Re: [TLS] draft-ietf-tls-rfc4346-04 available

To: yngve at opera.com
Subject: Re: [TLS] draft-ietf-tls-rfc4346-04 available
From: Eric Rescorla <ekr at networkresonance.com>
Date: Tue, 24 Jul 2007 09:28:41 -0700
Cc: tls at ietf.org
In-reply-to: <op.tvy6fydnvqd7e2@killashandra-ii.oslo.opera.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070708145051.4C2B033C55@delta.rtfm.com> <op.tvy6fydnvqd7e2@killashandra-ii.oslo.opera.com>
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Tue, 24 Jul 2007 17:25:00 +0200,
Yngve Nysaeter Pettersen wrote:
> 
> On Sun, 08 Jul 2007 16:50:51 +0200, Eric Rescorla  
> <ekr at networkresonance.com> wrote:
> 
> > I just submitted draft-ietf-tls-rfc4346-04.
> >
> > Until it's in the repository, you can find it at:
> > https://svn.resiprocate.org/rep/ietf-drafts/ekr/tls/tls.txt
> >
> > The changes are:
> >
> >      - Added some guidance about checking DH groups and exponents.
> >      [Issues 15 and 43]
> 
> I think this:
> 
>   "The client SHOULD also verify that the DH public exponent appears to be  
> of adequate size."
> 
> ought to be worded stronger, perhaps something like
> 
>   "The client SHOULD also verify that the DH public exponent is of  
> equvalent cryptograhic strength as the key used to sign the public key."

I actually do not agree with this position. There are valid reasons
to use long signing keys and shorter key establishment keys.

-Ekr

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] draft-ietf-tls-rfc4346-04 available
  - From: Yngve N. Pettersen

References:
- [TLS] draft-ietf-tls-rfc4346-04 available
  - From: Eric Rescorla
- Re: [TLS] draft-ietf-tls-rfc4346-04 available
  - From: Yngve Nysaeter Pettersen

Prev by Date: Re: [TLS] draft-ietf-tls-rfc4346-04 available
Next by Date: Re: [TLS] draft-ietf-tls-rfc4346-04 available
Previous by thread: Re: [TLS] draft-ietf-tls-rfc4346-04 available
Next by thread: Re: [TLS] draft-ietf-tls-rfc4346-04 available
Index(es):
- Date
- Thread

Re: [TLS] draft-ietf-tls-rfc4346-04 available

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.