Re: [TLS] Any advice regarding frequency of generating new DHparameters?
Mike <mike-list@pobox.com> Mon, 18 December 2006 17:06 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwLwh-0003Mu-Gs; Mon, 18 Dec 2006 12:06:35 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwLwe-0003MW-Dv for tls@ietf.org; Mon, 18 Dec 2006 12:06:32 -0500
Received: from rune.pobox.com ([208.210.124.79]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwLwc-0002yz-4l for tls@ietf.org; Mon, 18 Dec 2006 12:06:32 -0500
Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id AC1029E6A6 for <tls@ietf.org>; Mon, 18 Dec 2006 12:06:49 -0500 (EST)
Received: from [192.168.1.8] (wsip-24-234-114-35.lv.lv.cox.net [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 63A8D9E67B for <tls@ietf.org>; Mon, 18 Dec 2006 12:06:49 -0500 (EST)
Message-ID: <4586CACF.6020907@pobox.com>
Date: Mon, 18 Dec 2006 09:07:27 -0800
From: Mike <mike-list@pobox.com>
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version: 1.0
To: tls@ietf.org
Subject: Re: [TLS] Any advice regarding frequency of generating new DHparameters?
References: <B356D8F434D20B40A8CEDAEC305A1F24038C7890@esebe105.NOE.Nokia.com>
In-Reply-To: <B356D8F434D20B40A8CEDAEC305A1F24038C7890@esebe105.NOE.Nokia.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Thanks for the reply and pointers to the RFC's. In RFC 3526 they estimate the strength of their DH groups, and the strength of the 1536-bit modulus is estimated to be between 90 and 120 bits. Since 1024 bits is common in TLS, the strength would be somewhat lower than that. The RSA key exchange method uses 368 bits of random data which seems much stronger. Should we recommend using larger moduli in the Diffie-Hellman key exchange methods? And should we encourage checking the size of the ServerDHParams.p when acting as a client to make sure it is not too small? Also, how safe is it to use the DH key exchange method, since the public key(s) are fixed in the certificate(s)? Mike Pasi.Eronen@nokia.com wrote: > Hi Mike, > > Protocols such as IKEv2 use the same modulus (p) and generator (g) > forever (but of course generate new public/private values), since > they don't actually send the p/g values, but just the group number. > > IMHO it probably would make sense for a TLS implementation to use > one of the groups specified in RFC 4306 or 3526, instead of e.g. > generating a random prime p (generating random primes is kind of > slow, and then you have to worry about RFC 2785 etc.). > > (Would others agree with this recommendation? Should we add it > to the TLS 1.2 spec?) > > Best regards, > Pasi > >> -----Original Message----- >> From: ext Mike [mailto:mike-list@pobox.com] >> Sent: 16 December, 2006 02:56 >> To: tls@ietf.org >> Subject: [TLS] Any advice regarding frequency of generating >> new DHparameters? >> >> Hi, >> >> I'm wondering if there is any generally accepted advice >> on how long to use the same Diffie-Hellman parameters in >> a TLS server. Does the answer depend on whether the >> server generates a new public key from the parameters >> for each new connection (mine does)? >> >> Thanks for any insight, >> >> Mike >> >> _______________________________________________ >> TLS mailing list >> TLS@lists.ietf.org >> https://www1.ietf.org/mailman/listinfo/tls >> > > _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls