Re: [TLS] AD review of draft-ietf-tls-negotiated-ff-dhe-08

Hi all,

So I've gotten responses for both issues, and will now start
the IETF LC. Please comment as part of that if you think there's
something more to be done.

Cheers,
S.

On 01/04/15 00:56, Stephen Farrell wrote:
> 
> Hiya,
> 
> I've done my AD review of this, and it's very good. I have
> two questions I'd like to check on before starting IETF
> last call. If the answers are already in the list archive,
> then just pointing there is entirely fine. If not, well,
> they're not such hard questions:-)
> 
> #1 Have we tested in the wild that using elliptic_curves (10)
> in the ClientHello won't trigger some ECC code that causes
> handshakes to barf?
> 
> #2 I've never quite gotten the reasoning behind not giving
> any names to any of the RFC3526 curves and I think that
> question deserves an answer (to be in the list archive).
> So - why not?
> 
> Cheers,
> S.
> 
> PS: I also have a bunch of nitty nits, feel free to handle
> those however is best.
> 
> - intro: What is "Traditional TLS"? Ye olde something or
> other? :-)
> 
> - intro: "p > 1024 bits" is fine by me but better would be
> to say "p is longer than 1024 bits"
> 
> - s3, 2nd para: I suggest a para break before you get to the
> bit about both ECC and DHE.
> 
> - s3, 3rd para: what is the "these" in here? This reads a
> bit oddly.
> 
> - 5.1: "public key" is less common than "public value" I
> think, when talking about DH. FWIW, I prefer value as saying
> key confuses some people into thinking this is a long term
> value.
> 
> - 5.2: 4419 has a reference to a Paul Van Oorschot paper
> that justifies the security here. Did we check there are no
> more recent results? (Esp ones that might invalidate the
> optimisation.) Could also be good to include whatever is
> today's best reference for this directly rather than just
> via 4419.
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 
> 