Re: [Cfrg] Security proofs v DH backdoors

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 31 October 2016 09:46 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 294A3129604 for <cfrg@ietfa.amsl.com>; Mon, 31 Oct 2016 02:46:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.697
X-Spam-Level:
X-Spam-Status: No, score=-5.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-pOHAjPgN63 for <cfrg@ietfa.amsl.com>; Mon, 31 Oct 2016 02:46:20 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6EBC12960D for <cfrg@irtf.org>; Mon, 31 Oct 2016 02:46:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1477907160; x=1509443160; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=uDBIn6YrkkTSLxlBZPRe5czjBLvTnDOqfLUEgqEi01A=; b=R/PTlIYSP7wi8jTFzzu0h+o0fuDjHJjHb9JBgla6YUxB9rSIeLxLe98d tbPGlfXFSTqYS6jlM2tlzuNyT7y3clPy/Q6MICdicc3YOQayrQHd1W64m jSECWYQQXa0YLLyvyEg6bazEBdkQjegeTusI4o4BlonstAOUFWzXEDnJe mrjuQ6IiOvdx16IxuZQTl079JxTYvEAXR+fDG7NkTOTIKWaUXWd5uhjyS KWRf/r1JNnYA4BIYIxor13zdRVuqg0voQyKrHcBfn4FbShWvDHUg6ujeK NYPIyvGMFQ+Kscq4Gv1jaPpDttr7bNzOIlF2Mo2xOkp3M3zofNOdl6Kwx A==;
X-IronPort-AV: E=Sophos;i="5.31,426,1473076800"; d="scan'208";a="112831788"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.2 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-ogg-a.UoA.auckland.ac.nz) ([10.6.2.2]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 31 Oct 2016 22:45:59 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-a.UoA.auckland.ac.nz (10.6.2.2) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 31 Oct 2016 22:45:58 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1178.000; Mon, 31 Oct 2016 22:45:59 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: David Adrian <davadria@umich.edu>, =?iso-8859-1?Q?Hanno_B=F6ck?= <hanno@hboeck.de>, Dan Brown <danibrown@blackberry.com>
Thread-Topic: [Cfrg] Security proofs v DH backdoors
Thread-Index: AQHSMEAWZy2e+SPalEyp/G+CJ2BAv6C9nFXGgAMqZgCAAY+1IA==
Date: Mon, 31 Oct 2016 09:45:58 +0000
Message-ID: <1477907157000.57264@cs.auckland.ac.nz>
References: <20161025131014.5709905.2866.6563@blackberry.com> <20161025133016.GA9081@LK-Perkele-V2.elisa-laajakaista.fi> <1477456366629.49872@cs.auckland.ac.nz> <44595.1477524032@eng-mail01.juniper.net> <20161027103214.5709905.11728.6650@blackberry.com> <20161027125120.4d260334@pc1> <1477647359860.49982@cs.auckland.ac.nz>, <CACf5n7-d1ox8DiFs+T9Qf73DO8kT09-y6sSqGL3OW-2+0SrPNg@mail.gmail.com>
In-Reply-To: <CACf5n7-d1ox8DiFs+T9Qf73DO8kT09-y6sSqGL3OW-2+0SrPNg@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/UOeMGNneIt5dY0GWy4RTiEEQ1DY>
Cc: CFRG <cfrg@irtf.org>
Subject: Re: [Cfrg] Security proofs v DH backdoors
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 09:46:21 -0000

David Adrian <davadria@umich.edu> writes:

>Could you point to some of these surveys?   

Sure, see e.g. the paper referenced in the LTS draft, "TLS in the Wild: An
Internet-Wide Analysis of TLS-Based Protocols for Electronic Communication",
table IV, "Passive monitoring observed connections".  That's for the public
internet, for the non-public (SCADA/embedded/etc) there's no easy way to do a
survey like this so the info is all anecdotal, but there it's pretty much 1.0
all the way (probably helped by the fact that until quite recently that was
what was mandated by major standards like 62351-3.  It's OK though, there was
an addendum to say you were allowed to use AES with it).

Peter.