Re: [TLS] Adoption call for Deprecating Obsolete Key Exchange Methods in TLS

[Peter Gutmann]

Viktor Dukhovni  writes:

>The only other alternative is to define brand new TLS 1.2 FFDHE cipher code
>points that use negotiated groups from the group list.  But it is far from
>clear that this is worth doing given that we now have ECDHE, X25519 and X448.

There's still an awful lot of SCADA gear that does FFDHE, and that's never
going to change from that.  The current draft as it stands is fine, in fact it
seems kinda redundant since all it's saying is "don't do things that you
should never have been doing in the first place", but I assume someone needs
to explicitly say that.  No need to go beyond that.

Peter.

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for Deprecating Obsolete Key Exchange Methods in TLS

[Viktor Dukhovni]

On Fri, Jul 30, 2021 at 10:34:55AM +1000, Martin Thomson wrote:

> On Fri, Jul 30, 2021, at 07:50, Joseph Salowey wrote:
> > This is a working group call for adoption of Deprecating Obsolete Key 
> > Exchange Methods in TLS  (draft-aviram-tls-deprecate-obsolete-kex-00 
> > ).
> >   There was support for adopting this draft at the IETF 111 meeting.  
> > Please review the draft and post your comments to the list by Friday, 
> > August 13, 2021.  
> 
> Yep, let's do it.  There were comments suggesting that this wasn't
> going to work for some deployments yet.  That's OK, that's how this
> works: we decide to deprecate, discuss and publish a document, then
> people get to work out how they change their deployments.  If we don't
> take that first step, then in many ways things don't get better.
> Adopting this is that first step and a good idea.

I support adoption of the draft and deprecation of RSA key exchange.

For FFDHE, I'd much rather see outright deprecation a la Chrome, than a
silent restriction by client (with no mechanism to negotiate otherwise0
to parameters that the server may not be prepared to support.

The only other alternative is to define brand new TLS 1.2 FFDHE cipher
code points that use negotiated groups from the group list.  But it is
far from clear that this is worth doing given that we now have ECDHE,
X25519 and X448.

There is far less risk of interoperability failure if the client or
drops support for FFDHE, rather than silently chooses to reject
previously working parameters.

-- 
Viktor.

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS

[Martin Thomson]

I support the *contents* of this document.  The title, however, I can't agree 
to.  So I want to be clear about the scope of the work, namely deprecating 
semi-static FFDH and ECDH suites and any use of FFDHE ephemeral suites with 
reused keys.

The draft limits the ban on ephemeral key reuse to FFDHE, which is right; I 
could tolerate a prohibition on reuse for ECDH, but I know that we rely on that 
for HPKE and other things, so it can't really be bad enough to ban.

Cheers,
Martin

On Fri, Jul 30, 2021, at 07:50, Joseph Salowey wrote:
> This is a working group call for adoption for Deprecating FFDH(E) 
> Ciphersuites in TLS (draft-bartle-tls-deprecate-ffdhe-00 
> ). 
> We had a presentation for this draft at the IETF 110 meeting and since 
> it is a similar topic to the key exchange deprecation draft the chairs 
> want to get a sense if the working group wants to adopt this draft 
> (perhaps the drafts could be merged if both move forward).  Please 
> review the draft and post your comments to the list by Friday, August 
> 13, 2021.  
> 
> Thanks,
> 
> The TLS chairs
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for Deprecating Obsolete Key Exchange Methods in TLS

[Martin Thomson]

On Fri, Jul 30, 2021, at 07:50, Joseph Salowey wrote:
> This is a working group call for adoption of Deprecating Obsolete Key 
> Exchange Methods in TLS  (draft-aviram-tls-deprecate-obsolete-kex-00 
> ). 
>  There was support for adopting this draft at the IETF 111 meeting.  Please 
> review the draft and post your comments to the list by Friday, August 13, 
> 2021.  

Yep, let's do it.  There were comments suggesting that this wasn't going to 
work for some deployments yet.  That's OK, that's how this works: we decide to 
deprecate, discuss and publish a document, then people get to work out how they 
change their deployments.  If we don't take that first step, then in many ways 
things don't get better.  Adopting this is that first step and a good idea.

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for "Secure Negotiation of Incompatible Protocols in TLS"

[Martin Thomson]

On Fri, Jul 30, 2021, at 04:20, Christopher Wood wrote:
> Based on positive feedback during this week's meeting, we'd like to 
> start an adoption call for "Secure Negotiation of Incompatible 
> Protocols in TLS." The document may be found here:
> 
>https://datatracker.ietf.org/doc/draft-thomson-tls-snip/

Yeah, I think we should do this.  Just in case there was any doubt.

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS

[Salz, Rich]

  *   This is a working group call for adoption for Deprecating FFDH(E) 
Ciphersuites in TLS 
(draft-bartle-tls-deprecate-ffdhe-00).

I support this draft as well, and the idea of merging them sounds good right 
now.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for Deprecating Obsolete Key Exchange Methods in TLS

[Salz, Rich]

>This is a working group call for adoption of Deprecating Obsolete Key Exchange 
>Methods in TLS  
>(draft-aviram-tls-deprecate-obsolete-kex-00).
>  There was support for adopting this draft at the IETF 111 meeting.

I support adoption and will work to help make it better.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS

[Joseph Salowey]

This is a working group call for adoption for Deprecating FFDH(E)
Ciphersuites in TLS (draft-bartle-tls-deprecate-ffdhe-00
). We
had a presentation for this draft at the IETF 110 meeting and since it is
a similar topic to the key exchange deprecation draft the chairs want to
get a sense if the working group wants to adopt this draft (perhaps the
drafts could be merged if both move forward).  Please review the draft and
post your comments to the list by Friday, August 13, 2021.

Thanks,

The TLS chairs
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] Adoption call for Deprecating Obsolete Key Exchange Methods in TLS

[Joseph Salowey]

This is a working group call for adoption of Deprecating Obsolete Key
Exchange Methods in TLS  (draft-aviram-tls-deprecate-obsolete-kex-00
).
There was support for adopting this draft at the IETF 111 meeting.  Please
review the draft and post your comments to the list by Friday, August 13,
2021.

Thanks,

The TLS chairs
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for "Secure Negotiation of Incompatible Protocols in TLS"

[Salz, Rich]

>   Based on positive feedback during this week's meeting, we'd like to start 
> an adoption call for "Secure Negotiation of Incompatible Protocols in TLS." 
> The document may be found here:

I support this.  I will read and review, and perhaps make a PR that eventually 
adds this to OpenSSL.


___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for "Secure Negotiation of Incompatible Protocols in TLS"

[Eric Rescorla]

I support adoption

On Thu, Jul 29, 2021 at 12:00 PM Benjamin Beurdouche <
benjamin.beurdou...@inria.fr> wrote:

> I support adoption.
> B.
>
> > On Jul 29, 2021, at 10:22 PM, Christopher Wood 
> wrote:
> >
> > Based on positive feedback during this week's meeting, we'd like to
> start an adoption call for "Secure Negotiation of Incompatible Protocols in
> TLS." The document may be found here:
> >
> >   https://datatracker.ietf.org/doc/draft-thomson-tls-snip/
> >
> > And the source may be found here:
> >
> >   https://github.com/martinthomson/snip
> >
> > This call for adoption will conclude on August 13.
> >
> > Thanks,
> > Chris, for the chairs
> >
> > ___
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Adoption call for "Secure Negotiation of Incompatible Protocols in TLS"

[Benjamin Beurdouche]

I support adoption.
B.

> On Jul 29, 2021, at 10:22 PM, Christopher Wood  wrote:
> 
> Based on positive feedback during this week's meeting, we'd like to start an 
> adoption call for "Secure Negotiation of Incompatible Protocols in TLS." The 
> document may be found here:
> 
>   https://datatracker.ietf.org/doc/draft-thomson-tls-snip/
> 
> And the source may be found here:
> 
>   https://github.com/martinthomson/snip
> 
> This call for adoption will conclude on August 13.
> 
> Thanks, 
> Chris, for the chairs
> 
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] Adoption call for "Secure Negotiation of Incompatible Protocols in TLS"

[Christopher Wood]

Based on positive feedback during this week's meeting, we'd like to start an 
adoption call for "Secure Negotiation of Incompatible Protocols in TLS." The 
document may be found here:

   https://datatracker.ietf.org/doc/draft-thomson-tls-snip/

And the source may be found here:

   https://github.com/martinthomson/snip

This call for adoption will conclude on August 13.

Thanks, 
Chris, for the chairs

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls