Re: [TLS] WG: New Version Notification for draft-bruckert-brainpool-for-tls13-00.txt

Mon, 03 Sep 2018 07:22:42 -0700 

On Monday, 3 September 2018 13:58:17 CEST Bruckert, Leonie wrote:
> See my response inline.
> 
> -----Ursprüngliche Nachricht-----
> Von: Hubert Kario [mailto:hka...@redhat.com]
> Gesendet: Montag, 3. September 2018 13:19
> An: tls@ietf.org
> Cc: Bruckert, Leonie
> Betreff: Re: [TLS] WG: New Version Notification for
> draft-bruckert-brainpool-for-tls13-00.txt
 
> *** gpg4o | Die E-Mail wurde von einem unbekannten Schlüssel unterzeichnet:
> 92A8D1B801D2F5F5 ***
 
> On Sunday, 2 September 2018 15:30:45 CEST Bruckert, Leonie wrote:
> 
> > Htmlized:
> > https://tools.ietf.org/html/draft-bruckert-brainpool-for-tls13-00
> >
> >
> >
> > Abstract:
> >
> >
> >
> >    This document specifies the use of several ECC Brainpool curves for
> >
> >
> >
> >    authentication and key exchange in the Transport Layer Security (TLS)
> >
> >
> >
> >    protocol version 1.3.
> 
> 
> So I understand why you need SignatureScheme registrations, but I'm
> completely
> missing the need for NamedGroup registrations – are the 26, 27
> and 28 tainted somehow?
> 
> Yes! In section B.3.1.4
> (https://tools.ietf.org/html/rfc8446#appendix-B.3.1.4) these numbers are
> deprecated.
>
> For a previous discussion on the tls mailing list see
> https://www.ietf.org/mail-archive/web/tls/current/msg26646.html

yes, I remember this thread, but I still don't see why those values can't be 
made acceptable for TLS 1.3. 

see those messages from that very thread:
https://www.ietf.org/mail-archive/web/tls/current/msg26667.html
https://www.ietf.org/mail-archive/web/tls/current/msg26670.html

> I also don't see the need to redefine curves from RFC 5639.
> 
> I referred to RFC 5639 since it defines the Brainpool curve parameters
> first, without any relation to protocols.

yes, but the actual values of curve parameters don't have to be in the draft, 
do they? this I-D doesn't completely obsolete RFC 5639 so there is no need to 
duplicate sections from the RFC, the I-D can just reference relevant sections 
from it

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to