On Wed, Nov 09, 2005 at 10:11:30PM -0800, Douglas Stebila wrote:
The IESG has received a request from the Transport Layer Security WG to
consider the following document:
- 'ECC Cipher Suites for TLS '
<draft-ietf-tls-ecc-12.txt> as an Informational RFC
I am reviewing the most recent ECC in TLS draft (draft-ietf-tls-
ecc-12.txt) for its adoption in Mozilla's Netscape Security Services
library, and have noted some issues that I believe should resolved
before the draft is approved as an Informational RFC.
1. DES is listed as the encryption mechanism for one of the cipher
suites, namely TLS_ECDH_ECDSA_WITH_DES_CBC_SHA. No other key
agreement / signature combinations in the draft include the DES
cipher and I recommend that this cipher suite be eliminated.
The ciphersuite list in draft-ietf-tls-ecc-12.txt combines five key
exchange mechanisms (i.e., key agreement / signature combinations)
with different symmetric cryptographic schemes. Each group uses the
same symmetric schemes -- the only exception to the pattern is this
single extra ciphersuite using DES.
This ciphersuite is in the current draft by oversight. It was
retained for historical reasons (compatibility with initial
implementations based on earlier drafts), but there is no reason any
longer to keep it. Thus I intend to make the following simple change
in the next revision, draft-ietf-tls-ecc-13.txt:
The
small key size of DES makes it inappropriate for use with any named
elliptic curve in the draft. This would probably require renumbering
the cipher suites to maintain sequential numbering, and I recommend
changing the number of TLS_ECDH_ECDSA_WITH_NULL_SHA to 0xC0, 0x01 and
TLS_ECDH_ECDSA_WITH_RC4_128_SHA to 0xC0, 0x02, minimizing the total
number of changes required.
I.e., the lines
CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA = { 0xC0, 0x00 }
CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = { 0xC0, 0x01 }
CipherSuite TLS_ECDH_ECDSA_WITH_DES_CBC_SHA = { 0xC0, 0x02 }
CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x03 }
[...]
will be changed into
CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA = { 0xC0, 0x01 }
CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = { 0xC0, 0x02 }
CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x03 }
[...]
2. It appears that there is an error in the name of one of the cipher
suites. All of the cipher suites using NULL for bulk encryption are
of the form "..._WITH_NULL_SHA", but the cipher suite
TLS_ECDH_anon_NULL_WITH_SHA is not named in a similar way. I
recommend changing its name to TLS_ECDH_anon_WITH_NULL_SHA.
This typo also is historical in that it exists since draft revision
-01 (there's just no excuse explaining it). I intend to change the
line that reads
CipherSuite TLS_ECDH_anon_NULL_WITH_SHA = { 0xC0, 0x15 }
in draft-ietf-tls-ecc-12.txt into
CipherSuite TLS_ECDH_anon_WITH_NULL_SHA = { 0xC0, 0x15 }
for the next revision, draft-ietf-tls-ecc-13.txt.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf