Re: [TLS] TLS 1.2 draft
Martin Rex <martin.rex@sap.com> Tue, 06 March 2007 17:41 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOdfX-0001Vs-Bn; Tue, 06 Mar 2007 12:41:47 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOdfW-0001Vm-D5 for tls@ietf.org; Tue, 06 Mar 2007 12:41:46 -0500
Received: from smtpde02.sap-ag.de ([155.56.68.170]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HOdfU-0002e6-0w for tls@ietf.org; Tue, 06 Mar 2007 12:41:46 -0500
Received: from sap-ag.de (smtpde02) by smtpde02.sap-ag.de (out) with ESMTP id SAA23872; Tue, 6 Mar 2007 18:41:36 +0100 (MEZ)
From: Martin Rex <martin.rex@sap.com>
Message-Id: <200703061740.SAA00305@uw1048.wdf.sap.corp>
Subject: Re: [TLS] TLS 1.2 draft
To: ekr@networkresonance.com
Date: Tue, 06 Mar 2007 18:40:46 +0100
In-Reply-To: <86abyq2soa.fsf@delta.rtfm.com> from "EKR" at Mar 6, 7 09:22:29 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
X-SAP: out
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
EKR wrote: > > Martin Rex <martin.rex@sap.com> writes: > > > EKR wrote: > >> > >> - Remove ephemeral RSA [issue 3] > > > > This makes me sad. > > > > I would have SIGNIFICANTLY preferred if temporary/ephemeral RSA > > had been retained and the restriction to the RSA_EXPORT ciphersuites > > had been removed instead. > > > > As I had previously explained, the use of temporary/ephemeral RSA > > with same-strength keys as the server's certificate would make > > key-stealing of the servers' key much less useful for passive > > attacks. > > The recommendation is to use RSA/DHE for these applications. Can > you explain why you think ephemeral RSA is superior? The Server's RSA key is typically used for at least one year (or longer if renewal just extends the cert lifetime and keeps the key/keypair). If an attacker gets hold of the Servers private RSA key, he can passively monitor (decrypt) all sessions using a RSA-based ciphersuite. When a temporary/ephemeral keypair is used for key exchange, then possession of the private RSA key will not be sufficient to passively monitor (decrypt) SSL sessions with the server using an RSA ciphersuite with a temporary/ephemeral keypair. It will require an active (MITM) attack. -Martin _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] TLS 1.2 draft EKR
- Re: [TLS] TLS 1.2 draft Nelson B Bolyard
- Re: [TLS] TLS 1.2 draft EKR
- Re: [TLS] TLS 1.2 draft Nelson B Bolyard
- [TLS] Re: TLS 1.2 draft Simon Josefsson
- RE: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… Pasi.Eronen
- Re: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… Mike
- Re: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… EKR
- Re: [TLS] Re: TLS 1.2 draft Wan-Teh Chang
- Re: [TLS] TLS 1.2 draft Martin Rex
- Re: [TLS] TLS 1.2 draft EKR
- Re: [TLS] TLS 1.2 draft Martin Rex
- Re: [TLS] TLS 1.2 draft Eric Rescorla
- Re: [TLS] TLS 1.2 draft Dr Stephen Henson
- Re: [TLS] Re: TLS 1.2 draft Dr Stephen Henson
- [TLS] Re: TLS 1.2 draft Simon Josefsson
- Re: [TLS] Re: TLS 1.2 draft Steven M. Bellovin
- RE: [TLS] TLS 1.2 draft Pasi.Eronen
- RE: [TLS] Re: TLS 1.2 draft Pasi.Eronen
- Re: [TLS] Re: TLS 1.2 draft Martin Rex
- RE: [TLS] Re: TLS 1.2 draft Pasi.Eronen
- RE: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… Pasi.Eronen
- Re: [TLS] Re: TLS 1.2 draft Wan-Teh Chang
- [TLS] Re: TLS 1.2 draft EKR