[radext] Re: Selfie Attack on TLS-PSK

Margaret Cullen <mrcullen42@gmail.com> Thu, 25 July 2024 07:38 UTC

Return-Path: <mrcullen42@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77F86C1840F7 for <radext@ietfa.amsl.com>; Thu, 25 Jul 2024 00:38:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.963
X-Spam-Level:
X-Spam-Status: No, score=-5.963 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o2oQYZzH1oXo for <radext@ietfa.amsl.com>; Thu, 25 Jul 2024 00:38:00 -0700 (PDT)
Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60ABEC180B7C for <radext@ietf.org>; Thu, 25 Jul 2024 00:38:00 -0700 (PDT)
Received: by mail-io1-xd2d.google.com with SMTP id ca18e2360f4ac-81f85130660so2508539f.1 for <radext@ietf.org>; Thu, 25 Jul 2024 00:38:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721893079; x=1722497879; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=ul7SrPAQJgPsF655+uNvIFNv2qDGxIrEdtMHNWAOYAQ=; b=YfcibgMK3/jY6k8nnOMCE5SggTVeON0P1LnQKsC4lHY2EaZUZH4SUh7Ce34+NO1ri0 KLR8tjWT77W2q1e9+mZxFN12m4e2ZD5A1kq+rsYPdfTLyXekdr+arVVsfxanhaXfUeU6 xdJnXlPMEg0J02wZTO4X7m8kj55EFdPk6M1ejMszGKzy9wFT9070tCITTqMmxb3AE8LB QEO1IuhhpjyYNFNCw4puyHO8uVeJrJHMK/BcIF1Hl4uhrqQb7E7sZJy7bfuEBVumE2+4 WALKyNCA+c45A/48MzB12KiVtO5WXsfx23eBlrue+cqioyep62l9ECQjDB/1roy1R1fV v7eg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721893079; x=1722497879; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ul7SrPAQJgPsF655+uNvIFNv2qDGxIrEdtMHNWAOYAQ=; b=mRgYv4E8Mj1RNrUheN38ZjfSLmM+2Sy4A3Akapj5mXh/i+cKkIdR6v7mTPC/Tn4NDg UxthtNmoT1jsd1CuL8ass98lddRDOXVs5++LjKNzKz+gJ0aOIFFYsJgFkOCyLV7aRxbN szZ1XKfXXk14Q1EHi3nTiBfzj/VbcX0QfWzTCPixcqQkCJFhXsvzz4X8eTsBUCt2VlLo YdImeEpcFliZXD+BK40QeXB5v3P6pIj3dV/GGWFJ49/vu97sWPsURG/FFwPHSF1PaFaB DJzBIzgBNbe27wvrCHemdn9FQjN9xT5wkjidJZw+YUaDh2t/OwutkvLnuoVBG8rpUG7E YtgA==
X-Gm-Message-State: AOJu0YzR1POU2zecDLzowaA+mw4VvpcvFNYhidEDWbvqxhevvfh/3CyF F0E/ASkS8R2fTZIkwAEeBtPO4El6dutWjqh1BuDTyodvGtaFMVl183IVRYZz
X-Google-Smtp-Source: AGHT+IHzY+MYcQiKqXQNOnQZIOH/gOMQMg034kJ8IDkNksGFDrZ1yitEhVLe3hvwv18jpo1bsBpinA==
X-Received: by 2002:a05:6e02:1d9d:b0:382:325c:f7bd with SMTP id e9e14a558f8ab-39a2196b9bemr21505975ab.10.1721893079119; Thu, 25 Jul 2024 00:37:59 -0700 (PDT)
Received: from smtpclient.apple ([172.58.139.160]) by smtp.gmail.com with ESMTPSA id e9e14a558f8ab-39a23106063sm3844375ab.77.2024.07.25.00.37.58 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 25 Jul 2024 00:37:58 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-7135372E-1EEE-41BD-81A6-042D01898FD3"
Content-Transfer-Encoding: 7bit
From: Margaret Cullen <mrcullen42@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Thu, 25 Jul 2024 00:37:44 -0700
Message-Id: <3C6A321F-F384-4BE0-B0D0-33521E6774B0@gmail.com>
References: <00d501dade44$afde8830$0f9b9890$@gmx.net>
In-Reply-To: <00d501dade44$afde8830$0f9b9890$@gmx.net>
To: Hannes.Tschofenig@gmx.net
X-Mailer: iPhone Mail (21F90)
Message-ID-Hash: HEB53RCRUU4UNAZKBAURNGRLA64HMX2O
X-Message-ID-Hash: HEB53RCRUU4UNAZKBAURNGRLA64HMX2O
X-MailFrom: mrcullen42@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: radext@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [radext] Re: Selfie Attack on TLS-PSK
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/tacZ7_8E743u-IvL7KWjUB7EzME>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>

Thanks, Hannes!  Is it your understanding that if we make the changes you suggested, that RADIUS systems that follow our advice would not be subject to the Selfie attack?

Margaret

On Jul 24, 2024, at 8:42 PM, Hannes.Tschofenig@gmx.net wrote:



Hi Margaret,

 

I pointed this out in my review here:

https://mailarchive.ietf.org/arch/msg/radext/Rnh9mBSC_n87-c6yUrCpakVu_B0/" rel="nofollow">https://mailarchive.ietf.org/arch/msg/radext/Rnh9mBSC_n87-c6yUrCpakVu_B0/

 

Ciao

Hannes

 

 

From: Margaret Cullen <mrcullen42@gmail.com>
Sent: Mittwoch, 24. Juli 2024 13:37
To: radext@ietf.org
Subject: [radext] Selfie Attack on TLS-PSK

 

On a separate but related note…. 

 

I came across this attack while reading about TLS mutual authentication:

 

<image001.png>

https://eprint.iacr.org/2019/347.pdf" rel="nofollow">347

https://eprint.iacr.org/2019/347.pdf" rel="nofollow">PDF Document · 1.2 MB

 

 

Is this something we should consider before we recommend the use of TLS-PSK with TLS 1.3? Or has this issues already been addressed?

 

Thanks,

Margaret