IETF Logo Mail Archive

Re: [perpass] TLS/SSL Perfect Forward Secrecy and Key Rotation

Patrick Pelletier <code@funwithsoftware.org> Fri, 06 September 2013 00:54 UTC

Return-Path: <code@funwithsoftware.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B93F521E808C for <perpass@ietfa.amsl.com>; Thu, 5 Sep 2013 17:54:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2XECgJv0dPgJ for <perpass@ietfa.amsl.com>; Thu, 5 Sep 2013 17:54:16 -0700 (PDT)
Received: from asbnvacz-mailrelay01.megapath.net (asbnvacz-mailrelay01.megapath.net [207.145.128.243]) by ietfa.amsl.com (Postfix) with ESMTP id 165F821E8084 for <perpass@ietf.org>; Thu, 5 Sep 2013 17:54:15 -0700 (PDT)
Received: from mail6.sea5.speakeasy.net (mail6.sea5.speakeasy.net [69.17.117.50]) by asbnvacz-mailrelay01.megapath.net (Postfix) with ESMTP id 63CAE1EE4F69 for <perpass@ietf.org>; Thu, 5 Sep 2013 20:54:14 -0400 (EDT)
Received: (qmail 23446 invoked from network); 6 Sep 2013 00:54:13 -0000
Received: by simscan 1.4.0 ppid: 8320, pid: 16353, t: 1.4464s scanners: clamav: 0.88.2/m:52/d:10739 spam: 3.0.4
Received: from dsl017-096-185.lax1.dsl.speakeasy.net (HELO [192.168.11.2]) (ppelleti@[69.17.96.185]) (envelope-sender <code@funwithsoftware.org>) by mail6.sea5.speakeasy.net (qmail-ldap-1.03) with AES128-SHA encrypted SMTP for <perpass@ietf.org>; 6 Sep 2013 00:54:12 -0000
Message-Id: <A86F0799-53BF-4D99-B31F-D6F26EFAFEE4@funwithsoftware.org>
From: Patrick Pelletier <code@funwithsoftware.org>
To: perpass@ietf.org
In-Reply-To: <66BFDF4E-52DE-407B-8BF7-928F848CB149@funwithsoftware.org>
Content-Type: multipart/alternative; boundary="Apple-Mail-13-689692160"
Mime-Version: 1.0 (Apple Message framework v936)
Date: Thu, 05 Sep 2013 17:54:10 -0700
References: <mailman.904.1378168674.3384.perpass@ietf.org> <66BFDF4E-52DE-407B-8BF7-928F848CB149@funwithsoftware.org>
X-Mailer: Apple Mail (2.936)
Subject: Re: [perpass] TLS/SSL Perfect Forward Secrecy and Key Rotation
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 00:54:22 -0000

On Sep 2, 2013, at 11:41 PM, Patrick Pelletier wrote:

> But besides a TLS extension, I think what you suggest is good, some  
> sort of informational RFC that would recommend "best practices" for  
> PFS, e. g. something along the lines of "put ECDHE cipher suites  
> first (for performance and so Java won't choke on DHE), make sure  
> you support at least secp256r1 and secp384r1, put DHE cipher suites  
> second, use a prime size of 2176 bits (largest multiple of 64 less  
> than 2236)" or whatever.

Well, in light of Bruce Schneier's recommendations today, maybe DHE  
should be prioritized over ECDHE:

http://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1675929

Although there is still the issue that DHE is slower than ECDHE.  Is  
Curve25519 the answer?

--Patrick

v2.23.0 | Report a Bug | By Email