[kitten] RFC4556 defines MODP group 2 as MTI for PKINIT
Julien Rische <jrische@redhat.com> Fri, 10 February 2023 10:15 UTC
Return-Path: <jrische@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06F3BC14CE2B for <kitten@ietfa.amsl.com>; Fri, 10 Feb 2023 02:15:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2FjORKgWFJhm for <kitten@ietfa.amsl.com>; Fri, 10 Feb 2023 02:15:05 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9232C14CF05 for <kitten@ietf.org>; Fri, 10 Feb 2023 02:15:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1676024103; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=TPOU3T7SImC9kJ4lSLfzGz/NCPfQT0WvtlVZdeNlg74=; b=SeteKr/HebjD7BIGDczZ528f7/5rl0/D+Gs8ckz8D67eM1ZaxvPZ0pickc3lO82hlZ7lPw Bcp95jpq7sIy6CNytFgiwtL9n+DWNVYWMj82DM3Oozk65UQ0hfa3p44yTolabhmuVODTCd ekDYEbj6pkl0Y/PlIDYWQJR3aOo9HJo=
Received: from mail-ot1-f69.google.com (mail-ot1-f69.google.com [209.85.210.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-311-JwkUHCbnPrqEQBWRt5Es3A-1; Fri, 10 Feb 2023 05:15:01 -0500
X-MC-Unique: JwkUHCbnPrqEQBWRt5Es3A-1
Received: by mail-ot1-f69.google.com with SMTP id 59-20020a9d0141000000b0068d44ee9b55so2081622otu.4 for <kitten@ietf.org>; Fri, 10 Feb 2023 02:15:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=TPOU3T7SImC9kJ4lSLfzGz/NCPfQT0WvtlVZdeNlg74=; b=vZPvEmbeNH9wh02Jc3WeOtcFMYmT5ietPGbwhon8Gyq8dN3sDxKJAy/0GN80ZXJpPs AnFWv3N8NVYXFmAnT7FkWRbUZ6NdPKmbaYEVxQhiIJk70LnUnplZImVeSjQksOOJ8r+H PlpJ4q+kAQM34Nf6WcpC6VijhM5l4xOap1GCq+rLk6uwD8hRquJIae6zSZwSWxXX6rRR U1qonb98oep/NDnDwiJ31Db+019C/4FIPubit6Xq1g36dG/GSAUgzm6y9+E4aPg+cX8A FUaAaErCuYFmqs1c+uoW4pzYt/V2LeOb2X7uKGlPAaOwFJpCnDKKgkqb+IagwlsBMSWa 84cw==
X-Gm-Message-State: AO0yUKXfqnEJt8kBaIMFa4h298K48tbZyw70y3Bgj9Ed7UIuXujGPmdb Fx22SeECfMcXEJyVSLF44pTcydtHJYe54DgMmHeMKpLYknIXvXZ9pmdWDtLpDu0usWZVZHIcqGN 6SwvRiImW3zI//wMtZrF/g+CA2rLuauo=
X-Received: by 2002:a05:6870:b38e:b0:16a:ad40:1840 with SMTP id w14-20020a056870b38e00b0016aad401840mr1478175oap.236.1676024099443; Fri, 10 Feb 2023 02:14:59 -0800 (PST)
X-Google-Smtp-Source: AK7set8ekw5r33z4isg07DhGzyoSbGJYWw82RM0u/oXrbDrMTv2AwPxK+iPlr+LpCnfW1vnqBXB3cVKmrOCyk1GcOXE=
X-Received: by 2002:a05:6870:b38e:b0:16a:ad40:1840 with SMTP id w14-20020a056870b38e00b0016aad401840mr1478173oap.236.1676024099166; Fri, 10 Feb 2023 02:14:59 -0800 (PST)
MIME-Version: 1.0
From: Julien Rische <jrische@redhat.com>
Date: Fri, 10 Feb 2023 11:14:48 +0100
Message-ID: <CAAATZOMwRyJcUh5GvTx8pWknfaU+zYd13RDeiL_fXXcxiK+A2A@mail.gmail.com>
To: kitten@ietf.org
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/NIAWaYp2Aoceqbq6LkzpDi_sOok>
Subject: [kitten] RFC4556 defines MODP group 2 as MTI for PKINIT
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2023 10:15:09 -0000
Hello all, While working on a PKINIT interoperability issue[1] between Heimdal and MIT krb5, I realized OpenSSL was not supporting Diffie-Hellman MODP group 2[2][3]. RFC4556[4] defines MODP groups 2 and 14[5] support as mandatory, while group 16[6] is optional. MIT krb5 supports the three of them and uses group 14 by default, while Heimdal supports the two mandatory groups (2 and 14), and uses group 2 by default. MS-PKCA[7] does not mention which groups are supported by Active Directory. I did some tests: group 14 works, but not group 16. It fails with MIT krb5 using group 2, but I am not sure if this failure means it is not supported by AD or if the error is coming from OpenSSL. I tried to test it with Heimdal, but I didn't manage to get the configuration right. I do not know when MODP group 2 support was dropped in OpenSSL. Actually I doubt it has ever been supported, since it is not part of the original set of supported well-known groups[8]. I had some exchanges with OpenSSL developers about this issue, and I have some doubts they will accept to implement support for MODP group 2 as it is now considered outdated. I opened an OpenSSL feature request[9] too. To this day, Heimdal's default MODP group has not been switched to group 14 yet[10]. Atop of that, there are ongoing plans to deprecate IKEv1 formally in an RFC: "IKEv1 systems most likely do not support modern algorithms such as AES-GCM or CHACHA20_POLY1305 and quite often only support or have been configured to use the very weak DiffieHellman Groups 2 and 5."[11] "[...] interoperability concerns mean that the defacto algorithms negotiated by IKEv1 will consist of dated or deprecated algorithms like AES-CBC, SHA1, and Diffie-Hellman groups 1 or 2."[12] In this context I am wondering if it is still relevant to keep MODP group 2 as MTI. Shouldn't we write an RFC to make its support optional and deprecate it? Maybe even make support for some stronger groups mandatory? -- Julien Rische Software Engineer Red Hat [1] https://bugzilla.redhat.com/show_bug.cgi?id=2106296 [2] https://datatracker.ietf.org/doc/html/rfc2412#appendix-E.2 [3] https://datatracker.ietf.org/doc/html/rfc2409#section-6.2 [4] https://datatracker.ietf.org/doc/html/rfc4556#page-13 [5] https://datatracker.ietf.org/doc/html/rfc3526#section-3 [6] https://datatracker.ietf.org/doc/html/rfc3526#section-5 [7] https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-PKCA/[MS-PKCA]-211006.pdf [8] https://github.com/openssl/openssl/pull/4485/files#diff-7cee78cf63720ce0328619f0ac9753ab1f4db09cd13df459694225d0101ed857R2149-R2153 [9] https://github.com/openssl/openssl/issues/18981 [10] https://github.com/heimdal/heimdal/issues/1003 [11] https://datatracker.ietf.org/doc/html/draft-pwouters-ikev1-ipsec-graveyard-00#section-3 [12] https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-ikev1-algo-to-historic#section-3
- [kitten] RFC4556 defines MODP group 2 as MTI for … Julien Rische
- Re: [kitten] RFC4556 defines MODP group 2 as MTI … Paul Wouters
- Re: [kitten] RFC4556 defines MODP group 2 as MTI … Nico Williams
- Re: [kitten] RFC4556 defines MODP group 2 as MTI … Nico Williams