IETF Logo Mail Archive

Re: [TLS] Do we need DH?

Tapio Sokura <tapio.sokura@iki.fi> Tue, 30 December 2014 07:23 UTC

Return-Path: <tapio.sokura@iki.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91CBF1AC3AC for <tls@ietfa.amsl.com>; Mon, 29 Dec 2014 23:23:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.048
X-Spam-Level:
X-Spam-Status: No, score=-0.048 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.652] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zJxYQGibFY5l for <tls@ietfa.amsl.com>; Mon, 29 Dec 2014 23:23:35 -0800 (PST)
Received: from gw02.mail.saunalahti.fi (gw02.mail.saunalahti.fi [195.197.172.116]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F4481A903C for <tls@ietf.org>; Mon, 29 Dec 2014 23:23:34 -0800 (PST)
Received: from woodstock.owlhill.net (a88-113-163-188.elisa-laajakaista.fi [88.113.163.188]) by gw02.mail.saunalahti.fi (Postfix) with ESMTP id E75B24005F for <tls@ietf.org>; Tue, 30 Dec 2014 09:23:31 +0200 (EET)
Received: from [IPv6:2001:14b8:14e:1:e41e:50e5:5314:6c22] (unknown [IPv6:2001:14b8:14e:1:e41e:50e5:5314:6c22]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by woodstock.owlhill.net (Postfix) with ESMTP id 2A65A734B261 for <tls@ietf.org>; Tue, 30 Dec 2014 09:23:31 +0200 (EET)
Message-ID: <54A252EA.1010905@iki.fi>
Date: Tue, 30 Dec 2014 09:23:22 +0200
From: Tapio Sokura <tapio.sokura@iki.fi>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: tls@ietf.org
References: <CACsn0cmD=YA4i889f--e_b-OahUVoYdKyQUaiUN--QKOmqn8uA@mail.gmail.com>
In-Reply-To: <CACsn0cmD=YA4i889f--e_b-OahUVoYdKyQUaiUN--QKOmqn8uA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/xddVYti7g_bGqjLgWsJieqkNwpE
Subject: Re: [TLS] Do we need DH?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Dec 2014 07:23:37 -0000

On 29.12.2014 0:38, Watson Ladd wrote:
> Given the low usage of the DH handshake, and potential vulnerabilities
> (not potential, but certainly not as well understood) should we keep
> it in TLS 1.3?

I'm a bit vary of putting all eggs in the same basket (here ECDH). Why
not allow the pre-parametrised form of DH described in
draft-ietf-tls-negotiated-ff-dhe in TLS 1.3 and drop the current way of
server sending the explicit group parameters?

With regards to all eggs being in the same basket, AES is also something
that really should have a realistic alternative standardized and
deployed _before_ (/if) AES is broken. Like SHA-3 is coming around the
corner while SHA-2 is still well alive and kicking.

  Tapio

v2.23.0 | Report a Bug | By Email