"Supported groups" in RFC 8446 (TLS 1.3)

LUN

5/9/24, 6:08 PM

What is meant by "supported groups" in the section 4.2.7. "Supported Groups" of RFC 8446:
/* Finite Field Groups (DHE) */
ffdhe2048(0x0100), ffdhe3072(0x0101), etc:

Is the digits - 2048, 3072 (and groups) etc - are simply numbers of bits of the parameter p (module) in DF algorythm or something else ?

149

2 + 0

finite-field

diffie-hellman

Score:2

Crypto

poncho

5/9/24, 6:19 PM

Is the digits - 2048, 3072 (and groups) etc - are simply numbers of bits of the parameter p (module) in DF algorythm or something else ?

These names are references to the groups defined in RFC 7919; the actual digits refer to the number of bits within the prime modulus. For example, ffdhe2048 uses a 2048 bit prime modulus.

+ 1

LUN

5/9/24, 6:25 PM

Thank you very much!

Score:0

Crypto

Maarten Bodewes

5/9/24, 6:24 PM

They are referring to the parameters required to perform DH operations. For (EC)DH operations it takes a long time compute a set of secure parameters. Hence the parameters are "named" and then referenced using the name, an OID, or in the case of TLS, a set of two bytes (or one 16-bit word) that indicate the parameters used. This also cuts down on communication overhead, of course.

The key agreement operation is then performed with a non generic-public / private key value and the required set of parameters. This derives the master secret, the master key and finally the session keys that are used to encrypt the messages.

The standard itself references RFC 7919:

Finite Field Groups (DHE): Indicates support for the corresponding finite field group, defined in [RFC7919]. Values 0x01FC through 0x01FF are reserved for Private Use.

In particular Appendix A, which lists all the required parameters values for the various groups. The parameters themselves are usually present in the various cryptographic libraries and can be retrieved using a mapping name -> map of parameter values.

+ 1

LUN

5/9/24, 6:52 PM

Thank you very much!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: "Supported groups" in RFC 8446 (TLS 1.3)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.