[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] TLS 1.1 and static DH

To: Jan Nordqvist <jnordqvist@xxxxxxxxxx>
Subject: Re: [TLS] TLS 1.1 and static DH
From: Rob Dugal <RDugal@xxxxxxxxxxxx>
Date: Thu, 16 Nov 2006 12:35:26 -0500
Cc: tls@xxxxxxxx
In-reply-to: <454280DA.10000@xxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>

tls.secg.org has been updated to support DH ciphersuites.
The server now supports all ciphersuites (except PSK) of the Security Builder SSL-C product.

-----------------------------------------------
Robert Dugal
Member of Development Group
Certicom Corp.
EMAIL: rdugal@xxxxxxxxxxxx
PHONE: (905) 501-3848
FAX : (905) 507-4230
WEBSITE: www.certicom.com

Jan Nordqvist <jnordqvist@xxxxxxxxxx> wrote on 10/27/2006 05:57:46 PM: > Well, since at least we went through the effort of implementing them it > would be nice to test them out too... > OTOH, if no one else implements or uses them, they may be of little use > in the real world. In any case, we are interested to get through > testing, preferably both client and server side. > > Jan Nordqvist > Lucent Technologies > > Rob Dugal wrote: > > > > The Certicom SSL-C product does contain implementations of static DH > > ciphersuites. > > We don't currently have a public server available for testing this > > implementation. > > If there is enough interest we can add these ciphersuites to tls.secg.org > > > > > > ----------------------------------------------- > > Robert Dugal > > Member of Development Group > > Certicom Corp. > > EMAIL: rdugal@xxxxxxxxxxxx > > PHONE: (905) 501-3848 > > FAX : (905) 507-4230 > > WEBSITE: www.certicom.com > > > > <Pasi.Eronen@xxxxxxxxx> wrote on 10/27/2006 05:30:31 AM: > > > > > Peter Gutmann wrote: > > > > > > > So perhaps the best option for TLS is to deprecate the static DH > > > > suites. They seem to be pretty much entirely unsupported, and even > > > > if you did want to support them you'd end up in a quagmire from > > > > which extrication would prove difficult. > > > > > > This question may become important if we want to progress TLS 1.2 to > > > Draft Standard, where we need two interoperable implementations for > > > every feature. > > > > > > Based on the discussion so far, it looks like static DH suites might > > > be one feature where meeting that bar could be difficult. > > > > > > Any opinions from the WG about this? Should we e.g. remove static > > > DH suites from TLS 1.2, move them to a separate document, or > > > something else? > > > > > > Best regards, > > > Pasi > > > > > > _______________________________________________ > > > TLS mailing list > > > TLS@xxxxxxxxxxxxxx > > > https://www1.ietf.org/mailman/listinfo/tls > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > TLS mailing list > > TLS@xxxxxxxxxxxxxx > > https://www1.ietf.org/mailman/listinfo/tls > > > > > _______________________________________________ > TLS mailing list > TLS@xxxxxxxxxxxxxx > https://www1.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] TLS 1.1 and static DH
  - From: Jan Nordqvist

References:
- Re: [TLS] TLS 1.1 and static DH
  - From: Jan Nordqvist

Prev by Date: [TLS] TLS minutes
Next by Date: Re: [TLS] TLS 1.1 and static DH
Previous by thread: Re: [TLS] TLS 1.1 and static DH
Next by thread: Re: [TLS] TLS 1.1 and static DH
Index(es):
- Date
- Thread