Re: [Anima-bootstrap] Crypto parameters [Re: a repost of summary]
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 06 July 2015 00:46 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86A331B29C5 for <anima-bootstrap@ietfa.amsl.com>; Sun, 5 Jul 2015 17:46:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mrys0piTZMjd for <anima-bootstrap@ietfa.amsl.com>; Sun, 5 Jul 2015 17:46:39 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49D241B29C4 for <anima-bootstrap@ietf.org>; Sun, 5 Jul 2015 17:46:39 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 46D9820012 for <anima-bootstrap@ietf.org>; Sun, 5 Jul 2015 21:02:27 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 38FBF63AEC; Sun, 5 Jul 2015 20:46:37 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 1D32363AE8 for <anima-bootstrap@ietf.org>; Sun, 5 Jul 2015 20:46:37 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: anima-bootstrap@ietf.org
In-Reply-To: <5599BCD2.1080306@gmail.com>
References: <11466.1435154789@sandelman.ca> <5599BCD2.1080306@gmail.com>
X-Mailer: MH-E 8.6; nmh 1.3-dev; GNU Emacs 24.4.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Sun, 05 Jul 2015 20:46:37 -0400
Message-ID: <2824.1436143597@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: <http://mailarchive.ietf.org/arch/msg/anima-bootstrap/UBxKZnB4_MMdILVrBhw_offkH-0>
Subject: Re: [Anima-bootstrap] Crypto parameters [Re: a repost of summary]
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 00:46:40 -0000
Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: > I'm in catch-up mode: On 25/06/2015 02:06, Michael Richardson wrote: > ... >> it turns out there is an additional benefit in making the constrained >> node the TLS "Server" -- side. Specifically, it means that the >> selection of crypto parameters is done by the more constrained device, > Point taken, but isn't that also an exposure to a downgrade attack by a > bad actor pretending to be constrained in order to reduce algorithm or > key strength? The bad actor would have to conduct a man-in-the-middle attack. (If it's just pretending to be another device, then it's just some kind of impersonation attack) Once the bad actor had done the MITM to substitute poorer crypto, the initiator (the domain owner/registrar) would then have to incorrectly accept a cipher that it didn't propose. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Anima-bootstrap] a repost of summary Michael Richardson
- Re: [Anima-bootstrap] a repost of summary Michael Behringer (mbehring)
- [Anima-bootstrap] MB review of Bootstrap charter … Michael Richardson
- [Anima-bootstrap] Crypto parameters [Re: a repost… Brian E Carpenter
- Re: [Anima-bootstrap] Crypto parameters [Re: a re… Michael Richardson