[TLS] security levels for TLS

"Nikos Mavrogiannopoulos" <nmav@gnutls.org> Mon, 08 October 2007 13:22 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IesYq-0007Jv-9V; Mon, 08 Oct 2007 09:22:16 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IesYo-0007JV-VC for tls@lists.ietf.org; Mon, 08 Oct 2007 09:22:14 -0400
Received: from ug-out-1314.google.com ([66.249.92.174]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IesYi-0006qX-PD for tls@lists.ietf.org; Mon, 08 Oct 2007 09:22:14 -0400
Received: by ug-out-1314.google.com with SMTP id z38so763992ugc for <tls@lists.ietf.org>; Mon, 08 Oct 2007 06:21:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; bh=Rpyizvm/Foy5xO0Qjy0yCvmKFtR4hvPvst8/b3kgLO8=; b=Egr+c3kE5e+l2k3bdX8UXXChx0hUEVJ2uWFNLzUQOHNpEUVCiuXagFKkFgxzWlzfkeo4/SfxET6pmvaILywQx2xNuaNrHb0SBW3/8m9ls1E62jbUK5J+3D6Nq2scQ9p17YMbtB0IXmObSZOw7HQ0uO94zyfFfudL5n/Bitmuzp4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=RERE1vvAGytYCHl0HhIwX146TCmi+Koj0bCquqvXFlHy3LxmyjKPrn/TzRD5PNdX3xqe8ckeG9vBIJJuDkoROAVMtI74csmBs7faF0CbJ2KnpuxEdU9WDGF1BR0eOLTmbfXxL/h15/F8pFHQtlijvaxw9CHzCWmbz8hwdyQd934=
Received: by 10.78.130.6 with SMTP id c6mr3957160hud.1191849702490; Mon, 08 Oct 2007 06:21:42 -0700 (PDT)
Received: by 10.78.146.7 with HTTP; Mon, 8 Oct 2007 06:21:42 -0700 (PDT)
Message-ID: <c331d99a0710080621g7c0ec91et35c46553c23f4402@mail.gmail.com>
Date: Mon, 08 Oct 2007 16:21:42 +0300
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: tls@lists.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Google-Sender-Auth: 714f163f11231dcd
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Subject: [TLS] security levels for TLS
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Hello,
 It seems that in TLS the security level of a connection relies on
several factors including the ciphersuite. In certificate
authentication the certificate plays also a large factor in the
security, and especially the public key of it, plus the signer's
public key.

This is not visible and neither understandable in everyday work with
TLS by typical users. For example a browser connection to a site with
a 512 bit RSA key that negotiated an 128 bit ciphersuite will not
differ to a connection with a 2048 bit RSA key and the same
ciphersuite, with regard to visible user data. This makes difficult
for users to judge the security level of the connection and one must
never assume that a user would understand what a 512 bit RSA key
means.

For this reason I think using some form of uniform security levels to
indicated TLS security would be useful in end-applications. Those
levels could be defined in steps (as in [0]), based on objective
information of the key sizes in the certificates, the DHE prime and
generator sizes (if applicable), the MAC output size of the
ciphersuite as well as the key size of the cipher.

Then the security level could be printed either as a number (70 bits
of security) or as "weak, low, medium, high" based on some definitions
of these terms... I could make it more detailed if there is some
interest. What do you think?

regards,
Nikos

[0]. "Practical Cryptography", Fergunson, Schneier

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls