Re: [saag] NSA bug in Windows 10
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 15 January 2020 15:08 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D70E1200DB for <saag@ietfa.amsl.com>; Wed, 15 Jan 2020 07:08:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WGEK5Nzd3s2k for <saag@ietfa.amsl.com>; Wed, 15 Jan 2020 07:08:53 -0800 (PST)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 997DA1200DE for <saag@ietf.org>; Wed, 15 Jan 2020 07:08:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1579100927; x=1610636927; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=DZHTUCKzFFcRSeU1QJr7I9EgfH0gWqz3kT6R+2/Bx7k=; b=2T10F7AmAxaucT70TU4xRlm3CbX9Goo9+YqTqdiqxL3EHPLQ0ZTPqrUf 27+bsjo9AUYpjLKdOggrePFPDOLnRbsNPCxebnapBbzy8P5hUFYI+bWV0 amXVQAQ6eLYCet9WCHy210LAQTqq7S2L0eI8982N08vvVo5ZcHHTMdvXf 3YZy9dGwein+OiMr4mfcVsfLnSqrf9ZRFszEQqz3HTkm6WT2sGRj+UXxJ v69UXAOH5+k8U+ESAFuNzhCnBKOqlkSBfSv60d99zvAqpMLH+Vp2J1ud8 DGRcCWCCJZKxae+M0m0S48aCoOLqnspt991l5Q1sWBTDmsOM6Jqyhj5bv Q==;
X-IronPort-AV: E=Sophos;i="5.70,322,1574074800"; d="scan'208";a="109892851"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.2 - Outgoing - Outgoing
Received: from smtp.uoa.auckland.ac.nz (HELO uxcn13-tdc-a.UoA.auckland.ac.nz) ([10.6.3.2]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 16 Jan 2020 04:08:44 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-a.UoA.auckland.ac.nz (10.6.3.2) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 16 Jan 2020 04:08:37 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Thu, 16 Jan 2020 04:08:37 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Phillip Hallam-Baker <phill@hallambaker.com>, IETF SAAG <saag@ietf.org>
Thread-Topic: [saag] NSA bug in Windows 10
Thread-Index: AQHVy7SFV0v01oMYaUOc3bty1eNrZafr0x0x
Date: Wed, 15 Jan 2020 15:08:37 +0000
Message-ID: <1579100916686.94828@cs.auckland.ac.nz>
References: <CAMm+LwjbST2imHARvngfpBsp1vvABukrC+qXmktgxvAWhDnSxA@mail.gmail.com>
In-Reply-To: <CAMm+LwjbST2imHARvngfpBsp1vvABukrC+qXmktgxvAWhDnSxA@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/2h9LvyzZwkl9xJEoBm53qqMXzsw>
Subject: Re: [saag] NSA bug in Windows 10
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2020 15:08:59 -0000
Phillip Hallam-Baker <phill@hallambaker.com> writes: >Has anyone checked the Certificate Transparency logs to see if any bogus >certs matching the NSA pattern are recorded? I would expect not as we require >specific NIST curves that have specific names. Speculation: The universal standard for ECDSA is the NIST curves, with some minor subset using the Brainpool curves, but in any case named curves. However, the NSA being the NSA, I'll bet they use their own curves and not the NIST ones [0], which were created in secret by some dodgy US TLA and then fed to NIST. So the reason for the NSA choosing to disclose the vulnerability may be that it principally affects them and no-one else, which also means there's not much chance of anything appearing in the CT logs. Oh, and rumors that, since it's the NSA that's recommending the fix to a Microsoft product, they've told them to double the security of their ROT13 implementation by applying it twice, are entirely false. Peter. [0] Suite B, which did use NIST curves, seems to have fallen by the wayside.
- [saag] NSA bug in Windows 10 Phillip Hallam-Baker
- Re: [saag] NSA bug in Windows 10 Peter Gutmann
- Re: [saag] NSA bug in Windows 10 Dan Brown
- Re: [saag] NSA bug in Windows 10 Santosh Chokhani
- Re: [saag] NSA bug in Windows 10 Benjamin Kaduk
- Re: [saag] NSA bug in Windows 10 Peter Gutmann
- Re: [saag] NSA bug in Windows 10 Daniel Van Geest
- Re: [saag] NSA bug in Windows 10 Phillip Hallam-Baker
- Re: [saag] NSA bug in Windows 10 Viktor Dukhovni
- Re: [saag] NSA bug in Windows 10 Dan Brown
- Re: [saag] NSA bug in Windows 10 Peter Gutmann
- Re: [saag] NSA bug in Windows 10 Benjamin Kaduk
- Re: [saag] NSA bug in Windows 10 Michael Richardson