IETF Logo Mail Archive

Re: [saag] Possible backdoor in RFC 5114

Yoav Nir <ynir.ietf@gmail.com> Fri, 07 October 2016 15:56 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FC8D129529 for <saag@ietfa.amsl.com>; Fri, 7 Oct 2016 08:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VEr3Co1dD7bo for <saag@ietfa.amsl.com>; Fri, 7 Oct 2016 08:56:17 -0700 (PDT)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D85212966F for <saag@ietf.org>; Fri, 7 Oct 2016 08:56:17 -0700 (PDT)
Received: by mail-wm0-x233.google.com with SMTP id b201so48127492wmb.0 for <saag@ietf.org>; Fri, 07 Oct 2016 08:56:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rm8Kjy/AqZ9rJ76DtFL1+vxP/N1XDey1p+GCAQkF72Q=; b=n7n+KZ2k5dnGhpZg6b83lf2XgxsBO3EnbqawG4zWripODUGRN87/fFXdnlgdW08eXg 1iXJXIRKT+RZ0Nf5eClf2IGZh/ZMlUA9MEhMOEByCVbciWJ+xqKCvo+9AS1soi9zm0oM e2VEfrETPZXeYCh1YOj5vtL2+e/6x2rW2/EU7lPvMXoUdwwy31o5ixtZnjLO+AmDU/U9 OY8Kt/wBJ02Ca+SCeJX4bjkNgcMUE7r59NDjtVNxGP1FtvCjmpAYoi8NQxd7fz1OvQU0 CrsvBuHfvMoqC9+RKtf/2CP/Az9vCeYEopgZcVqKqRQLXMgQqS1G3a7WoG9owa5DIzq4 sNvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rm8Kjy/AqZ9rJ76DtFL1+vxP/N1XDey1p+GCAQkF72Q=; b=DJzkSqrxCreWn0+iFDFI5tSttOOr/1YNxe/vnyx4Q5SiLFF0TwLVL8+ejxTRZ66UTi 6Rky0BNGqYvi6BKULfr5amVV0M5d3qSH1eASaM8bclpouE10djx6UXMFxArYWUff9vKl Dn/3M0WAHWBXN0DCvrhfy2Stn3/ryYu25vfyoTO7Pmrh0FCZ07JN+2kzonL1wY8OUOh4 g0Ws9OJYqpcNzOpgRoonHWi9vOFIF0T49uQw562TNGAFjll4ILYatYse0RzWXBUJLF97 vUzUpl9W9japlraD6YGp9ekV5PDZPexdjuuwqgFUAuc4dX8LP1kR3g8nUSbUy0II4MD8 qTKQ==
X-Gm-Message-State: AA6/9RlBxrbDb5uGXJYwtmIkukPA4GxovWmqoWmVa9dMcOsHZ/A4xaVl9uMaMJKjEUxhVA==
X-Received: by 10.194.24.199 with SMTP id w7mr17681503wjf.197.1475855775969; Fri, 07 Oct 2016 08:56:15 -0700 (PDT)
Received: from [192.168.1.13] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id b8sm20338226wjq.40.2016.10.07.08.56.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Oct 2016 08:56:14 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <22519.43588.421250.807948@fireball.acr.fi>
Date: Fri, 07 Oct 2016 18:56:12 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <CADF337F-88BC-4B9E-B05F-94F146CB068B@gmail.com>
References: <CACsn0ck9u3ct3wD7xWXtDZ89Q1R6OKTQFMYuZ56_vY2ys+1=YQ@mail.gmail.com> <bfa71c30-3ccc-1538-c682-33e14c910e21@cs.tcd.ie> <22519.43588.421250.807948@fireball.acr.fi>
To: Tero Kivinen <kivinen@iki.fi>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/1Lix9teLE4NHfhgTwJAOKTjIJw4>
Cc: Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Possible backdoor in RFC 5114
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 15:56:19 -0000

> On 7 Oct 2016, at 16:59, Tero Kivinen <kivinen@iki.fi> wrote:
> 
> Stephen Farrell writes:
>> 
>> So I'm not seeing anyone so far argue to not
>> deprecate these somehow.
>> 
>> We could just make 5114 historic as Yoav suggests,
>> or, if someone writes an I-D to explain why, we
>> could obsolete 5114. (Such an I-D would presumably
>> also say something about codepoints that point at
>> 5114 from other registries.)
>> 
>> Assuming nobody shows up saying these are in
>> fact in widespread use I'd be supportive of us
>> getting rid of cruft.
> 
> I think the NIST ECP groups are quite widely supportd, and used.
> RFC5114 includes both Nist ECP Groups (192, 224, 256, 384 and 521) and
> 3 MODP groups.
> 
> In IPsec, ECP groups are widely used, those MODP groups with subgroup
> are not. On the other hand I think only those 192, 256 and 521 bit
> groups are really used, and those are defined also in RFC5903 (which
> obsoleted original 4753 which had serious bug in it).


First, I think you meant 256, 384 and 521 bit, not the 192.

Second, 5114 did not fix the bug in 4753. It just referenced 4753 for formatting. You know this better than I do, but I don’t think the IANA registry ever referenced 5114 for these ECP groups.

So for the three useful groups in 5114 you didn’t need it (as 4753) already existed, and you don’t need it now, as 5903 exists. I don’t see anything standing in the way of moving to historic or obsoleting it.

Yoav

v2.23.0 | Report a Bug | By Email