RE: [TLS] Any advice regarding frequency of generating new DHparameters?
<Pasi.Eronen@nokia.com> Mon, 18 December 2006 09:53 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwFBp-0004UG-7K; Mon, 18 Dec 2006 04:53:45 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwFBn-0004UB-Ha for tls@ietf.org; Mon, 18 Dec 2006 04:53:43 -0500
Received: from smtp.nokia.com ([131.228.20.171] helo=mgw-ext12.nokia.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwFBm-0001G1-2Q for tls@ietf.org; Mon, 18 Dec 2006 04:53:43 -0500
Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-ext12.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id kBI9qgf9015882; Mon, 18 Dec 2006 11:53:07 +0200
Received: from esebh103.NOE.Nokia.com ([172.21.143.33]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 18 Dec 2006 11:53:32 +0200
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh103.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 18 Dec 2006 11:53:32 +0200
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Any advice regarding frequency of generating new DHparameters?
Date: Mon, 18 Dec 2006 11:53:33 +0200
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F24038C7890@esebe105.NOE.Nokia.com>
In-Reply-To: <45834428.70801@pobox.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Any advice regarding frequency of generating new DHparameters?
Thread-Index: AccgrV0uexP/HY5NRiysugPKj2syYwB25ggQ
From: Pasi.Eronen@nokia.com
To: mike-list@pobox.com, tls@ietf.org
X-OriginalArrivalTime: 18 Dec 2006 09:53:32.0187 (UTC) FILETIME=[606BFEB0:01C7228A]
X-eXpurgate-Category: 1/0
X-eXpurgate-ID: 149371::061218115307-3DB30BB0-103A73A8/0-0/0-0
X-Nokia-AV: Clean
X-Spam-Score: 0.2 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Hi Mike, Protocols such as IKEv2 use the same modulus (p) and generator (g) forever (but of course generate new public/private values), since they don't actually send the p/g values, but just the group number. IMHO it probably would make sense for a TLS implementation to use one of the groups specified in RFC 4306 or 3526, instead of e.g. generating a random prime p (generating random primes is kind of slow, and then you have to worry about RFC 2785 etc.). (Would others agree with this recommendation? Should we add it to the TLS 1.2 spec?) Best regards, Pasi > -----Original Message----- > From: ext Mike [mailto:mike-list@pobox.com] > Sent: 16 December, 2006 02:56 > To: tls@ietf.org > Subject: [TLS] Any advice regarding frequency of generating > new DHparameters? > > Hi, > > I'm wondering if there is any generally accepted advice > on how long to use the same Diffie-Hellman parameters in > a TLS server. Does the answer depend on whether the > server generates a new public key from the parameters > for each new connection (mine does)? > > Thanks for any insight, > > Mike > > _______________________________________________ > TLS mailing list > TLS@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls