is probably chosen more for performance than security) - knowing exactly what the client is looking for helps the server select the appropriate cipher suite without the need for the client to renegotiate the connection; for example, if the server only supports 1024-bit DH parameters, and the client asks for 1536-bit, the server can skip past the DHE_* cipher suites and select maybe an RSA-based cipher suite that the client would accept - this mechanism would give power to the client that it currently doesn't have, to directly influence the crypto- graphic strength of the connection beyond simply listing acceptable cipher suites - hash agility (or now signature algorithm agility) is being added to TLS; this is cryptographic strength agility - a client is free to develop its own security profiles; no "standard" profiles would be defined - a server can keep statistics on the values it receives, allowing an administrator to know when it would make sense to add support for longer keys, based on actual demand Negatives: - effort is needed to write a specification and approve it - a server may not support the extension, so a client may have to implement an inefficient renegotiation scheme in addition anyway - Eric doesn't like it ;-) - Others? > Confusing and/or giving users false senses of security are definitely > negative. Fully agreed. I don't see how this would be confusing or give a false sense of security. The client still has to check that the requested key lengths (and other parameters it cares about) are satisfied in the negotiated session. Mike _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Yngve Nysaeter Pettersen
- Re: [TLS] security levels for TLS Paul Hoffman
- RE: [TLS] security levels for TLS Kemp, David P.
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Steven M. Bellovin
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Paul Hoffman
- Re: [TLS] security levels for TLS Nikos Mavrogiannopoulos
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Nicolas Williams
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Mike
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Eric Rescorla
- Re: [TLS] security levels for TLS Paul Hoffman