Regardless of the Raccoon attack, the static DH and ECDH ciphersuites do not provide forward secrecy, which is a main reason cited for deprecating RSA in draft-aviram-tls-deprecate-obsolete-kex. Do you object to just the citation of the Raccoon attack or do you also feel that we should keep these ciphersuites that do not provide forward secrecy around?
Cheers, Joe On Fri, Aug 13, 2021 at 10:20 AM Blumenthal, Uri - 0553 - MITLL < u...@ll.mit.edu> wrote: > I agree with Rene’s points. > > > > -- > > Regards, > > Uri > > > > > > *From: *TLS <tls-boun...@ietf.org> on behalf of Rene Struik < > rstruik....@gmail.com> > *Date: *Friday, August 13, 2021 at 09:58 > > Dear colleagues: > > > > I think this document should absolutely *not* be adopted, without > providing far more technical justification. The quoted Raccoon attack is an > easy to mitigate attack (which has nothing to do with finite field groups, > just with poor design choices of postprocessing, where one uses > variable-size integer representations for a key). There are also good > reasons to have key exchanges where one of the parties has a static key, > whether ecc-based or ff-based (e.g., sni, opaque), for which secure > implementations are known. No detail is provided and that alone should be > sufficient reason to not adopt. > > > > Rene > > > > On 2021-07-29 5:50 p.m., Joseph Salowey wrote: > > This is a working group call for adoption for Deprecating FFDH(E) > Ciphersuites in TLS (draft-bartle-tls-deprecate-ffdhe-00 > <https://datatracker.ietf.org/doc/draft-bartle-tls-deprecate-ffdhe/>). We > had a presentation for this draft at the IETF 110 meeting and since it is > a similar topic to the key exchange deprecation draft the chairs want to > get a sense if the working group wants to adopt this draft (perhaps the > drafts could be merged if both move forward). Please review the draft and > post your comments to the list by Friday, August 13, 2021. > > > > Thanks, > > > > The TLS chairs > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > > -- > > email: rstruik....@gmail.com | Skype: rstruik > > cell: +1 (647) 867-5658 | US: +1 (415) 287-3867 > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
