IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-10.txt

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 03 June 2015 21:02 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 796E11B2D87 for <tls@ietfa.amsl.com>; Wed, 3 Jun 2015 14:02:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iHNJaywy2qj3 for <tls@ietfa.amsl.com>; Wed, 3 Jun 2015 14:02:35 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 069A01B2D85 for <tls@ietf.org>; Wed, 3 Jun 2015 14:02:35 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 33754F984; Wed, 3 Jun 2015 17:02:32 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 46EF120139; Wed, 3 Jun 2015 17:02:10 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Tony Arcieri <bascule@gmail.com>, Dave Garrett <davemgarrett@gmail.com>
In-Reply-To: <CAHOTMV+PUtkkC3Hy5BRQ+of+13F+2Jp+kSpqhFcm9Av984hLnA@mail.gmail.com>
References: <20150601225057.17500.96911.idtracker@ietfa.amsl.com> <201506031323.37163.davemgarrett@gmail.com> <877frk7keg.fsf@alice.fifthhorseman.net> <201506031613.13571.davemgarrett@gmail.com> <CAHOTMV+PUtkkC3Hy5BRQ+of+13F+2Jp+kSpqhFcm9Av984hLnA@mail.gmail.com>
User-Agent: Notmuch/0.20.1 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Wed, 03 Jun 2015 17:02:10 -0400
Message-ID: <87fv685wvh.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/yIJGuYy-AV5bjuIzlxMjFlCRy6k>
Cc: "<tls@ietf.org>" <tls@ietf.org>, Geoffrey Keating <geoffk@geoffk.org>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-10.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 21:02:36 -0000

On Wed 2015-06-03 16:50:59 -0400, Tony Arcieri wrote:
> That said, I think everyone is convincing me FFDHE *might* be a good idea.
> Particularly persuasive is Ilari's argument that with some tiny changes,
> ECDHE and FFDHE can be unified.

I think this is the biggest reason as well.  Dropping FFDHE with the
idea that we would fall back to RSA for key exchange would mean breaking
with our goal of moving to all PFS handshakes for TLS 1.3 (modulo PSK,
resumption, etc).

Keeping FFDHE allows us an ECC fallback (should we need it) while
keeping an otherwise unified framework for the newer version of the
protocol.  It also means that existing clients and servers that do FFDHE
properly (not older java, as you note) can continue to work without
requiring cutover immediately.

        --dkg

v2.23.0 | Report a Bug | By Email