Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
RFC 7919

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc: RFC Editor <>,
    tls mailing list <>,
    tls chair <>
Subject: Protocol Action: 'Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS' to Proposed Standard (draft-ietf-tls-negotiated-ff-dhe-10.txt)

The IESG has approved the following document:
- 'Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS'
  (draft-ietf-tls-negotiated-ff-dhe-10.txt) as Proposed Standard

This document is the product of the Transport Layer Security Working

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:

Technical Summary

   Traditional finite-field-based Diffie-Hellman (DH) key exchange
   during the TLS handshake suffers from a number of security,
   interoperability, and efficiency shortcomings.  These shortcomings
   arise from lack of clarity about which DH group parameters TLS
   servers should offer and clients should accept.  This document offers
   a solution to these shortcomings for compatible peers by using a
   section of the TLS "EC Named Curve Registry" to establish common
   finite-field DH parameters with known structure and a mechanism for
   peers to negotiate support for these groups.

Working Group Summary

   This was well debated in the WG and the idea is very
   well supported as it's a useful security improvement.

Document Quality

   This has had plenty of review. I'm not sure if there are
   current implementations, but TLS1.3 will also adopt
   this approach so it will be implemented then at least
   and likely backported if that'st still needed.


   Sean Turner is the highly experienced document shepherd. 
   Stephen Farrell is the irresponsible AD.