Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
Michał Staruch <msta@cinkciarz.pl> Mon, 12 October 2015 09:34 UTC
Return-Path: <msta@cinkciarz.pl>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 134AE1A92E5 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 02:34:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.622
X-Spam-Level: *
X-Spam-Status: No, score=1.622 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zYCHz8HjgB-s for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 02:34:13 -0700 (PDT)
Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7CAB1A92E4 for <TLS@ietf.org>; Mon, 12 Oct 2015 02:34:12 -0700 (PDT)
Received: by lbbck17 with SMTP id ck17so16739538lbb.1 for <TLS@ietf.org>; Mon, 12 Oct 2015 02:34:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cinkciarz.pl; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=/OgOYuTrqJin5v3Le3i8/9+vLv9GsH/sKKzMdn8S8Z8=; b=Uk/VeEw25fve3DEnLhtcdt8MEh+5x8srucg7dJX6+/pgW00aHP/ueEwyS6xNsg/m+h cDpWSBu49w0S7GCdcBQgg5VVPCvtvJAuGzx4+XU7PmihjmM76WmVkr4FkfCDB/1h2Ahu K4Wy6VX4YyPNAPj7uGPcqL51ArjYTDMZSLrlI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=/OgOYuTrqJin5v3Le3i8/9+vLv9GsH/sKKzMdn8S8Z8=; b=Nfm5f5vqKiJi+BC5EsMzBVS86YjSV7p9CcFXM2Idew+u9ajcGZshRY/VU4fQZ6qVtK krE4Ibi7XAgxR91C43ihtWMZDoPybJQ/vEMEb1DhOeFQ6/kgQG9bXHO843Mvnm1IIiaN T5vdO3ZobbkG+fCYmjYeizbIz9jaC+2BO8j0Q8S/LLZVspGSM/TqnvNeTxX+tq70u1V9 1ABK1zdCvMvaYWUe9KJ8vwkTdafcPJTIAyQLSy7jlgiRGlG0Lhzb619Epc6djWEBwH3g GgY8LwRdH/xYW7mSFH1IXVV0c3fRM2zskeTXpnZgv7NfOloC3kbbULdFkXHigWsR+ub4 mCGQ==
X-Gm-Message-State: ALoCoQm64SKkGpzHMvWOvaWygFJQ/1PnyOoCxLvAmctIGWvrAfKrchnHOgMFTO9DbSXaYh5Ec8hy
MIME-Version: 1.0
X-Received: by 10.25.90.83 with SMTP id o80mr7634004lfb.47.1444642450639; Mon, 12 Oct 2015 02:34:10 -0700 (PDT)
Received: by 10.25.20.214 with HTTP; Mon, 12 Oct 2015 02:34:10 -0700 (PDT)
In-Reply-To: <D2414396.3D932%john.mattsson@ericsson.com>
References: <D2414396.3D932%john.mattsson@ericsson.com>
Date: Mon, 12 Oct 2015 11:34:10 +0200
Message-ID: <CAN1diftLbtGPQh6Bb4aVdjK-oc=OvP5snD9Tq-Gv1we9EzzOeg@mail.gmail.com>
From: Michał Staruch <msta@cinkciarz.pl>
To: John Mattsson <john.mattsson@ericsson.com>
Content-Type: multipart/related; boundary="001a1140042a1955260521e50860"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/vBipwQLhqWXa0QZysc97QO5AObo>
Cc: "TLS@ietf.org" <TLS@ietf.org>
Subject: Re: [TLS] TLS 1.3 Recommended ECC curve for 192-bit security
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 09:34:15 -0000
We already have "SHOULD support key exchange with X25519" in this section, so people implementing it should have no problems with adopting X448 <https://tools.ietf.org/html/draft-irtf-cfrg-curves-10#section-6.2> to achieve ~224 bit security where it's needed (and better performance than P-384). On Mon, Oct 12, 2015 at 11:01 AM, John Mattsson <john.mattsson@ericsson.com> wrote: > I think the selection of MTI Cipher Suites (Section 8.1 of > draft-ietf-tls-tls13-09) is excellent, but I am missing a recommended ECC > curve for the “SHOULD” cipher suites. Little benefit of using AES-256 with > P-256 or curve25519. Shouldn’t there be a SHOULD implement ECC curve giving > at least 192-bit security? E.g. > > "These cipher suites SHOULD support both digital signatures and key > exchange with secp384r1 (NIST P-384)." > > Cheers, > John > > > [image: line] > > *JOHN MATTSSON* > > *MSc Engineering Physics, MSc Business Administration and Economics* > > *Ericsson IETF Security Coordinator* > * Senior Researcher, Security* > > > Ericsson AB > Ericsson Research > Färögatan 6 > SE-164 80 Stockholm, Sweden > Phone +46 10 71 43 501 > SMS/MMS +46 76 11 53 501 > john.mattsson@ericsson.com > > www.ericsson.com > > > > [image: http://www.ericsson.com/] <http://www.ericsson.com/> > > > > This Communication is Confidential. We only send and receive email on the > basis of the terms set out atwww.ericsson.com/email_disclaimer > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > -- Pozdrawiam | Best Regards Michał Staruch | Information Security Officer ul. Sienkiewicza 9, 65-001 Zielona Góra msta@cinkciarz.pl Find us on Bloomberg CKPL <GO> [image: Cinkciarz.pl Sp. z.o.o] <https://cinkciarz.pl> *Cinkciarz.pl Sp. z o.o.* *Siedziba:* ul. Sienkiewicza 9, 65-001 Zielona Góra *Biuro PL:* Al. Jerozolimskie 123A, 00-965 Warszawa *Biuro UK:* The Broadgate Tower, 20 Primrose Street, London EC2A 2EW *Biuro USA:* 401 North Michigan Avenue, Chicago, Illinois, 60611 *Sekretariat:* +48 726 666 655 | *Infolinia:* +48 68 410 99 50 biuro@cinkciarz.pl | https://cinkciarz.pl KRS 0000364722 | Kapitał zakładowy 23.263.500 zł REGON 080465538 | NIP 9291830388 Audited by: Grant Thornton [image: Oficjalny sponsor Reprezentacji Polski w piłce nożnej] Treść tej wiadomości zawiera informacje poufne, przeznaczone tylko dla adresata. Udostępnianie, ujawnianie, powielanie, rozpowszechnianie bądź powoływanie się na jakikolwiek jej fragment przez inne osoby jest zabronione. W razie przypadkowego otrzymania tej wiadomości prosimy o powiadomienie o tym nadawcy oraz trwałe jej usunięcie. Informacje zawarte w tej wiadomości mogą być objęte tajemnicą zawodową lub chronione innymi przepisami prawnymi. Nadawca nie bierze odpowiedzialności za jakiekolwiek szkody spowodowane wirusem komputerowym przetransmitowanym w tej wiadomości. Poglądy i opinie przedstawione w tej wiadomości są wyłącznie poglądami i opiniami jej autora i niekoniecznie reprezentują poglądy i opinie firmy. This is a confidential e-mail intended solely for the use of the entity or the individual to whom it is addressed. Unauthorized publication, use, dissemination or disclosure of this message, either in whole or in part is strictly prohibited. If you have received this message in error please send it back to the sender and delete it. It may also be privileged or otherwise protected by work product immunity or other legal rules. The company accepts no liability for any damage caused by any virus transmitted by this e-mail. Any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company.
- [TLS] TLS 1.3 Recommended ECC curve for 192-bit s… John Mattsson
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Michał Staruch
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… John Mattsson
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Sean Turner
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Yoav Nir
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… John Mattsson
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… Quynh Dang
- Re: [TLS] TLS 1.3 Recommended ECC curve for 192-b… John Mattsson