IETF Logo Mail Archive

Re: [TLS] consensus call: deprecate all FFDHE cipher suites

Nimrod Aviram <nimrod.aviram@gmail.com> Fri, 10 March 2023 14:05 UTC

Return-Path: <nimrod.aviram@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B0FEC17B32F for <tls@ietfa.amsl.com>; Fri, 10 Mar 2023 06:05:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id saRCjH5lfFeN for <tls@ietfa.amsl.com>; Fri, 10 Mar 2023 06:05:25 -0800 (PST)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C261C151535 for <tls@ietf.org>; Fri, 10 Mar 2023 06:05:25 -0800 (PST)
Received: by mail-ed1-x52c.google.com with SMTP id k10so20762393edk.13 for <tls@ietf.org>; Fri, 10 Mar 2023 06:05:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678457123; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=xUChYq3IPdWIrmIxYbSo9uAZ7qfLsIPADci/55vA9sQ=; b=ZVgLqsXG/+wJt+Hfpc+zkdYyh6mhgWhFaxNmq9lWAXfTBmdTTJcyvOFZ9ZFqxYfpSH pBKVZpS2csrgWfjqAvpo21s2pGi/wUWFLbpGWLsjt+gp3HVRiWgL0T2FZdb8hZ1wm8ru JHsQKnVvYaoCO0h2Qt1NuHcBvpMpFTToJ4Puyc/F6fS686JP/evy8fi79GBejD+woay4 W1ucgTOGcmc4N4CbFkkVsVhUH7675qFPopIxKgqL3NOEOTw5MkwuaOe2ZymV+CARzJAY +XtOC9h+P+N0ci8h0eUa1cD3LtxMNzdOqu1Hmmm6Zhr989tC/p1bO+yHr7GrWQq5B4uR uoxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678457123; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xUChYq3IPdWIrmIxYbSo9uAZ7qfLsIPADci/55vA9sQ=; b=UI3+HpLdAg3gQvgaHfq/OWl06iNTVnN82C9I8kRHShp5cRIVeawHlv6a/3JtxeBpSZ aUsasaERiAfYS+2WMO5YqCZO9PJKDNFYJe4VbJCESBkxPJZofYltY83bjoJotF0o7aVt JRt3c9Ou0rsRVXGOC/nnFfB1wtA2sPmHZNGY5HTF2TOJ/Lx/TVwo4OyL8EeH+EivcG5k Jv/bGNI5zoqjM03xjKZBpE8a394IAjscfujsxFC9vLnl8eXnUXu8qpevPvUh143IzDfa 2Ou89ogYnOwrrLZlv9FT4odJiARjf+JO8gVQ4PozKUkX8Y8YIrKJdXuUjzFi6tlU2GHx ze7Q==
X-Gm-Message-State: AO0yUKWDt+/jqlT4C19rIC01CKzzhmrjbKXwYa0OpvYONAbEXPjKhY8W cqIsbvY+Du9FkcdAlBbqeWPwPfYhDsBHELp0CWY=
X-Google-Smtp-Source: AK7set8FLgumm53EoD+FviUn3LcoFES5mml1fU7OE0Erz02cHFBV3KO1QwVxyWYg7RmPXbue6gcmwGztTKtgk4yxC4c=
X-Received: by 2002:a50:baa7:0:b0:4ac:b832:856c with SMTP id x36-20020a50baa7000000b004acb832856cmr14387137ede.1.1678457123154; Fri, 10 Mar 2023 06:05:23 -0800 (PST)
MIME-Version: 1.0
References: <AAEB9108-0EFA-4F77-81FB-8767927428E9@sn3rd.com> <23F0D72A-AE59-4854-81B8-931884B7EAB9@heapingbits.net>
In-Reply-To: <23F0D72A-AE59-4854-81B8-931884B7EAB9@heapingbits.net>
From: Nimrod Aviram <nimrod.aviram@gmail.com>
Date: Fri, 10 Mar 2023 16:05:11 +0200
Message-ID: <CABiKAoSM0m+M-s4_Q2s1jog8GfCBWA4QDDyDa-uWQ7jBsq_XQA@mail.gmail.com>
To: Christopher Wood <caw@heapingbits.net>
Cc: Sean Turner <sean@sn3rd.com>, "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000098abf205f68c40ff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vsM5hxDFSVLgCId_YICZKOeFQB4>
Subject: Re: [TLS] consensus call: deprecate all FFDHE cipher suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2023 14:05:29 -0000

> Authors, can you please update the document (and fix the clarification
that Ekr recently raised) at your convenience?
Sure, I'll start working on it.

best,
Nimrod


On Fri, 10 Mar 2023 at 03:35, Christopher Wood <caw@heapingbits.net> wrote:

> First, let us apologize for taking so long to conclude this consensus
> call. We should have closed this much sooner.
>
> After reviewing the responses on the mailing list, and taking into
> consideration discussions that took place during meetings, it is our
> assessment that there is rough consensus to deprecate FFDHE in TLS 1.2,
> i.e., all TLS_DHE_* ciphersuites.
>
> Authors, can you please update the document (and fix the clarification
> that Ekr recently raised) at your convenience?
>
> Best,
> Chris, Joe, Sean
>
> > On Dec 13, 2022, at 9:46 AM, Sean Turner <sean@sn3rd.com> wrote:
> >
> > During the tls@IETF 115 session topic covering
> draft-ietd-tls-deprecate-obsolete-kex, the sense of the room was that there
> was support to deprecate all FFDHE cipher suites including well-known
> groups. This message starts the process to judge whether there is consensus
> to deprecate all FFDHE cipher suites including those well-known groups.
> Please indicate whether you do or do not support deprecation of FFDHE
> cipher suites by 2359UTC on 6 January 2023. If do not support deprecation,
> please indicate why.
> >
> > NOTE: We had an earlier consensus call on this topic when adopting
> draft-ietd-tls-deprecate-obsolete-kex, but the results were inconclusive.
> If necessary, we will start consensus calls on other issues in separate
> threads.
> >
> > Cheers,
> > Chris, Joe, and Sean
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email