Re: [Cfrg] Security proofs v DH backdoors
Tony Arcieri <bascule@gmail.com> Mon, 31 October 2016 18:59 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B755E1293D9 for <cfrg@ietfa.amsl.com>; Mon, 31 Oct 2016 11:59:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CSYx0Uqh3qty for <cfrg@ietfa.amsl.com>; Mon, 31 Oct 2016 11:59:42 -0700 (PDT)
Received: from mail-ua0-x22f.google.com (mail-ua0-x22f.google.com [IPv6:2607:f8b0:400c:c08::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 045DB129A08 for <cfrg@irtf.org>; Mon, 31 Oct 2016 11:59:42 -0700 (PDT)
Received: by mail-ua0-x22f.google.com with SMTP id 20so95840159uak.0 for <cfrg@irtf.org>; Mon, 31 Oct 2016 11:59:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=aXA5CUzh6z2n897jSnBrtZZ7VLoGtrQhRDY4PxguJEw=; b=QuhzYFkqCUIDk7U1i93Ay8Ty5mb4i/OLNzC9YmDoPTvdgo2SUR3iNGg+wTXjiluAYo juG4xyQNf5V82XCD/k2NahHTBnW7QJRFbi85Ak3XpH7RUafP08Q2EBGuk5DLivgPhyPD oVumf++gUeFG9QFR+BwjGIcRraKIREoOtEFDH9gvXhinQqEqIrF8219pfFaJDoYsnea/ +RvLCcONHAQ0T5FNdUiLND5QAYCm83w1WWEi2sNydKCvSkuwuOnsFfZlEI0xx6drhdQc zo3OpMAzanawDl4Xp7TQiv/U4NW3tA6D2hdBsxXMgz09KcOXqN/HHNTwo+QMbhRoCwio o8ZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=aXA5CUzh6z2n897jSnBrtZZ7VLoGtrQhRDY4PxguJEw=; b=XoaHmU6PsN6OEJ6L/R+jugdocuDCWIycSRjlPzv9ZTsA8ghiv3IeaG6rtsVLSlpm/L vZQIdQhRkUeyTnPP9OkHZjyVsK2FofCUeWiP6P1q5HLOqfF4qb6/WZduXR5fo/H4CIkm 845XRbRrbZPJlYdajzXZTYSX6UiyoX5GAwSX2MTInoHyZ9IrKR+Xh29Ly7qMf3KuyS0n Znma2bsWeDw0jhatXSsS6jA9QoWadSj3v+AdxYMRRLSPn6yzGf7KniETmYtrssRFvhRf t738GYIXtGESAO+VnpG5luFKfJJONcOLG3ZLJgm4f8tPFxlqTLokvpTvII7gVeYkPDLc 6p3g==
X-Gm-Message-State: ABUngvf3CEwgGIfXCbx1sh5jGLe2YMk68B1qLD4f0B5F51ZHEVPSQ8GkQMKZWeFCc7Fzh2iuXp6rO851g8WnLw==
X-Received: by 10.159.40.97 with SMTP id c88mr4952109uac.17.1477940380958; Mon, 31 Oct 2016 11:59:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.141.6 with HTTP; Mon, 31 Oct 2016 11:59:20 -0700 (PDT)
In-Reply-To: <1477907089090.8356@cs.auckland.ac.nz>
References: <20161025131014.5709905.2866.6563@blackberry.com> <20161025133016.GA9081@LK-Perkele-V2.elisa-laajakaista.fi> <1477456366629.49872@cs.auckland.ac.nz> <44595.1477524032@eng-mail01.juniper.net> <20161027103214.5709905.11728.6650@blackberry.com> <20161027125120.4d260334@pc1> <1477647359860.49982@cs.auckland.ac.nz> <CAHOTMVJprJ0HAXLcvdzeSW8N99L-_43Gh7vEqL4Z=T541TVnSQ@mail.gmail.com> <1477907089090.8356@cs.auckland.ac.nz>
From: Tony Arcieri <bascule@gmail.com>
Date: Mon, 31 Oct 2016 11:59:20 -0700
Message-ID: <CAHOTMVLJup1kzRWiargq-jh8wb+oynSTVZ8HAEQCb4ysk9ozfA@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: multipart/alternative; boundary="94eb2c0483c0680bc505402dcf98"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/zEQ7vwq39KxDSbUni9A1usvS1vA>
Cc: CFRG <cfrg@irtf.org>
Subject: Re: [Cfrg] Security proofs v DH backdoors
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 18:59:44 -0000
On Mon, Oct 31, 2016 at 2:44 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > I don't know if you could call the small number of examples shown in > various > papers "massive", it's certainly a real issue, but hardly a major one > affecting millions of systems. I don't know about "millions" (it's hard to say without stats on internal TLS deployments which aren't visible from the Internet), but Logjam was pretty pervasive, and also one of the forcing factors for the PCI council to mandate TLS 1.1 at a minimum by 2018. -- Tony Arcieri
- [Cfrg] Security proofs v DH backdoors Dan Brown
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Mark D. Baushke
- Re: [Cfrg] Security proofs v DH backdoors Dan Brown
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Daniel Bleichenbacher
- Re: [Cfrg] Security proofs v DH backdoors John Mattsson
- Re: [Cfrg] Security proofs v DH backdoors Dan Brown
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Michael Scott
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Ilari Liusvaara
- Re: [Cfrg] Security proofs v DH backdoors Salz, Rich
- Re: [Cfrg] Security proofs v DH backdoors Michael Scott
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors David Adrian
- Re: [Cfrg] Security proofs v DH backdoors Watson Ladd
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Antonio Sanso
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Hanno Böck
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Tony Arcieri
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Watson Ladd
- Re: [Cfrg] Security proofs v DH backdoors Peter Gutmann
- Re: [Cfrg] Security proofs v DH backdoors Paterson, Kenny
- Re: [Cfrg] Security proofs v DH backdoors Paterson, Kenny