Re: [openpgp] OpenPGP SEIP downgrade attack

David Leon Gil <coruus@gmail.com> Tue, 06 October 2015 02:20 UTC

Return-Path: <coruus@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 092A51B359B for <openpgp@ietfa.amsl.com>; Mon, 5 Oct 2015 19:20:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KEC1PhZmbuC2 for <openpgp@ietfa.amsl.com>; Mon, 5 Oct 2015 19:20:08 -0700 (PDT)
Received: from mail-yk0-x236.google.com (mail-yk0-x236.google.com [IPv6:2607:f8b0:4002:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F4311B3596 for <openpgp@ietf.org>; Mon, 5 Oct 2015 19:20:08 -0700 (PDT)
Received: by ykdz138 with SMTP id z138so190083354ykd.2 for <openpgp@ietf.org>; Mon, 05 Oct 2015 19:20:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=WgszJHpAH6opsdJracIuIUzV1XkTljfhgKmo0b2RQmI=; b=wd75hJjphpp1M2pqyAD+nfmwDKVL9z1nGUyk8tEBVJ8y3LHLYozZglYefLoVzjfnHC hyn+RQAd0k8TK7p9gtyqdhQGEBrhjbgs03J3Wd8w+0d6qLFq8n7rPfPBpXAAu5Tlk8o5 KNohF7k1h4Ku7S/QPhGGgQUdU1s1kh2KpdL7ZRhAqRpw7WJlc1N08KAzgWBAbwnDVAUl 9jsw05OX2zkAHHI98p7w41coDjc1Q/mnUecBHXYLIdPdpsq9UQ/0I9OobuyzFre+U+p8 eg4zzdQyZ35R1osEPW2dpeHBdVDLhHN7WzMpbj/SMpPVwahG4onMF5QW2K0kHkAjn+Pe kssQ==
X-Received: by 10.129.49.149 with SMTP id x143mr27917364ywx.147.1444098007547; Mon, 05 Oct 2015 19:20:07 -0700 (PDT)
MIME-Version: 1.0
References: <56128436.40607@assured.se> <87y4fh4210.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B28383@uxcn10-5.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73F4B28383@uxcn10-5.UoA.auckland.ac.nz>
From: David Leon Gil <coruus@gmail.com>
Date: Tue, 06 Oct 2015 02:19:58 +0000
Message-ID: <CAA7UWsXcdsYMSBETxo_cfM3t4b5y0VsDPtkpdps58O3p6Dd+LA@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Werner Koch <wk@gnupg.org>, Jonas Magazinius <jonas.magazinius@assured.se>
Content-Type: multipart/alternative; boundary=001a1140781ec2c68f052166446e
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/Aek-NLcZfsaaom3xg5Ns81AkrKs>
Cc: "cfrg@mail.ietf.org" <cfrg@mail.ietf.org>, "openpgp@ietf.org" <openpgp@ietf.org>, "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Subject: Re: [openpgp] OpenPGP SEIP downgrade attack
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2015 02:20:10 -0000

This is a very nice explanation of the downgrade attack. I suspect that its
discovery predates your work: See
https://github.com/google/end-to-end/issues/161 (scroll down a bit) for a
bug where I note it.

On Mon, Oct 5, 2015 at 6:52 PM Peter Gutmann <pgut001@cs.auckland.ac.nz>;
wrote:

> Werner Koch <wk@gnupg.org>; writes:
>
> >More important however is my remark that we need to get MDC deployed so
> >that we can issue an error for non MDC packets instead of just a warning.
>
> We don't need to get it deployed, we need to get it replaced by encrypt-
> then-MAC, with the whole handled in a manner where downgrade attacks aren't
> possible.
>
> Peter.
>
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp
>