Re: [Cfrg] question about DH identity theft vulnerabilities
Paul Hoffman <paul.hoffman@vpnc.org> Mon, 28 February 2011 14:56 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: cfrg@core3.amsl.com
Delivered-To: cfrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D30603A6947 for <cfrg@core3.amsl.com>; Mon, 28 Feb 2011 06:56:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.559
X-Spam-Level:
X-Spam-Status: No, score=-100.559 tagged_above=-999 required=5 tests=[AWL=-0.372, BAYES_20=-0.74, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jLJPPt3VKeoX for <cfrg@core3.amsl.com>; Mon, 28 Feb 2011 06:56:41 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 2679F3A6938 for <cfrg@irtf.org>; Mon, 28 Feb 2011 06:56:41 -0800 (PST)
Received: from MacBook-08.local (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p1SEuPOt076402 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <cfrg@irtf.org>; Mon, 28 Feb 2011 07:56:26 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Message-ID: <4D6BB799.2060601@vpnc.org>
Date: Mon, 28 Feb 2011 06:56:25 -0800
From: Paul Hoffman <paul.hoffman@vpnc.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: cfrg@irtf.org
References: <7CC566635CFE364D87DC5803D4712A6C4CED25AF08@XCH-NW-10V.nw.nos.boeing.com> <20110228072410.GA3460@netbook.cypherspace.org>
In-Reply-To: <20110228072410.GA3460@netbook.cypherspace.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [Cfrg] question about DH identity theft vulnerabilities
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Feb 2011 14:56:41 -0000
I agree with Adam's interpretation of what the draft is trying to say. However, I think the draft calling it "identity theft" is a gross overstatement. In the common usage, "identity theft" means an attacker getting personally identifiable information that can be used to impersonate the attacked party. That is absolutely not what is happening in HIP. An attacker can find out the public key being used by the attacked party, and if that key comes with a string for matching (such as a domain name or IP address), the attacker gets that as well. Without the private key, the attacker has no way to use the identity information to impersonate the attacked party, period. If there is a concern that the identifying string somehow reveals information that can identify the party, then use strings that don't reveal such information. Either the relying party needs some good identifier for the protocol, or they don't. --Paul Hoffman
- [Cfrg] question about DH identity theft vulnerabi… Henderson, Thomas R
- Re: [Cfrg] question about DH identity theft vulne… Adam Back
- Re: [Cfrg] question about DH identity theft vulne… Paul Hoffman