[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] TLS 1.1 and static DH

To: Rob Dugal <RDugal@xxxxxxxxxxxx>
Subject: Re: [TLS] TLS 1.1 and static DH
From: Jan Nordqvist <jnordqvist@xxxxxxxxxx>
Date: Fri, 27 Oct 2006 14:57:46 -0700
Cc: tls@xxxxxxxx
In-reply-to: <OF4648D5A1.3BB39402-ON85257214.00499215-85257214.004A0A52@xxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <OF4648D5A1.3BB39402-ON85257214.00499215-85257214.004A0A52@xxxxxxxxxxxx>
User-agent: Thunderbird 1.5.0.7 (Windows/20060909)

Well, since at least we went through the effort of implementing them itwould be nice to test them out too...OTOH, if no one else implements or uses them, they may be of little usein the real world. In any case, we are interested to get throughtesting, preferably both client and server side.


Jan Nordqvist
Lucent Technologies

Rob Dugal wrote:

The Certicom SSL-C product does contain implementations of static DHciphersuites.We don't currently have a public server available for testing thisimplementation.

If there is enough interest we can add these ciphersuites to tls.secg.org


-----------------------------------------------
Robert Dugal
Member of Development Group
Certicom Corp.
EMAIL: rdugal@xxxxxxxxxxxx
PHONE: (905) 501-3848
FAX  : (905) 507-4230
WEBSITE: www.certicom.com

<Pasi.Eronen@xxxxxxxxx> wrote on 10/27/2006 05:30:31 AM:

> Peter Gutmann wrote:
>
> > So perhaps the best option for TLS is to deprecate the static DH
> > suites.  They seem to be pretty much entirely unsupported, and even
> > if you did want to support them you'd end up in a quagmire from
> > which extrication would prove difficult.
>
> This question may become important if we want to progress TLS 1.2 to
> Draft Standard, where we need two interoperable implementations for
> every feature.
>
> Based on the discussion so far, it looks like static DH suites might
> be one feature where meeting that bar could be difficult.
>
> Any opinions from the WG about this? Should we e.g. remove static
> DH suites from TLS 1.2, move them to a separate document, or
> something else?
>
> Best regards,

> Pasi>

> _______________________________________________
> TLS mailing list
> TLS@xxxxxxxxxxxxxx
> https://www1.ietf.org/mailman/listinfo/tls
------------------------------------------------------------------------

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls



_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] TLS 1.1 and static DH
  - From: Rob Dugal

References:
- RE: [TLS] TLS 1.1 and static DH
  - From: Rob Dugal

Prev by Date: RE: [TLS] TLS 1.1 and static DH
Next by Date: [TLS] DTLS and GSS-API
Previous by thread: RE: [TLS] TLS 1.1 and static DH
Next by thread: Re: [TLS] TLS 1.1 and static DH
Index(es):
- Date
- Thread