[TLS] Deprecating Obsolete Key Exchange Methods in TLS
Nimrod Aviram <nimrod.aviram@gmail.com> Wed, 02 March 2022 17:11 UTC
Return-Path: <nimrod.aviram@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6551B3A08F2 for <tls@ietfa.amsl.com>; Wed, 2 Mar 2022 09:11:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5cQRmll5g76V for <tls@ietfa.amsl.com>; Wed, 2 Mar 2022 09:11:55 -0800 (PST)
Received: from mail-vk1-xa30.google.com (mail-vk1-xa30.google.com [IPv6:2607:f8b0:4864:20::a30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 163113A0953 for <tls@ietf.org>; Wed, 2 Mar 2022 09:11:55 -0800 (PST)
Received: by mail-vk1-xa30.google.com with SMTP id j12so1270783vkr.0 for <tls@ietf.org>; Wed, 02 Mar 2022 09:11:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc; bh=yMgdaRHS8DydKjSlZvm3Gk0ltR8A6D+rZjeyuK3+nEs=; b=V/XMRVyoWZ2ifPineaONDyPUnYQEbVxJYarvC0qCVno+OfHB2Gw34ebxPZf0OhiqGs 6LNKZqUczBgdhkNVT16PyJrxpQOXeTVK9GnANv4dIgVDITYpFWcsKS85geSNENLeIZdn 1wQ4V+UEbE+K98zjhNFiOnSjUX5wnIjtaoYNseiUWwIcP7H16CLEiG0+ELXyp7m5Ts+G vwig8hSFdi/mG+gmOLjvQE1Fa7/VgRbLrmjBWGws0zEng0dAmVGoJMPReiEGdxSUQzjx uhSc0y3p7x2n8ZXbPyvnW40gCF1txAlr7//a2Yoh2/slhFP/uqvq1t6JIfDfDK4ZAQxz 3pyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=yMgdaRHS8DydKjSlZvm3Gk0ltR8A6D+rZjeyuK3+nEs=; b=eD4Hc3F+LdkOGidLl+kRZEtz2jU8kf1vcMN9G1FCTiCZFBiL8oMJwuDAi9iZFMme0L evkLXxhJQehwBJhFKwrubircVrIqLxxT1lMzpdz1kYmbbwqA7yTfGvxKqBEBU/TilCA7 GXxar3xzRC3KSOsnExaK3iKdL+RyulsofgadO32LeHNxH/GTinSgRGrY82JTvdhert0H mwnzeNqco5sHO6Mf6CJYYhHkIo09nIqotPTBLvdVgbYCj1ak1J7+d8a1yRg5DjmC2Quk nyGVBFaji4IG2CFLonXiMNNFREr4bPnEA6OSDE+fWAh1F26stJh/dbbLOvJBwdieQ1NN H8+g==
X-Gm-Message-State: AOAM532cfgRdUzBgcqQZnRjUQz0vqHveq6oaHIh/ai7a9Wv30SVGQ3pS xJhKqb5S4/ElO+JC3DUIJZlaOzU0kVmakQ3Nskhc29cyTJM=
X-Google-Smtp-Source: ABdhPJx8FVaOTo6Aoc0gHImwQOyUgFN6Uo20EqqR0RQN8csQy3v2WLspC57yjAklrc2e9ix7cAZsb1+ozV9UN2OPfJc=
X-Received: by 2002:a05:6122:da8:b0:331:3b30:8b40 with SMTP id bc40-20020a0561220da800b003313b308b40mr13161163vkb.30.1646241113541; Wed, 02 Mar 2022 09:11:53 -0800 (PST)
MIME-Version: 1.0
From: Nimrod Aviram <nimrod.aviram@gmail.com>
Date: Wed, 02 Mar 2022 19:11:42 +0200
Message-ID: <CABiKAoRZZy2Bqgf_QJOQxiyREwLscOWJ9LeqgEvam7Lz+dqyCA@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Cc: Carrick Bartle <cbartle@apple.com>
Content-Type: multipart/alternative; boundary="000000000000c9908a05d93f6041"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vW3vPoDV4MVHXgAUJfVQuZIGyxM>
Subject: [TLS] Deprecating Obsolete Key Exchange Methods in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2022 17:12:04 -0000
Hi Everyone, Following the discussions around draft-bartle-tls-deprecate-ffdh and draft-aviram-tls-deprecate-obsolete-kex, and after consulting the chairs, we have merged the two drafts into draft-aviram-tls-deprecate-obsolete-kex <https://datatracker.ietf.org/doc/draft-aviram-tls-deprecate-obsolete-kex/>. The merged draft prescribes the following: 1. RSA key exchange is a MUST NOT. 2. Non-ephemeral finite-field DH is a MUST NOT. 3. Non-ephemeral ECDH is a SHOULD NOT. 4. Ephemeral finite-field DH (DHE) is a MAY, only when fully ephemeral, and only using a well-known group of size at least 2048 bits. We added greater justification for point 3 <https://www.ietf.org/archive/id/draft-aviram-tls-deprecate-obsolete-kex-01.html#name-security-considerations-2> above to address concerns previously raised on the list. We'd love to hear your thoughts. best wishes, Carrick and Nimrod
- [TLS] Deprecating Obsolete Key Exchange Methods i… Nimrod Aviram
- Re: [TLS] Deprecating Obsolete Key Exchange Metho… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Deprecating Obsolete Key Exchange Metho… David Benjamin
- Re: [TLS] Deprecating Obsolete Key Exchange Metho… Salz, Rich
- Re: [TLS] Deprecating Obsolete Key Exchange Metho… Carrick Bartle