Re: [TLS] Sending Custom DHE Parameters in TLS 1.3

"Blumenthal, Uri - 0553 - MITLL" <> Mon, 12 October 2020 23:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9258E3A0D2B for <>; Mon, 12 Oct 2020 16:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jMVZoOqHDtWZ for <>; Mon, 12 Oct 2020 16:50:50 -0700 (PDT)
Received: from (LLMX3.LL.MIT.EDU []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E074F3A0D1E for <>; Mon, 12 Oct 2020 16:50:49 -0700 (PDT)
Received: from ( by (unknown) with ESMTPS id 09CNoWii023917; Mon, 12 Oct 2020 19:50:32 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401;; cv=none; b=TGiN9mCVuVJNu3T6HHjqS47JF4Dx7imgDW6SQADNP5VynBFCnazDFURPgH/k7c8L+1Rx7X9+/yaWzZkmg4DMI7DcPpEzwGPu3RtaIK+kR1WnF5qe4iNdur2WgSNmmSz8hmUtYVGKzX1xpDoXLZtxPUu4yq5SdAnvJocBnAkVLhrDY168e3pBHADUHZpwYpzSjabZe17iHEPoRwzNN/q2KpvAm4k5PmepzuzyLlL8rsBdsXwzRutuuyW2KsCND6NPqPY2T2s6UAqkMgEO2jfXu5YWvu6lYVjatHjYvIOvGfEDhMT87HmmTc1YaVso+5hDTVRvMYgHM4E7LX4jDDNOjA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mYhvyBsiolewKktGzMjQvVkyAu2R8JV8NIK5YCq7Elc=; b=smsXUCbPEI6LdXzlHhznW2taWHqCWtXpNQAxUFJPqwM5wrx/RQT9MQAkTY65A7gX5OtzcClhTU6Q81VZm0hDuSxQTJpK2taxao6EQxqxNiZsXT49liOwYOOPuka5G9u9Q0p9iv1iLJgG9nB2VR188QrM+/Ejxpj8Dd19f0CtQB84Aluk/qowbtiFbKCDaoCUKvp3/ZHCOg2N8rK/nk/V8Ac1/W3g2rAfmDFCXO+yyxb492EMpYzI48bB8eVHkau/eJ0N5LvGr5dO70pFLp3r0u3+eOhFFlFlR8HeaG0jJP5Ih5jGBEUT1l6xgHlqbrqRNdwu7xGCm4B9C7Lg2TbeqQ==
ARC-Authentication-Results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <>
To: Peter Gutmann <>
CC: TLS List <>
Thread-Topic: [TLS] Sending Custom DHE Parameters in TLS 1.3
Thread-Index: AQHWoLYGtcjhKiOao06UF4I+ILR3K6mUOOIAgABoP4CAAAJGgA==
Date: Mon, 12 Oct 2020 23:50:07 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e405b3ac-3a4c-4b91-ffd0-08d86f098d38
x-ms-traffictypediagnostic: BN3P110MB0258:
x-microsoft-antispam-prvs: <BN3P110MB025822C66D3621B0C024292590070@BN3P110MB0258.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:1728;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-forefront-antispam-report: CIP:; CTRY:; LANG:; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN3P110MB0241.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(75432002)(2906002)(186003)(6506007)(2616005)(4326008)(53546011)(66946007)(956004)(8936002)(966005)(5660300002)(76116006)(498600001)(86362001)(6486002)(6512007)(6916009)(71200400001)(66476007)(66616009)(33656002)(8676002)(66446008)(64756008)(99936003)(66556008)(26005); DIR:OUT; SFP:1102;
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; boundary="Apple-Mail-A181DAB2-57F0-4294-B87B-E7B1D86456B7"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN3P110MB0241.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: e405b3ac-3a4c-4b91-ffd0-08d86f098d38
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2020 23:50:08.6637 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3P110MB0258
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-12_18:2020-10-12, 2020-10-12 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2009150000 definitions=main-2010120173
Archived-At: <>
Subject: Re: [TLS] Sending Custom DHE Parameters in TLS 1.3
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 12 Oct 2020 23:50:52 -0000

In some cases toy key sizes are necessary. 

E.g., classes where your students break encryption because the keys are weak or small.


> On Oct 12, 2020, at 19:42, Peter Gutmann <> wrote:
> Ilari Liusvaara <> writes:
>> The Diffie-Hellman support in TLS 1.2 is severly broken. There is no way to
>> use it safely on client side. This has lead to e.g., all the web browers to
>> remove support for it.
> It's actually pretty simple, don't use toy key sizes.  Many implementations
> were never vulnerable to Logjam et al because they applied the simple measure
> of... not using toy key sizes.
>> There is no way to ensure that the parameters sent are not totally broken,
>> e.g.:
> This requires that the server that you're connecting to is malicious.  If
> you're connecting to a malicious server then you've got bigger things to worry
> about then what they set g to.
>> This has lead to e.g., all the web browers to remove support for it.
> Because throwing out the baby with the bathwater and jumping on the next shiny
> thing that comes along every time someone points out a problem seems to be a
> requirement for crypto protocol implementers.
> Peter.
> _______________________________________________
> TLS mailing list