On Wed, Nov 09, 2005 at 10:11:30PM -0800, Douglas Stebila wrote: >> The IESG has received a request from the Transport Layer Security WG to >> consider the following document: >> >> - 'ECC Cipher Suites for TLS ' >> <draft-ietf-tls-ecc-12.txt> as an Informational RFC > I am reviewing the most recent ECC in TLS draft (draft-ietf-tls- > ecc-12.txt) for its adoption in Mozilla's Netscape Security Services > library, and have noted some issues that I believe should resolved > before the draft is approved as an Informational RFC. > 1. DES is listed as the encryption mechanism for one of the cipher > suites, namely TLS_ECDH_ECDSA_WITH_DES_CBC_SHA. No other key > agreement / signature combinations in the draft include the DES > cipher and I recommend that this cipher suite be eliminated. The ciphersuite list in draft-ietf-tls-ecc-12.txt combines five key exchange mechanisms (i.e., key agreement / signature combinations) with different symmetric cryptographic schemes. Each group uses the same symmetric schemes -- the only exception to the pattern is this single extra ciphersuite using DES. This ciphersuite is in the current draft by oversight. It was retained for historical reasons (compatibility with initial implementations based on earlier drafts), but there is no reason any longer to keep it. Thus I intend to make the following simple change in the next revision, draft-ietf-tls-ecc-13.txt: > The > small key size of DES makes it inappropriate for use with any named > elliptic curve in the draft. This would probably require renumbering > the cipher suites to maintain sequential numbering, and I recommend > changing the number of TLS_ECDH_ECDSA_WITH_NULL_SHA to 0xC0, 0x01 and > TLS_ECDH_ECDSA_WITH_RC4_128_SHA to 0xC0, 0x02, minimizing the total > number of changes required. I.e., the lines CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA = { 0xC0, 0x00 } CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = { 0xC0, 0x01 } CipherSuite TLS_ECDH_ECDSA_WITH_DES_CBC_SHA = { 0xC0, 0x02 } CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x03 } [...] will be changed into CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA = { 0xC0, 0x01 } CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = { 0xC0, 0x02 } CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x03 } [...] > 2. It appears that there is an error in the name of one of the cipher > suites. All of the cipher suites using NULL for bulk encryption are > of the form "..._WITH_NULL_SHA", but the cipher suite > TLS_ECDH_anon_NULL_WITH_SHA is not named in a similar way. I > recommend changing its name to TLS_ECDH_anon_WITH_NULL_SHA. This typo also is historical in that it exists since draft revision -01 (there's just no excuse explaining it). I intend to change the line that reads CipherSuite TLS_ECDH_anon_NULL_WITH_SHA = { 0xC0, 0x15 } in draft-ietf-tls-ecc-12.txt into CipherSuite TLS_ECDH_anon_WITH_NULL_SHA = { 0xC0, 0x15 } for the next revision, draft-ietf-tls-ecc-13.txt. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf