Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-10.txt

Tony Arcieri <> Wed, 03 June 2015 08:28 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 770691B364B for <>; Wed, 3 Jun 2015 01:28:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gtYeKFKQa_vD for <>; Wed, 3 Jun 2015 01:28:20 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4003:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 855A51B364A for <>; Wed, 3 Jun 2015 01:28:20 -0700 (PDT)
Received: by obew15 with SMTP id w15so2162250obe.1 for <>; Wed, 03 Jun 2015 01:28:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=cYhwXl8R+kHyniDIp5OS+qSqwKuy1yU87W6kok4SVaU=; b=WowfzJmwo1cI3nzEtqnxATk83F+pz0VFOsSN8COPGL0KjBv1OZRR2yBKtvutpZruQm p1OL6g06cLXN91uw5UaBjlVVXMr6otQEhLjNt6PqgkP0vo40sJk1zwx5py7yU9XfySYD SjJySPKkS0MWCvLCcnQrDocw850VB+zQmKkCQv+td/mkJh4TwckS3SU8MX8OF6E+TbTB TeP6+28prMP37LGm4LepuZUjyv16EZomro6p+/vDv9U2MkDa5AZcMiJQt00geCp7i4LT cqvH198lYA7z/7oh+9uE2yKAVlDKk69+28sG9hes7MDGRMjU61LGbRi1IfNM1TBYdRIv SSsw==
X-Received: by with SMTP id fk2mr26671150obb.35.1433320099950; Wed, 03 Jun 2015 01:28:19 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 3 Jun 2015 01:27:59 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <m2lhg1b8us.fsf@localhost.localdomain> <> <BLU177-W17E87DB68F54CE64BDC44C3B40@phx.gbl> <> <BLU177-W1EA1B34A70F648FD8C139C3B40@phx.gbl> <> <> <>
From: Tony Arcieri <>
Date: Wed, 3 Jun 2015 01:27:59 -0700
Message-ID: <>
To: Peter Gutmann <>
Content-Type: multipart/alternative; boundary=089e013a0420683559051798d738
Archived-At: <>
Cc: Geoffrey Keating <>, TLS WG <>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-10.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 03 Jun 2015 08:28:22 -0000

On Wed, Jun 3, 2015 at 1:22 AM, Tony Arcieri <> wrote:

> On Wed, Jun 3, 2015 at 1:07 AM, Peter Gutmann <>
> wrote:
>> *You've got that exactly reversed, it's not "DHE is breaking Java
>> handshakes", it's "(Sun/Oracle's) Java is breaking DHE handshakes".*
> Here in the real world things are written in Java and we have to deal with
> that. Idealistically I'd wave a magic wand and all of the legacy cruft
> would go away. Unfortunately I don't have that magic wand. I have to keep
> the real-world systems talking to each other.
> I want real-world solutions to real-world problems, not idealistic
> zealotry.

Worse, I didn't bring up Java. Java was specifically cited in argument of
this draft:

On Tue, Jun 2, 2015 at 5:54 AM, Hubert Kario <> wrote:

> as it was pointed out many times

^^^ perhaps this was the line that set me off, but this is painfully
antagonistic to me especially given what I've been dealing with recently.
Saying things like this is tantamount to a personal attack and if you have
a technical argument to make this is possibly the worst way you can prefix
it. Dear Hubert, don't frame your argument this way, it just makes me
dislike you.

adding support for ECC is complex (both because of compexity of ECC and
> because it's
a completely new set of algorithms)

Many JCE providers already support ECC including BouncyCastle and the
default JCE providers in Java 7 and 8 so this statement is just wrong.
Modern Java implementations just won't negotiate DHE unless the server
can't speak ECDHE.

> This allows us to move away from defaulting to 1024bit or 2048bit on server
> side in fear of breaking, for example, Java based clients

Please show me an HTTPS server I can point my DHE-enabled Java 6 and 7
clients at and have them successfully negotiate a TLS session. I dare you.

Tony Arcieri