Re: [TLS] Last Call: 'ECC Cipher Suites for TLS' to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 09, 2005 at 10:11:30PM -0800, Douglas Stebila wrote:

>> The IESG has received a request from the Transport Layer Security WG to
>> consider the following document:
>> 
>> - 'ECC Cipher Suites for TLS '
>>    <draft-ietf-tls-ecc-12.txt> as an Informational RFC

> I am reviewing the most recent ECC in TLS draft (draft-ietf-tls- 
> ecc-12.txt) for its adoption in Mozilla's Netscape Security Services  
> library, and have noted some issues that I believe should resolved  
> before the draft is approved as an Informational RFC.


> 1. DES is listed as the encryption mechanism for one of the cipher  
> suites, namely TLS_ECDH_ECDSA_WITH_DES_CBC_SHA.  No other key  
> agreement / signature combinations in the draft include the DES  
> cipher and I recommend that this cipher suite be eliminated.

The ciphersuite list in draft-ietf-tls-ecc-12.txt combines five key
exchange mechanisms (i.e., key agreement / signature combinations)
with different symmetric cryptographic schemes.  Each group uses the
same symmetric schemes -- the only exception to the pattern is this
single extra ciphersuite using DES.

This ciphersuite is in the current draft by oversight.  It was
retained for historical reasons (compatibility with initial
implementations based on earlier drafts), but there is no reason any
longer to keep it.  Thus I intend to make the following simple change
in the next revision, draft-ietf-tls-ecc-13.txt:

>                                                               The  
> small key size of DES makes it inappropriate for use with any named  
> elliptic curve in the draft.  This would probably require renumbering  
> the cipher suites to maintain sequential numbering, and I recommend  
> changing the number of TLS_ECDH_ECDSA_WITH_NULL_SHA to 0xC0, 0x01 and  
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA to 0xC0, 0x02, minimizing the total  
> number of changes required.

I.e., the lines

     CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA           = { 0xC0, 0x00 }
     CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA        = { 0xC0, 0x01 }
     CipherSuite TLS_ECDH_ECDSA_WITH_DES_CBC_SHA        = { 0xC0, 0x02 }
     CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA   = { 0xC0, 0x03 }
     [...]

will be changed into

     CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA           = { 0xC0, 0x01 }
     CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA        = { 0xC0, 0x02 }
     CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA   = { 0xC0, 0x03 }
     [...]



> 2. It appears that there is an error in the name of one of the cipher  
> suites.  All of the cipher suites using NULL for bulk encryption are  
> of the form "..._WITH_NULL_SHA", but the cipher suite  
> TLS_ECDH_anon_NULL_WITH_SHA is not named in a similar way.  I  
> recommend changing its name to TLS_ECDH_anon_WITH_NULL_SHA.

This typo also is historical in that it exists since draft revision
-01 (there's just no excuse explaining it).  I intend to change the
line that reads

     CipherSuite TLS_ECDH_anon_NULL_WITH_SHA            = { 0xC0, 0x15 }

in draft-ietf-tls-ecc-12.txt into

     CipherSuite TLS_ECDH_anon_WITH_NULL_SHA            = { 0xC0, 0x15 }

for the next revision, draft-ietf-tls-ecc-13.txt.


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]