Re: [TLS] Security today

To: "tls at ietf.org" <tls at ietf.org>
Subject: Re: [TLS] Security today
From: Mike <mike-list at pobox.com>
Date: Fri, 28 Mar 2008 21:14:30 -0700
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <20080329010805.259641CB236 at kilo.rtfm.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <47EC2A75.2050303 at pobox.com> <0685A6ED2CB5D245B49DD0B07C3636CC2A8D543BC7 at NA-EXMSG-C104.redmond.corp.microsoft.com> <47EC57A2.4030109 at pobox.com> <47ED2BAB.2070508 at canola-jones.com> <47ED520E.80309 at pobox.com> <20080329010805.259641CB236 at kilo.rtfm.com>
Sender: tls-bounces at ietf.org
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)

>> I think that it's become necessary for the TLS WG to put
>> together a document with hard numbers in it for key lengths,
>> relative strengths, expected lifetime for data protected by
>> those keys/lengths/algorithms.
> 
> RFC 3766.

Thanks for the pointer to that document; I hadn't seen it before.
However, the document I think we need would merely use that RFC
as a (important) reference.  In particular it doesn't mention
TLS at all or its key exchange mechanisms.  It also seems to be
written for cryptographers, not your average programmer.

The things that I think need to be spelled out are things like
forward secrecy.  For example, the RSA key for an RSA_* cipher
suite needs to be much stronger than the RSA key for DHE_RSA_*
since breaking the latter doesn't reveal anything about any
past sessions, while breaking the former reveals everything
about every past session.

Also after breaking the key, you can passively listen in on any
future sessions based on RSA_* without much risk of detection,
but to get anything out of future DHE_RSA_* sessions, you need
to actively insert yourself in the middle.

Mike
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Security today
  - From: Eric Rescorla

References:
- [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Michael Howard
- Re: [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Rodney Thayer
- Re: [TLS] Security today
  - From: Mike
- Re: [TLS] Security today
  - From: Eric Rescorla

Prev by Date: Re: [TLS] Security today
Next by Date: Re: [TLS] Security today
Previous by thread: Re: [TLS] Security today
Next by thread: Re: [TLS] Security today
Index(es):
- Date
- Thread

Re: [TLS] Security today

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.