Re: [TLS] Last Call: draft-rescorla-tls-suiteb (Suite B Cipher Suites for TLS) to Informational RFC

[Russ Housley <housley at vigilsec.com>]

Brian:

I'll post an update in a few minutes that includes more information 
on certification paths.

I am confused by your last paragraph.  ECDH_ECDSA is not discussed in 
this draft.  Only, ECDHE_ECDSA is used in this draft.

Russ

At 08:00 AM 10/2/2008, Brian Minard wrote:
> Here are a couple of clarifications we'd like to see in the draft.
>
> From section 4:
>    Server and client certificates used to establish a Suite B-compliant
>    connection MUST be signed with ECDSA.  For certificates used at the
>    128-bit security level, the subject public key MUST use the P-256
>    curve, and the digital signature MUST be calculated using the P-256
>    curve and the SHA-256 hash algorithm.  For certificates used at the
>    192-bit security level, the subject public key MUST use the P-384
>    curve, and the digital signature MUST be calculated using the P-384
>    curve and the SHA-384 hash algorithm.
>
> Does this only apply to the client/server certificates or every
> certificate in the client/server chain?
>
> Can some guidance be added on certificate key usages and TLS 1.2 for
> Suite B
> (http://www.nsa.gov/ia/industry/Suite_B_Certificate_and_CRL_Profile_200
> 80528.pdf)?
> This document clearly requires two different certificates and
> references NIST SP 800-56A (section 5.6.4.2) as the reason for this.
>
> I am wondering if you can confirm that the comment requiring two server
> certificates is directed at servers supporting both ECDH_ECDSA and
> ECDHE_ECDSA key exchange methods (i.e., completely different cipher
> suites). For example, if I deploy a server supporting only one of these
> key exchange methods, that server would only need one certificate.
>
> -----Original Message-----
> From: ietf-announce-bounces at ietf.org [mailto:ietf-announce-
> bounces at ietf.org] On Behalf Of The IESG
> Sent: Thursday, September 25, 2008 11:30 AM
> To: IETF-Announce
> Subject: Last Call: draft-rescorla-tls-suiteb (Suite B Cipher Suites
> for TLS) to Informational RFC
> >
> The IESG has received a request from an individual submitter to
> consider
> the following document:
> >
> - 'Suite B Cipher Suites for TLS '
>    <draft-rescorla-tls-suiteb-06.txtas an Informational RFC
> >
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action.  Please send substantive comments to
> the
> ietf at ietf.org mailing lists by 2008-10-23. Exceptionally,
> comments may be sent to iesg at ietf.org instead. In either case, please
> retain the beginning of the Subject line to allow automated sorting.
> >
> The file can be obtained via
> http://www.ietf.org/internet-drafts/draft-rescorla-tls-suiteb-06.txt
> >
> >
> IESG discussion can be tracked via
> >
> https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag
> =15530&rfc_flag=0
> >
> _______________________________________________
> IETF-Announce mailing list
> IETF-Announce at ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-announce

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls