[gnutls-devel] overall sec_param (weakest link) for a gnutls session?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Dec 4 15:52:10 CET 2013

On 12/04/2013 03:57 AM, Alfredo Pironti wrote:
> Indeed, an implementation could check whether the server prime is in a
> "white list" of known good primes. A bit like negotiating a named
> elliptic curve, or like SSH does by negotiating named DH groups. I
> actually don't understand why TLS leaves all this dangerous freedom,
> and does not allow negotiation of named groups; sounds a bit like
> those NSA-instilled bugs... ;-)

the more i learn about the underlying math and the protocol itself, the
more i agree with this sentiment.  I'm starting work on a DH negotiation
TLS extension that will include (and encourage) named groups; i hope to
publish a (i'm sure very rough) first draft for review in the TLS WG
sometime next week.  I would be very happy to get feedback or
collaboration on that if you're interested.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20131204/afa861bc/attachment.sig>

More information about the Gnutls-devel mailing list