IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt

Geoffrey Keating <geoffk@geoffk.org> Fri, 24 October 2014 20:14 UTC

Return-Path: <geoffk@geoffk.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BACC1A19F9 for <tls@ietfa.amsl.com>; Fri, 24 Oct 2014 13:14:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xZnEUDl6XFAk for <tls@ietfa.amsl.com>; Fri, 24 Oct 2014 13:14:50 -0700 (PDT)
Received: from dragaera.releasedominatrix.com (dragaera.releasedominatrix.com [216.129.105.14]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54B0F1A0248 for <tls@ietf.org>; Fri, 24 Oct 2014 13:14:50 -0700 (PDT)
Received: by dragaera.releasedominatrix.com (Postfix, from userid 501) id 27D6C33D0E1; Fri, 24 Oct 2014 20:14:50 +0000 (UTC)
Sender: geoffk@localhost.localdomain
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C739B9D77B4@uxcn10-5.UoA.auckland.ac.nz>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: Fri, 24 Oct 2014 13:14:50 -0700
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C739B9D77B4@uxcn10-5.UoA.auckland.ac.nz>
Message-ID: <m2d29hrzr9.fsf@localhost.localdomain>
Lines: 22
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/tqg4dPC5jPQ3c6l3EaX74Y6tQEY
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 20:14:51 -0000

Peter Gutmann <pgut001@cs.auckland.ac.nz> writes:

> Alyssa Rowan <akr@akr.io> writes:
> 
> >No, it's blessing them even to list them. People will probably implement what
> >we specify.
> 
> So put in a note saying that use isn't recommended.  This isn't a bunch of
> Windows PCs with automatic update turned on, its unknown millions of embedded
> devices whose firmware is updated when the device falls apart and gets
> replaced, and for which you may get away with a small tweak from time to time
> but can't do any significant re-engineering once it's type-approved ("it
> works, don't touch it any more").

As a rule, devices whose firmware isn't/won't/can't be updated, won't
implement any new RFC, including this one.  So we are writing this RFC
for devices whose firmware will be updated and which are willing to
adopt 21st century technologies like ECDH or 2048-bit DH.

(And, for the record, I think it's insane to be even considering
standardising anything to do with 768-bit DH other than MUST NOT use
it!)

v2.23.0 | Report a Bug | By Email