Re: [openpgp] OpenPGP SEIP downgrade attack

Neil Hunsperger <Neil_Hunsperger@symantec.com> Mon, 05 October 2015 17:40 UTC

Return-Path: <Neil_Hunsperger@symantec.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6880D1B2A44 for <openpgp@ietfa.amsl.com>; Mon, 5 Oct 2015 10:40:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ZdO7P1Ksz5z for <openpgp@ietfa.amsl.com>; Mon, 5 Oct 2015 10:39:59 -0700 (PDT)
Received: from tus1smtoutpex01.symantec.com (tus1smtoutpex01.symantec.com [216.10.195.241]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8824C1B2A22 for <openpgp@ietf.org>; Mon, 5 Oct 2015 10:39:59 -0700 (PDT)
X-AuditID: d80ac3f1-f79fd6d0000022fa-2a-5612b5eef18a
Received: from tus1smtintpin01.ges.symantec.com (usdu-zone.relay.symantec.com [192.168.215.101]) by tus1smtoutpex01.symantec.com (Symantec Brightmail Gateway out) with SMTP id C6.87.08954.EE5B2165; Mon, 5 Oct 2015 18:39:58 +0100 (BST)
Received: from [155.64.220.137] (helo=TUS1XCHHUBPIN01.SYMC.SYMANTEC.COM) by tus1smtintpin01.ges.symantec.com with esmtp (Exim 4.76) (envelope-from <Neil_Hunsperger@symantec.com>) id 1Zj9jy-0007Li-N9; Mon, 05 Oct 2015 17:39:58 +0000
Received: from TUS1XCHEVSPIN35.SYMC.SYMANTEC.COM ([155.64.220.150]) by TUS1XCHHUBPIN01.SYMC.SYMANTEC.COM ([155.64.220.137]) with mapi; Mon, 5 Oct 2015 10:38:47 -0700
From: Neil Hunsperger <Neil_Hunsperger@symantec.com>
To: Jonas Magazinius <jonas.magazinius@assured.se>, "openpgp@ietf.org" <openpgp@ietf.org>, "cryptography@metzdowd.com" <cryptography@metzdowd.com>, "cfrg@mail.ietf.org" <cfrg@mail.ietf.org>
Date: Mon, 5 Oct 2015 10:39:33 -0700
Thread-Topic: [openpgp] OpenPGP SEIP downgrade attack
Thread-Index: AdD/dznvn+dBJ+g3T5CSY/fL9b5l7QAFm09Q
Message-ID: <14D026C7F297AD44AC82578DD818CDD047B949DAE1@TUS1XCHEVSPIN35.SYMC.SYMANTEC.COM>
References: <56128436.40607@assured.se>
In-Reply-To: <56128436.40607@assured.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-RouteViaPGP: true
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrHIsWRmVeSWpSXmKPExsVyYMX1VN13W4XCDM72G1psPH6GxeJGzwtG i76lTYwWDf8esjuweGy6sZHFY8mSn0wezYvms3lM+9/LFsASxWWTkpqTWZZapG+XwJXxb18j W8E+torpP88wNzCuYOti5OSQEDCReNV6nx3CFpO4cG89UJyLQ0jgLaNE+6Uudjjnwee5jBDO SkaJCZOmMIO0sAG1r53exgRiiwgcZJR4fr8axGYRUJH43rAMqIaDQxio5uwJfogSU4mmZUfY IWwjibnnHrOC2LwCURJf3mwEGyMkoC6x+dYmsDingIZE36+9YKsYga77fmoNWA2zgLjErSfz mSCuFpBYsuc8M4QtKvHy8T9WiHpRiTvt6xlBTmAW0JRYv0sfolVRYkr3Q3aItYISJ2c+YYFo FZZo+/WafQKj+CwkG2YhdM9C0j0LSfcCRpZVjDIlpcWGxbkl+aUlBakVBoZ6xZW5icA4TNZL zs/dxAiMxRtchz/uYDy61/EQowAHoxIPb+Z6oTAh1sQyoMpDjBIczEoivA0dQCHelMTKqtSi /Pii0pzU4kOM0hwsSuK8wlmvQoUE0hNLUrNTUwtSi2CyTBycUg2Mk91jyop/6qYfvXdtufXL G+o3C6MuO6w+VdV+om+dmef26IevGS+4T8l2mXa2X+9R6JVihTvpVRO/5PyYzu6a8Y9BclPJ Co1Su4eih+pXR8yesf/wXGaDQ6cPeD9Z9e75VWn/UO0XP3bx3Ppx/s6L1cESG7kCDjXwX9H5 3qApZVDVJlgqdFx/oxJLcUaioRZzUXEiAPRDdTbBAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/MFPLhoOQKiOzBA8c2iTdWGyx8k0>
Subject: Re: [openpgp] OpenPGP SEIP downgrade attack
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 17:40:00 -0000

From: openpgp [mailto:openpgp-bounces@ietf.org] On Behalf Of Jonas Magazinius
> I've recently been analysing the OpenPGP standard and have found that it is vulnerable to a chosen-ciphertext attack to downgrade an SEIP packet to a plain SE packet.

> I was going to submit a paper about the attack, but considering how quickly the challenge was cracked I realised the urgency to report this.

Assuming SE and SEIP now have equivalent security, does anyone suspect a real-world impact? I.e. is there software that trusts encrypted unsigned data more than it trusts unencrypted unsigned data?

-Neil