Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: RFC Editor <email@example.com>, tls mailing list <firstname.lastname@example.org>, tls chair <email@example.com> Subject: Protocol Action: 'Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS' to Proposed Standard (draft-ietf-tls-negotiated-ff-dhe-10.txt) The IESG has approved the following document: - 'Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS' (draft-ietf-tls-negotiated-ff-dhe-10.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-negotiated-ff-dhe/
Technical Summary Traditional finite-field-based Diffie-Hellman (DH) key exchange during the TLS handshake suffers from a number of security, interoperability, and efficiency shortcomings. These shortcomings arise from lack of clarity about which DH group parameters TLS servers should offer and clients should accept. This document offers a solution to these shortcomings for compatible peers by using a section of the TLS "EC Named Curve Registry" to establish common finite-field DH parameters with known structure and a mechanism for peers to negotiate support for these groups. Working Group Summary This was well debated in the WG and the idea is very well supported as it's a useful security improvement. Document Quality This has had plenty of review. I'm not sure if there are current implementations, but TLS1.3 will also adopt this approach so it will be implemented then at least and likely backported if that'st still needed. Personnel Sean Turner is the highly experienced document shepherd. Stephen Farrell is the irresponsible AD.