IETF Logo Mail Archive

Re: [saag] Possible backdoor in RFC 5114

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Sat, 08 October 2016 12:30 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4589712948D for <saag@ietfa.amsl.com>; Sat, 8 Oct 2016 05:30:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aXL0uUccdYmY for <saag@ietfa.amsl.com>; Sat, 8 Oct 2016 05:30:30 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0101.outbound.protection.outlook.com [23.103.200.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 180DE1293EE for <saag@ietf.org>; Sat, 8 Oct 2016 05:30:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=d4AV4hT8v5l+kTCCt+L9yTXpMY9RczZF9HiVUBwM/qs=; b=GwZocaW2D+WiecL6Nq3GyTmrecsD7nQhYdxRzljhmxB04OMYavAyKlowc1oukAT82m/jaX+l+D9iRjiJiukLWUvdE1tpOXRnODO/rto5y+4E7tp/eyoT1yJiJknBDee/me7PcNGnKowA8CP3X2ODZnd5nOlg6j6gh4ZYpUYVbNQ=
Received: from CY4PR09MB1464.namprd09.prod.outlook.com (10.173.191.22) by CY4PR09MB1462.namprd09.prod.outlook.com (10.173.191.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.649.16; Sat, 8 Oct 2016 12:30:27 +0000
Received: from CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) by CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) with mapi id 15.01.0649.027; Sat, 8 Oct 2016 12:30:27 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: Watson Ladd <watsonbladd@gmail.com>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] Possible backdoor in RFC 5114
Thread-Index: AQHSH+pIM2MogzBmCUCWoaV9y3sEjKCeftTt
Date: Sat, 08 Oct 2016 12:30:27 +0000
Message-ID: <CY4PR09MB14647B46781F1AB1E6B00043F3D90@CY4PR09MB1464.namprd09.prod.outlook.com>
References: <CACsn0ck9u3ct3wD7xWXtDZ89Q1R6OKTQFMYuZ56_vY2ys+1=YQ@mail.gmail.com>
In-Reply-To: <CACsn0ck9u3ct3wD7xWXtDZ89Q1R6OKTQFMYuZ56_vY2ys+1=YQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [129.6.222.136]
x-ms-office365-filtering-correlation-id: 1aa92693-ed35-4e26-8566-08d3ef76e2c2
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1462; 7:9+Ka5P7MX9wV/4ayS9Bljr4qi5GA6Svx/JdSrCOeC/ougWFI9hxweJCc3Q+5AKJ1kMC2o+/n9h9XQljaBUpy8jt9LTlscmGVW+dSL2ltsgG+YAdgPaKZvuR/JnkP++0aNpiIUHUfJxzbiZOVKxK1ASilnI/sz5nPP4HgiDwXHjgU8y5sZA33M3SWp5Eaj7y0xyWZ7MSIawXjufQNcF57FgTkWlNHf71E+7D8ZDO7b2roFBXdjoMf+eL6vO+JNVFMtQRQm9QphN1iipjtfy+XMGvpkcxrVRsvPmTWdgDxLVlcC86kCX7kMnMv5g40RpvJ8GbeS9iqnYQO6keCAboV2g==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY4PR09MB1462;
x-microsoft-antispam-prvs: <CY4PR09MB14628920B8FBFBD179B132BFF3D90@CY4PR09MB1462.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(157189615257929)(266576461109395);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415321)(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:CY4PR09MB1462; BCL:0; PCL:0; RULEID:; SRVR:CY4PR09MB1462;
x-forefront-prvs: 008960E8EC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(189002)(199003)(377454003)(97736004)(2950100002)(5001770100001)(107886002)(189998001)(101416001)(8676002)(81156014)(66066001)(81166006)(122556002)(50986999)(76176999)(54356999)(6116002)(3846002)(102836003)(99936001)(2906002)(106116001)(105586002)(99286002)(68736007)(9686002)(106356001)(19580405001)(19580395003)(586003)(8936002)(86362001)(7696004)(5002640100001)(76576001)(5660300001)(77096005)(2501003)(3900700001)(3660700001)(7736002)(7846002)(3280700002)(33656002)(15975445007)(74316002)(305945005)(10400500002)(87936001)(92566002)(2900100001)(11100500001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1462; H:CY4PR09MB1464.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed; boundary="_002_CY4PR09MB14647B46781F1AB1E6B00043F3D90CY4PR09MB1464namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2016 12:30:27.8569 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1462
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/QrTirxfkY2DaQ8KNYkiVAfOpdR8>
Subject: Re: [saag] Possible backdoor in RFC 5114
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Oct 2016 12:30:33 -0000

Watson and all,

This paper would be a good (re)read: http://www.math.uwaterloo.ca/~ajmeneze/publications/pqc.pdf.

Quynh. 

________________________________________
From: saag <saag-bounces@ietf.org> on behalf of Watson Ladd <watsonbladd@gmail.com>
Sent: Thursday, October 6, 2016 11:56 AM
To: saag@ietf.org
Subject: [saag] Possible backdoor in RFC 5114

https://tools.ietf.org/html/rfc5114

Let's review some publicly known facts:

1) BBN is a defense contractor

2) The NSA subverts crypto standards

3) It is possible to design primes so the discrete log problem is easy

4) The primes in RFC 5114 are not generated in verifiable manner: it
is possible they
are hidden SNFS primes.

At minimum we should obsolete RFC 5114 in favor of primes generated in
a verifiable manner. The fact that there already were primes for IKE
use makes me wonder why this was even needed in the first place.

Sincerely,
Watson

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email