Re: [Cfrg] Security proofs v DH backdoors

Tony Arcieri <bascule@gmail.com> Mon, 31 October 2016 18:59 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B755E1293D9 for <cfrg@ietfa.amsl.com>; Mon, 31 Oct 2016 11:59:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CSYx0Uqh3qty for <cfrg@ietfa.amsl.com>; Mon, 31 Oct 2016 11:59:42 -0700 (PDT)
Received: from mail-ua0-x22f.google.com (mail-ua0-x22f.google.com [IPv6:2607:f8b0:400c:c08::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 045DB129A08 for <cfrg@irtf.org>; Mon, 31 Oct 2016 11:59:42 -0700 (PDT)
Received: by mail-ua0-x22f.google.com with SMTP id 20so95840159uak.0 for <cfrg@irtf.org>; Mon, 31 Oct 2016 11:59:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=aXA5CUzh6z2n897jSnBrtZZ7VLoGtrQhRDY4PxguJEw=; b=QuhzYFkqCUIDk7U1i93Ay8Ty5mb4i/OLNzC9YmDoPTvdgo2SUR3iNGg+wTXjiluAYo juG4xyQNf5V82XCD/k2NahHTBnW7QJRFbi85Ak3XpH7RUafP08Q2EBGuk5DLivgPhyPD oVumf++gUeFG9QFR+BwjGIcRraKIREoOtEFDH9gvXhinQqEqIrF8219pfFaJDoYsnea/ +RvLCcONHAQ0T5FNdUiLND5QAYCm83w1WWEi2sNydKCvSkuwuOnsFfZlEI0xx6drhdQc zo3OpMAzanawDl4Xp7TQiv/U4NW3tA6D2hdBsxXMgz09KcOXqN/HHNTwo+QMbhRoCwio o8ZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=aXA5CUzh6z2n897jSnBrtZZ7VLoGtrQhRDY4PxguJEw=; b=XoaHmU6PsN6OEJ6L/R+jugdocuDCWIycSRjlPzv9ZTsA8ghiv3IeaG6rtsVLSlpm/L vZQIdQhRkUeyTnPP9OkHZjyVsK2FofCUeWiP6P1q5HLOqfF4qb6/WZduXR5fo/H4CIkm 845XRbRrbZPJlYdajzXZTYSX6UiyoX5GAwSX2MTInoHyZ9IrKR+Xh29Ly7qMf3KuyS0n Znma2bsWeDw0jhatXSsS6jA9QoWadSj3v+AdxYMRRLSPn6yzGf7KniETmYtrssRFvhRf t738GYIXtGESAO+VnpG5luFKfJJONcOLG3ZLJgm4f8tPFxlqTLokvpTvII7gVeYkPDLc 6p3g==
X-Gm-Message-State: ABUngvf3CEwgGIfXCbx1sh5jGLe2YMk68B1qLD4f0B5F51ZHEVPSQ8GkQMKZWeFCc7Fzh2iuXp6rO851g8WnLw==
X-Received: by 10.159.40.97 with SMTP id c88mr4952109uac.17.1477940380958; Mon, 31 Oct 2016 11:59:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.141.6 with HTTP; Mon, 31 Oct 2016 11:59:20 -0700 (PDT)
In-Reply-To: <1477907089090.8356@cs.auckland.ac.nz>
References: <20161025131014.5709905.2866.6563@blackberry.com> <20161025133016.GA9081@LK-Perkele-V2.elisa-laajakaista.fi> <1477456366629.49872@cs.auckland.ac.nz> <44595.1477524032@eng-mail01.juniper.net> <20161027103214.5709905.11728.6650@blackberry.com> <20161027125120.4d260334@pc1> <1477647359860.49982@cs.auckland.ac.nz> <CAHOTMVJprJ0HAXLcvdzeSW8N99L-_43Gh7vEqL4Z=T541TVnSQ@mail.gmail.com> <1477907089090.8356@cs.auckland.ac.nz>
From: Tony Arcieri <bascule@gmail.com>
Date: Mon, 31 Oct 2016 11:59:20 -0700
Message-ID: <CAHOTMVLJup1kzRWiargq-jh8wb+oynSTVZ8HAEQCb4ysk9ozfA@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: multipart/alternative; boundary=94eb2c0483c0680bc505402dcf98
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/zEQ7vwq39KxDSbUni9A1usvS1vA>
Cc: CFRG <cfrg@irtf.org>
Subject: Re: [Cfrg] Security proofs v DH backdoors
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 18:59:44 -0000

On Mon, Oct 31, 2016 at 2:44 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz>
wrote:

> I don't know if you could call the small number of examples shown in
> various
> papers "massive", it's certainly a real issue, but hardly a major one
> affecting millions of systems.


I don't know about "millions" (it's hard to say without stats on internal
TLS deployments which aren't visible from the Internet), but Logjam was
pretty pervasive, and also one of the forcing factors for the PCI council
to mandate TLS 1.1 at a minimum by 2018.

-- 
Tony Arcieri