Re: [kitten] draft-ietf-kitten-rfc4402bis-00 (was: Re: WGLC for three "bis" documents: draft-ietf-kitten-rfc4402bis-00, draft-ietf-kitten-rfc5653bis-01, draft-ietf-kitten-rfc6112bis-00)

Nico Williams <nico@cryptonector.com> Wed, 18 February 2015 03:40 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C2211A86EF for <kitten@ietfa.amsl.com>; Tue, 17 Feb 2015 19:40:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.044
X-Spam-Level:
X-Spam-Status: No, score=-1.044 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tnBaIBKK7zo6 for <kitten@ietfa.amsl.com>; Tue, 17 Feb 2015 19:40:58 -0800 (PST)
Received: from homiemail-a89.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 5F1391A86E3 for <kitten@ietf.org>; Tue, 17 Feb 2015 19:40:58 -0800 (PST)
Received: from homiemail-a89.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a89.g.dreamhost.com (Postfix) with ESMTP id 20F19318059 for <kitten@ietf.org>; Tue, 17 Feb 2015 19:40:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=uy2+zSDdxHyNX8zJZq2E 4vWWfXQ=; b=RTsT4L+/G6uCqyhZckTiro53Ovuv2W3n1hn2wTq9kERmUiZeOGrN BDprALjTpw+qp6O0XyTFGxkKAF+XpZXtHsSDriTvqzSTTDyY+fPBm8XYvlj1A1dN BuRzxs5Wd5HHBg9zwibWOJ5gCXnQJBDZzhQe/SlGq8qIbxHYEchwqHI=
Received: from mail-ie0-f181.google.com (mail-ie0-f181.google.com [209.85.223.181]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a89.g.dreamhost.com (Postfix) with ESMTPSA id 0D82031805D for <kitten@ietf.org>; Tue, 17 Feb 2015 19:40:58 -0800 (PST)
Received: by iecrp18 with SMTP id rp18so30519856iec.9 for <kitten@ietf.org>; Tue, 17 Feb 2015 19:40:57 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.107.27.143 with SMTP id b137mr13976974iob.76.1424230857559; Tue, 17 Feb 2015 19:40:57 -0800 (PST)
Received: by 10.64.130.66 with HTTP; Tue, 17 Feb 2015 19:40:57 -0800 (PST)
In-Reply-To: <alpine.GSO.1.10.1502172140380.3953@multics.mit.edu>
References: <alpine.GSO.1.10.1501201753140.23489@multics.mit.edu> <54CE9F5B.9070808@mit.edu> <alpine.GSO.1.10.1502131258090.3953@multics.mit.edu> <54E2BFE4.4000003@oracle.com> <alpine.GSO.1.10.1502172140380.3953@multics.mit.edu>
Date: Tue, 17 Feb 2015 21:40:57 -0600
Message-ID: <CAK3OfOirmVgxgmW7LzO18yuC8ZFCHJs2HsB4wK-0bxpNSAFGuw@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/AsPXHCG6B65HtFBEKScUNdb1ABs>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] draft-ietf-kitten-rfc4402bis-00 (was: Re: WGLC for three "bis" documents: draft-ietf-kitten-rfc4402bis-00, draft-ietf-kitten-rfc5653bis-01, draft-ietf-kitten-rfc6112bis-00)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2015 03:40:59 -0000

On Tue, Feb 17, 2015 at 8:43 PM, Benjamin Kaduk <kaduk@mit.edu>; wrote:
> On Mon, 16 Feb 2015, Shawn M Emery wrote:
>> Thanks for your review, comments in-line...
>> On 02/13/15 11:16 AM, Benjamin Kaduk wrote:
>>
>> > The original RFC 4402 security considerations include:
>> >
>> >     [...] if an
>> >     application can be tricked into providing very large input octet
>> >     strings and requesting very long output octet strings, then that may
>> >     constitute a denial of service attack on the application; therefore,
>> >     applications SHOULD place appropriate limits on the size of any input
>> >     octet strings received from their peers without integrity protection.
>> >
>> > It is not clear to me that integrity protection is sufficient to alleviate
>> > the denial of service attack, since verifying the message integrity may
>> > itself consume a substantial amount of resources.
>>
>> I interpret this statement differently:
>>
>>     If integrity protection is not enforced then an attacker can construct an
>> arbitrarily long string.
>
>
> Woudln't the attacker be able to do that without needing a very large
> input string, though?  I guess the claims it that each individual
> pseudo-random() call is more expensive on a long input, so your
> interpretation is still plausible.

I think the original was about use of the PRF to bind something like,
say, a TLS handshake.  Now suppose you send such messages that are
very large prior to completing authentication.

Anyways, it's not a realistic problem.  I think that was stretching to
cover what in retrospect strikes me as a non-issue.

Nico
--