IETF Logo Mail Archive

Re: [TLS] Short Ephermal Diffie-Hellman keys

Dr Stephen Henson <lists@drh-consultancy.demon.co.uk> Tue, 15 May 2007 15:34 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hnz2Z-0003kC-Nq; Tue, 15 May 2007 11:34:19 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hnz2Y-0003k4-NT for tls@lists.ietf.org; Tue, 15 May 2007 11:34:18 -0400
Received: from anchor-post-31.mail.demon.net ([194.217.242.89]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Hnz2V-0002jm-CY for tls@lists.ietf.org; Tue, 15 May 2007 11:34:18 -0400
Received: from drh-consultancy.demon.co.uk ([80.177.30.10] helo=[192.168.7.2]) by anchor-post-31.mail.demon.net with esmtp (Exim 4.42) id 1Hnz2A-000HYc-3J for tls@lists.ietf.org; Tue, 15 May 2007 15:33:56 +0000
Message-ID: <4649D2FD.2020309@drh-consultancy.demon.co.uk>
Date: Tue, 15 May 2007 16:34:21 +0100
From: Dr Stephen Henson <lists@drh-consultancy.demon.co.uk>
User-Agent: Thunderbird 2.0.0.0 (Windows/20070326)
MIME-Version: 1.0
To: tls@lists.ietf.org
Subject: Re: [TLS] Short Ephermal Diffie-Hellman keys
References: <op.tsa3n9ttqrq7tp@nimisha.oslo.opera.com> <4648AEA2.3020506@bolyard.com> <20070515130804.GA15682@tau.invalid>
In-Reply-To: <20070515130804.GA15682@tau.invalid>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cf4fa59384e76e63313391b70cd0dd25
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Bodo Moeller wrote:
> 
> It's only shorter secret values (DH exponents) that can be used in a
> secure way.  But then the client coudn't easily reject these anyway.
> 

Speaking of which what do people think about including the sub prime
value (aka "q") as an optional value in DH parameters in a TLS 1.2
handshake?

Steve.
-- 
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson@drh-consultancy.co.uk, PGP key: via homepage.

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email