Re: [Lurk] Lurk: new undetectable backdoor possibility?
"Diego R. Lopez" <diego.r.lopez@telefonica.com> Thu, 30 June 2016 12:58 UTC
Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F83E12D0DA for <lurk@ietfa.amsl.com>; Thu, 30 Jun 2016 05:58:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.027
X-Spam-Level:
X-Spam-Status: No, score=-4.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nU7CRX7Q-Ios for <lurk@ietfa.amsl.com>; Thu, 30 Jun 2016 05:58:34 -0700 (PDT)
Received: from smtpjc.telefonica.com (smtpjc.telefonica.com [81.47.204.76]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32FCB12D08E for <lurk@ietf.org>; Thu, 30 Jun 2016 05:58:34 -0700 (PDT)
Received: from smtpjc.telefonica.com (localhost6.localdomain6 [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 01D541B87B8; Thu, 30 Jun 2016 14:58:31 +0200 (CEST)
Received: from ESTGVMSP112.EUROPE.telefonica.corp (unknown [10.92.4.9]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "ESTGVMSP112", Issuer "ESTGVMSP112" (not verified)) by smtpjc.telefonica.com (Postfix) with ESMTPS id DC3061B879E; Thu, 30 Jun 2016 14:58:30 +0200 (CEST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (10.92.5.139) by tls.telefonica.com (10.93.6.54) with Microsoft SMTP Server (TLS) id 14.3.266.1; Thu, 30 Jun 2016 14:58:29 +0200
Received: from DB6PR0601MB2167.eurprd06.prod.outlook.com (10.168.57.26) by DB6PR0601MB2166.eurprd06.prod.outlook.com (10.168.57.25) with Microsoft SMTP Server (TLS) id 15.1.523.4; Thu, 30 Jun 2016 12:55:26 +0000
Received: from DB6PR0601MB2167.eurprd06.prod.outlook.com ([10.168.57.26]) by DB6PR0601MB2167.eurprd06.prod.outlook.com ([10.168.57.26]) with mapi id 15.01.0523.019; Thu, 30 Jun 2016 12:55:26 +0000
From: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
To: Dmitry Belyavsky <beldmit@gmail.com>
Thread-Topic: [Lurk] Lurk: new undetectable backdoor possibility?
Thread-Index: AQHR0rlpXpCKA80ZFke2w81/P9agHKAB6ZYAgAAFq4CAAAiggA==
Date: Thu, 30 Jun 2016 12:55:26 +0000
Message-ID: <C8B111DA-7EE7-4BE8-A8FB-F867FFC447F0@telefonica.com>
References: <CADqLbzJfoW2Ta5wUKi35CAn97MoGsDAVkVWSyUu-iEgocA_=qA@mail.gmail.com> <D39AC438.6B266%thomas.fossati@alcatel-lucent.com> <CADqLbzKO+_qRvnPcnBAZ3R8GbCuUsvX6pOMuJD_f8JzVDVPdQg@mail.gmail.com>
In-Reply-To: <CADqLbzKO+_qRvnPcnBAZ3R8GbCuUsvX6pOMuJD_f8JzVDVPdQg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=diego.r.lopez@telefonica.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [195.97.38.51]
x-ms-office365-filtering-correlation-id: 8196a872-84ec-4276-baea-08d3a0e5cebe
x-microsoft-exchange-diagnostics: 1; DB6PR0601MB2166; 6:/7qukvVLj6K0xrgvNun39eqr+ACVueTcjqpiRuskissjV4H47Uf/aWb02J1DyT5QhCWpT4ziLOQ8INsTLDfgzma9fz8ZdFPSRqLWCTGI0F0K/LT/QwWwsTzGooIMCdO60eMgzj5RV6n3LpM8/lXJM2C2yj4rEyKn4Il9jvMJjZ6BWdMeRK6cZx7vedXrniCtH4vzGWLM3KzO/3ECnFo+JQJIHJeu2nKmF74raa/o7bdGP3Np/owa7HdH5N39Dq+ZQoFZdkVscGgd988UR2/WrXu/Cn2gsvpxvFyiVQLieJVP1uyXKqY0Fq/D6b7UhDXu; 5:whfmQpCal9CnQhO9V8VLvqFNbiBsFM/2dKnOtm7sJ1rgR7+WPEgf+xDwpXOhdYwXfTg2tjAvN3/h42gHgBXtuCOKviGbVdGOn/TuvxYQsX40BejCpO5srYZftN14QlfWHPo4ijcEA9nk50T2xj3ndQ==; 24:mNZhmseoAd/s60cGW3ZWfAxcsZeRhZ7cKWEeTfPpI3wqtvt/78vR0qVXFT49c5SiPk/KvMkM5lNbcriEIHt+Ob291uh+IMclE6u10OMPhQM=; 7:lp8Y70MbIx29E4efIkF08S+LOTJrCeoVvdsEsIw14ekDaZ3gYTE9LNe8vXhBNAsiM3bDnLAPo8AKXzDQX7iIhE0BpXdDbY+r/nbsQ+ZTWQGxkwuYbJsmgHsXxFwsq8A/hXilUpH+MzCgxKSozJdIrdYyrlJmS/KWTV0TGMHSMOZTccwUZcKIyTQhhU0g58Dn85OiF+pI2nQs8LZx0LV1OYPO9PCN2Cb44Kvuj0KMU/ay4xGmqBR9uM9ilDU0yNQE+5XNh7uX3BwnFHnQqM8WqQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0601MB2166;
x-microsoft-antispam-prvs: <DB6PR0601MB21664DE11FDD757A216B9CE5DF240@DB6PR0601MB2166.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(40392960112811)(158342451672863)(82608151540597);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:DB6PR0601MB2166; BCL:0; PCL:0; RULEID:; SRVR:DB6PR0601MB2166;
x-forefront-prvs: 0989A7979C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(189002)(24454002)(252514010)(199003)(377454003)(50986999)(76176999)(19617315012)(54356999)(68736007)(7846002)(66066001)(15975445007)(586003)(2906002)(16236675004)(7736002)(2900100001)(87936001)(8936002)(77096005)(7906003)(6116002)(3280700002)(36756003)(2950100001)(86362001)(3846002)(122556002)(102836003)(101416001)(11100500001)(92566002)(4326007)(81156014)(3660700001)(110136002)(82746002)(106356001)(106116001)(105586002)(81166006)(83716003)(1411001)(33656002)(10400500002)(8676002)(5002640100001)(97736004)(19580395003)(19580405001)(189998001)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB6PR0601MB2166; H:DB6PR0601MB2167.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_C8B111DA7EE74BE8A8FBF867FFC447F0telefonicacom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jun 2016 12:55:26.4311 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0601MB2166
X-OriginatorOrg: telefonica.com
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/JDy20XDW_VnepABKHpuJmre4aQU>
Cc: "Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com>, LURK BoF <lurk@ietf.org>
Subject: Re: [Lurk] Lurk: new undetectable backdoor possibility?
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 12:58:39 -0000
Hi, I am afraid I do not follow the rationale behind that supposed attack. If it is the key owner colluding with some data collector (government-related or not, why should be connected with a government?) would not be way easier to simply share the logs with that data collector? Be goode, On 30 Jun 2016, at 15:24 , Dmitry Belyavsky <beldmit@gmail.com<mailto:beldmit@gmail.com>> wrote: Hello Thomas, On Thu, Jun 30, 2016 at 3:04 PM, Fossati, Thomas (Nokia - GB) <thomas.fossati@nokia.com<mailto:thomas.fossati@nokia.com>> wrote: Hi Dmitry I think I found a new undetectable LURK-specific backdoor possibility. The (government-related) attacker installs an extra frontend server and redirects a victim DNS requests to it. The only thing the attacker needs from the key owner to perform this attack is a certificate to make the attacker's frontend server capable to send requests and obtain responses from the key server. The attack described does not cause the Key owner's key compromise and does not require to issue a bogus certificate for the Key owner's domain. So if I am not mistaken, the attack is technically undetectable if the Key owner agrees to provide such a possibility. Please correct me if I am wrong. Is it an attack on the protocol if you need to collude with the Key owner to run it successfully? No, the attack I describe is not an attack on the protocol. It is an attack that can be named "Key abuse". And it is much "cheaper" to the Key owner than just providing a private key. -- SY, Dmitry Belyavsky _______________________________________________ Lurk mailing list Lurk@ietf.org<mailto:Lurk@ietf.org> https://www.ietf.org/mailman/listinfo/lurk -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com> Tel: +34 913 129 041 Mobile: +34 682 051 091 ---------------------------------- ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
- Re: [Lurk] Lurk: new undetectable backdoor possib… Dmitry Belyavsky
- Re: [Lurk] Lurk: new undetectable backdoor possib… Fossati, Thomas (Nokia - GB)
- Re: [Lurk] Lurk: new undetectable backdoor possib… Fossati, Thomas (Nokia - GB)
- Re: [Lurk] Lurk: new undetectable backdoor possib… Diego R. Lopez
- Re: [Lurk] Lurk: new undetectable backdoor possib… Diego R. Lopez
- Re: [Lurk] Lurk: new undetectable backdoor possib… Dmitry Belyavsky
- [Lurk] Lurk: new undetectable backdoor possibilit… Dmitry Belyavsky