IETF Logo Mail Archive

Re: [TLS] AD review of draft-ietf-tls-negotiated-ff-dhe-08

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 03 April 2015 20:25 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 753201A0381 for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 13:25:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gh1ya7YFUA_Z for <tls@ietfa.amsl.com>; Fri, 3 Apr 2015 13:25:45 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 461821A01D6 for <tls@ietf.org>; Fri, 3 Apr 2015 13:25:45 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 9AC65F984 for <tls@ietf.org>; Fri, 3 Apr 2015 16:25:42 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 17A9A201E4; Fri, 3 Apr 2015 15:25:40 -0500 (CDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: IETF TLS Working Group <tls@ietf.org>
In-Reply-To: <20150402020517.DBBDF1B25A@ld9781.wdf.sap.corp>
References: <20150402020517.DBBDF1B25A@ld9781.wdf.sap.corp>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Fri, 03 Apr 2015 16:25:40 -0400
Message-ID: <87zj6p9cxn.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/yUIn4RzDbveDT01TPfqlif-u7d0>
Subject: Re: [TLS] AD review of draft-ietf-tls-negotiated-ff-dhe-08
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 20:25:46 -0000

On Wed 2015-04-01 22:05:17 -0400, Martin Rex wrote:
> The problem with the quoted requirement in rfc4492 is (similar to several
> highly bogus and/or overbroad requirements in other TLS-related RFCs),
> that it does not distinguish PDU content from communication peer behaviour,
> and does not declare whether that requirement applies only to sender
> or also to recipient.

This suggestion seems to imply that we should be relaxing this
requirement (we've relaxed other overeager requirements in TLS that just
cause interop failure), which, iiuc, is what Stephen was proposing also.

> The result is, that there may easily exist server implementation of rfc4492
> which abort the TLS handshake when they receive a TLS ClientHello with
> the TLS ECC named_curve extension (and only ffdhe named curves in it)
> but no accompanying ECC cipher suites in the ClientHello cipher_suites_list,
> and that interoperability failure OUGHT to be avoided.  REALLY.

If you know of any server implementations that do this, please point me
(and/or the list) to them.

    --dkg

v2.23.0 | Report a Bug | By Email