Re: [saag] SHA-1 to SHA-n transition
"Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> Sun, 22 February 2009 09:57 UTC
Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F0A353A697E for <saag@core3.amsl.com>; Sun, 22 Feb 2009 01:57:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.291
X-Spam-Level:
X-Spam-Status: No, score=-2.291 tagged_above=-999 required=5 tests=[AWL=0.307, BAYES_00=-2.599, WHOIS_NETSOLPR=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c7dw851QTbPt for <saag@core3.amsl.com>; Sun, 22 Feb 2009 01:57:01 -0800 (PST)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 6DCD23A682D for <saag@ietf.org>; Sun, 22 Feb 2009 01:57:00 -0800 (PST)
Received: (qmail invoked by alias); 22 Feb 2009 09:57:15 -0000
Received: from a91-154-108-144.elisa-laajakaista.fi (EHLO 4FIL42860) [91.154.108.144] by mail.gmx.net (mp070) with SMTP; 22 Feb 2009 10:57:15 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+Wswsf1ieW47sdDcZXX9rr25g11pYq7Or8JwW04P JmqiDayZQ9EvtF
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
To: 'Eric Rescorla' <ekr@networkresonance.com>, 'Stephen Kent' <kent@bbn.com>
References: <p06240802c5c5c22d92f0@[128.89.89.88]> <20090222020709.8621A50822@romeo.rtfm.com>
Date: Sun, 22 Feb 2009 11:58:11 +0200
Message-ID: <026501c994d4$13691080$0201a8c0@nsnintra.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
In-Reply-To: <20090222020709.8621A50822@romeo.rtfm.com>
Thread-Index: AcmUjxiOM7Mw1vSGSXqFLDSYdpoXOwAQrrEA
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.53
Cc: saag@ietf.org
Subject: Re: [saag] SHA-1 to SHA-n transition
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Feb 2009 09:57:03 -0000
Hi Ekr, Stephen is referring to the nice presenation at the Black Hat conference, see http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Ma rlinspike-Defeating-SSL.pdf I don't think that there is anything new in there but the slide set provides a nice sate-of-the-art summary and points to the importance of properly designed user interfaces. On the latter issue I have also noticed that in the IETF we used to say that user-interface aspects are outside the scope of our work. This leads to totally ignoring the way how the user utilizes the protocols we develop (even though I understand that we don't want to standardize a particular interface itself). However, for the complete solution the user experience is something really important. My recent examples were user interface aspect matter are: authorization policies we use in the SIP environment, SIP Identity/SIP Security, early warning messages, all sorts of identity management solutions (although they are mostly developed outside the IETF). Ciao Hannes >-----Original Message----- >From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On >Behalf Of Eric Rescorla >Sent: 22 February, 2009 04:07 >To: Stephen Kent >Cc: saag@ietf.org >Subject: Re: [saag] SHA-1 to SHA-n transition > >At Sat, 21 Feb 2009 11:10:03 -0500, >Stephen Kent wrote: >> I agree wit Phil's suggestion that we begin work on this >topic sooner >> rather than later. Solutions probably will require coordination >> between folks in both PKIX and TLS, plus some browser >experts from the >> APP area. > >I should note that TLS 1.2 already has support for SHA-n, as >well as mechanisms for indicating that an implementation will >accept these certificates. Deployment of 1.2 has been minimal >so far, but I'm not aware of any new protocol design work that >needs to be done here. > >> Since we're talking about how well browsers implement PKI mechanisms >> in the context of SSL/TLS, it is worth noting a presentation at last >> week's Black Hat conference in D.C. The presentation >provided details >> on how several browsers remain vulnerable to attacks because they >> fails to check the Basic Constraints extension. This >oversight of one >> of those pristine principles of PKIX ( we can use the >acronym P3 going >> forward) and allows a web sites to act as a CA, based o the EE cert >> issued to it by any of the trust anchors embedded in the browser. > >I agree that this is a problem. > > >> Another vulnerability, and matching MITM attack, is enabled by the >> issuance of certs that contain wildcard DNS names. This is not, a >> violation of P3, because PKIX caved to pressure from the TLS WG, to >> accommodate web site operators who wanted to purchase one >cert from a >> TTP that could be used to verify the EE certs for multiple web sites. >> I argued against this, but lost. The phrase "I told you so" comes to >> mind :-). > >Can you briefly describe how this leads to MITM attacks? This >is something I haven't heard before. > >Best, >-Ekr >_______________________________________________ >saag mailing list >saag@ietf.org >https://www.ietf.org/mailman/listinfo/saag >
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- [saag] SHA-1 to SHA-n transition Stephen Kent
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Hannes Tschofenig
- Re: [saag] SHA-1 to SHA-n transition Stephen Kent
- Re: [saag] SHA-1 to SHA-n transition Chandersekaran, Coimbatore S
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Yoav Nir
- Re: [saag] SHA-1 to SHA-n transition Pasi.Eronen
- Re: [saag] SHA-1 to SHA-n transition David McGrew
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Santosh Chokhani
- Re: [saag] SHA-1 to SHA-n transition der Mouse
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Paul Hoffman
- Re: [saag] SHA-1 to SHA-n transition David Harrington
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Michael O'Neill
- Re: [saag] SHA-1 to SHA-n transition Theodore Tso
- [saag] Deployment Deadlock Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Bill Sommerfeld
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- [saag] Channel binding is great but not a silver … Sam Hartman
- Re: [saag] Channel binding is great but not a sil… Nicolas Williams
- Re: [saag] Channel binding is great but not a sil… Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] Channel binding is great but not a sil… Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] Channel binding is great but not a sil… Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] Channel binding is great but not a sil… Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] Channel binding is great but not a sil… Alan DeKok
- Re: [saag] Channel binding is great but not a sil… Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] Channel binding is great but not a sil… Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] Channel binding is great but not a sil… Alan DeKok
- [saag] Or grow a real PKI (Re: SHA-1 to SHA-n tra… Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Stephen Kent
- Re: [saag] Channel binding is great but not a sil… Stephen Kent
- Re: [saag] Channel binding is great but not a sil… Stephen Kent
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Stephen Kent
- Re: [saag] Channel binding is great but not a sil… Nicolas Williams
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Nicolas Williams
- Re: [saag] Deployment Deadlock Pasi.Eronen
- Re: [saag] Deployment Deadlock Hallam-Baker, Phillip
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Hallam-Baker, Phillip
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Stephen Kent
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Theodore Tso
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Bill Sommerfeld
- [saag] Credential portability RE: SHA-1 to SHA-n … Hallam-Baker, Phillip