Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-12-07 Thread Ilari Liusvaara
On Wed, Dec 07, 2016 at 07:18:56AM +0900, Martin Thomson wrote: > On 7 December 2016 at 03:24, Sean Turner wrote: > > Just a reminder that this WGLC will close on Friday December 9th. > > A timely reminder :) > > I reviewed the document and it looks pretty good. I'd have sent a

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-12-06 Thread Sean Turner
Just a reminder that this WGLC will close on Friday December 9th. spt > On Nov 18, 2016, at 18:55, Sean Turner wrote: > > All, > > This is a working group last call for the “4492bis to Standards Track" draft > available @

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-23 Thread Sean Turner
>> - Section 1 >> "This is illustrated in the following table, based on [Lenstra_Verheul], >> which gives approximate comparable key sizes for symmetric- and >> asymmetric-key cryptosystems based on the best-known algorithms for >> attacking them." >> >> The key sizes for DH/DSA/RSA does not

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-23 Thread Yaron Sheffer
I’m not even sure what my position is on this. Specifying the use of a context here goes against the recommendation in the CFRG draft: Contexts SHOULD NOT be used opportunistically, as that kind of use is very error-prone. If contexts are used, one SHOULD require all

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-23 Thread Ilari Liusvaara
On Wed, Nov 23, 2016 at 03:39:38PM +0200, Yoav Nir wrote: > > > On 23 Nov 2016, at 12:22, John Mattsson wrote: > > > > On 2016-11-21, 06:31, "TLS on behalf of Yaron Sheffer" > > on behalf of > >

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-23 Thread Yoav Nir
> On 23 Nov 2016, at 12:22, John Mattsson wrote: > > On 2016-11-21, 06:31, "TLS on behalf of Yaron Sheffer" > on behalf of > yaronf.i...@gmail.com > wrote: > >> So the key schedule

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-23 Thread Yoav Nir
Hi, John Thanks for the review. See my responses below: > On 23 Nov 2016, at 12:15, John Mattsson wrote: > > I have not read the processing parts in detail. Here are comments on the > first and last sections of the document. > > Cheers, > John > > - Somewhere > I

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-23 Thread John Mattsson
On 2016-11-21, 06:31, "TLS on behalf of Yaron Sheffer" wrote: >So the key schedule changed and therefore we think cross-version attacks >are impossible. Have we also analyzed other protocols to ensure that >cross protocol attacks, e.g.

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-20 Thread Yaron Sheffer
So the key schedule changed and therefore we think cross-version attacks are impossible. Have we also analyzed other protocols to ensure that cross protocol attacks, e.g. with SSH or IPsec, are out of the question? Put differently, algorithm designers gave us a cheap, easy to use tool to

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-20 Thread Salz, Rich
> For those who missed CURDLE, could you please briefly explain why we don't > need signature context in non-TLS areas. The one place we were concerned about attacks was in pre-hash signatures, and we made those a MUST NOT. And yes, your'e right, it's not relevant to TLS. > So why are we now

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-20 Thread Yaron Sheffer
] Sent: Friday, November 18, 2016 6:56 PM To: <tls@ietf.org> Subject: [TLS] WGLC for draft-ietf-tls-rfc4492bis All, This is a working group last call for the “4492bis to Standards Track" draft available @ http://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/. Please review the docume

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-19 Thread Salz, Rich
gt; To: <tls@ietf.org> > Subject: [TLS] WGLC for draft-ietf-tls-rfc4492bis > > All, > > This is a working group last call for the “4492bis to Standards Track" draft > available @ http://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/. > Please > review the d

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-19 Thread Yaron Sheffer
I have not read the document in full (but still noticed a typo in the paragraph we're discussing), so I will not comment on its readiness. Regarding signature context: I don't understand the CFRG recommendation that Yoav is citing. IMO we should include a context string wherever we can, to

[TLS] WGLC for draft-ietf-tls-rfc4492bis

2016-11-18 Thread Sean Turner
All, This is a working group last call for the “4492bis to Standards Track" draft available @ http://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/. Please review the document and send your comments to the list by 9 December 2016. Note that we are particularly interesting in the issue