Re: [saag] Possible backdoor in RFC 5114
Antonio Sanso <asanso@adobe.com> Wed, 12 October 2016 07:17 UTC
Return-Path: <asanso@adobe.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 947A41296DF for <saag@ietfa.amsl.com>; Wed, 12 Oct 2016 00:17:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adobe.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8I1xDD2RFz_p for <saag@ietfa.amsl.com>; Wed, 12 Oct 2016 00:17:19 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0055.outbound.protection.outlook.com [104.47.37.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 918201296DD for <saag@ietf.org>; Wed, 12 Oct 2016 00:17:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adobe.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9c0Zx2C7d+iZUX7EeDx8HI8oxZrSMH834vARWINuGAU=; b=LMrHSGPOmogvnwXj2dMEfCivmqVx3Y1K23l+DfM++lcZJzt+WN/ZH1W3qg9uePZ6OVKJGz6GFnwIxwioBSAMhl/6LkIOKrLRQTDF84KFLu+lp+/CM/ll43B/D2ubTOd0yXzk/TNn0PvB56D4eP/RphcWTKQGR6Hh0MGFkRL5Ess=
Received: from BY1PR0201MB1030.namprd02.prod.outlook.com (10.161.203.148) by BY1PR0201MB1031.namprd02.prod.outlook.com (10.161.203.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.659.11; Wed, 12 Oct 2016 07:17:18 +0000
Received: from BY1PR0201MB1030.namprd02.prod.outlook.com ([10.161.203.148]) by BY1PR0201MB1030.namprd02.prod.outlook.com ([10.161.203.148]) with mapi id 15.01.0659.020; Wed, 12 Oct 2016 07:17:18 +0000
From: Antonio Sanso <asanso@adobe.com>
To: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] Possible backdoor in RFC 5114
Thread-Index: AQHSJFiqSvl175lGTEyC9BTnWXL4Ig==
Date: Wed, 12 Oct 2016 07:17:18 +0000
Message-ID: <B65455AD-F73C-40ED-B704-201B17CE1D4B@adobe.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=asanso@adobe.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [192.147.117.11]
x-ms-office365-filtering-correlation-id: 4cf9064d-5049-4362-8305-08d3f26fccef
x-microsoft-exchange-diagnostics: 1; BY1PR0201MB1031; 7:Z4rPxCPz24hlF39I6U5EFPXDMb2iHj0WJptgWDXK1eVUfA5iHlOVp0HX5PysaOsJquDIg4IUM4XPbseunr+rpEQw3fECKTZjg9CxSKMXMPkAWA1NN9+3k6ZDME8Ib7R8RxRZ6M3eyqg4Uo8oyywFhBMsfnobYTA4CEux0/sMw/Q78K8sCIlWts6TOHOByQIZs9P5HPA43VAWSQUNWgS1e2Ic32i0f29RNZ2TuMjT9yOagLywPQOo7VIXWUWqsNn+28Oyq2JSxfrZc3HoKsnAd5jGRTpZz1LQmhpvKwh9/z1STYgom52ksCFHsdrVbQA2MwES0n9Mo2g2+q8uf4jBlD0FwWLe9OXRl+J0EWfNie8=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0201MB1031;
x-microsoft-antispam-prvs: <BY1PR0201MB10311BAD0323295990C7F887D9DD0@BY1PR0201MB1031.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(61426038)(61427038); SRVR:BY1PR0201MB1031; BCL:0; PCL:0; RULEID:; SRVR:BY1PR0201MB1031;
x-forefront-prvs: 0093C80C01
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(189002)(199003)(2906002)(189998001)(5640700001)(86362001)(5660300001)(110136003)(33656002)(101416001)(122556002)(97736004)(1730700003)(8676002)(54356999)(66066001)(6916009)(81166006)(4326007)(81156014)(2501003)(50986999)(3846002)(6116002)(83716003)(10090500001)(5002640100001)(93376004)(586003)(102836003)(68736007)(305945005)(36756003)(8936002)(2900100001)(15975445007)(7846002)(7736002)(106356001)(87936001)(105586002)(3660700001)(19580395003)(82746002)(99286002)(77096005)(3280700002)(2351001)(10400500002)(11100500001)(92566002)(106116001)(104396002)(15302535012); DIR:OUT; SFP:1101; SCL:1; SRVR:BY1PR0201MB1031; H:BY1PR0201MB1030.namprd02.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: adobe.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <CF4F94187B8E454F845233F2C010C8E8@namprd02.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2016 07:17:18.1791 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fa7b1b5a-7b34-4387-94ae-d2c178decee1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0201MB1031
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/Fvwk0qgrUjqF8cjAW77DonuXk5g>
Subject: Re: [saag] Possible backdoor in RFC 5114
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2016 07:17:21 -0000
hi Yoav >IANA numbers have been assigned to them for IKE, but they have not seen widespread use I would not be too sure about this. For example see [0]. On top Exim and BouncyCastle have RFC 5114 as default for DH. And more to comeā¦ regards antonio [0] http://blog.intothesymmetry.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
- [saag] Possible backdoor in RFC 5114 Watson Ladd
- Re: [saag] Possible backdoor in RFC 5114 Jeffrey Walton
- Re: [saag] Possible backdoor in RFC 5114 Yoav Nir
- Re: [saag] Possible backdoor in RFC 5114 Jeffrey Walton
- Re: [saag] Possible backdoor in RFC 5114 Watson Ladd
- Re: [saag] Possible backdoor in RFC 5114 Viktor Dukhovni
- Re: [saag] Possible backdoor in RFC 5114 Peter Gutmann
- Re: [saag] Possible backdoor in RFC 5114 Jeremy Harris
- Re: [saag] Possible backdoor in RFC 5114 Stephen Farrell
- Re: [saag] Possible backdoor in RFC 5114 Tero Kivinen
- Re: [saag] Possible backdoor in RFC 5114 Yoav Nir
- Re: [saag] Possible backdoor in RFC 5114 Panos Kampanakis (pkampana)
- Re: [saag] Possible backdoor in RFC 5114 Watson Ladd
- Re: [saag] Possible backdoor in RFC 5114 Dang, Quynh (Fed)
- Re: [saag] Possible backdoor in RFC 5114 Watson Ladd
- Re: [saag] Possible backdoor in RFC 5114 Dang, Quynh (Fed)
- Re: [saag] Possible backdoor in RFC 5114 Watson Ladd
- Re: [saag] Possible backdoor in RFC 5114 Tero Kivinen
- Re: [saag] Possible backdoor in RFC 5114 Tero Kivinen
- Re: [saag] Possible backdoor in RFC 5114 Mark D. Baushke
- Re: [saag] Possible backdoor in RFC 5114 Peter Gutmann
- Re: [saag] Possible backdoor in RFC 5114 Antonio Sanso
- Re: [saag] Possible backdoor in RFC 5114 Tony Finch
- Re: [saag] Possible backdoor in RFC 5114 Yoav Nir
- Re: [saag] Possible backdoor in RFC 5114 Antonio Sanso
- Re: [saag] Possible backdoor in RFC 5114 Ben Laurie
- Re: [saag] Possible backdoor in RFC 5114 Watson Ladd
- Re: [saag] Possible backdoor in RFC 5114 Ben Laurie
- Re: [saag] Possible backdoor in RFC 5114 Yoav Nir
- Re: [saag] Possible backdoor in RFC 5114 Ben Laurie
- Re: [saag] Possible backdoor in RFC 5114 Watson Ladd
- Re: [saag] Possible backdoor in RFC 5114 Ben Laurie