IETF Logo Mail Archive

Re: [saag] [IPsec] trapdoor'ed DH (and RFC-5114 again)

Yoav Nir <ynir.ietf@gmail.com> Tue, 18 October 2016 12:51 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 064281295CE; Tue, 18 Oct 2016 05:51:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jul0Ar7mhDYy; Tue, 18 Oct 2016 05:51:48 -0700 (PDT)
Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FF43129A3C; Tue, 18 Oct 2016 05:51:48 -0700 (PDT)
Received: by mail-yw0-x231.google.com with SMTP id t193so136651087ywc.2; Tue, 18 Oct 2016 05:51:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=KGETESt+xk5jcXV/fNQJ+b/toJkcA1oGvPawuV3zgLA=; b=MHb7z4s5D5viuGD0tyMTPcRRjXNL6/RfzUcSxxEG3ivrbgdYj9+Qy/kubqfZrXvfcO +hi0/RPQutMU0zCIbXYvuqkqvPEveTl8I8MGHjWChYqCs4yg5LYHNcHMQt2P1qqMtBvq 7TrMZnXynlhZajGvHv18fgQn82KEq/SfGUfmeCq3CcLh7zMY4LnHGxM/UV3AHpzelkZZ CJhnz1Wiko2LFMUxk3P3z1HYbCI0lzYJIL4DnOmydhFigdi5pqW4XffWsHxIppZ1tuL4 jePEzKdYxGEFOr1RGwBUqzS2yO5a2sorF0YH5TsnuAJYtql3tUimzI3fGdjKwXe12MGV C2Nw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=KGETESt+xk5jcXV/fNQJ+b/toJkcA1oGvPawuV3zgLA=; b=m4IDMA/hzlJVkv38DemJJ3nGqYAwx2Qv/S2RjFor3TTjBSgn0uRMAgxrhmA5f8wG4r HHgfSzfs8dywqtDWrQTO6zKzlRmDIsrtrxtVxMPtte3I1LJKX5KjHfrF5H9n3cKo1UA1 IAQuR+k4b7iHJ7DMTdFp4c7/WDWe6t67d9457Oc8m9N1mc2fliZ9MPQZsskwtc6gCTbX YJF27LDKF64Na5o3PYKHUiQ9EnAmD1N7l+wfUbj35mjZXZfc7DegB3SNp6M71qWJBwFk Adar25EWqk+VC0jjwUt4CCmRwor+xcwHKGFgzeF1KwGjA4Bk+EaLKFci0qIBBj8W91mo Aq9w==
X-Gm-Message-State: AA6/9RnWyiCR8nXdMymZ2yVA9MvDboZ3oR9NBJQ2kK0rA80JNZbDo1U9xo4dNkHsoV04Lg==
X-Received: by 10.28.25.68 with SMTP id 65mr581529wmz.93.1476795107817; Tue, 18 Oct 2016 05:51:47 -0700 (PDT)
Received: from [172.24.250.180] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id o1sm62694963wjh.9.2016.10.18.05.51.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Oct 2016 05:51:47 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <22533.64120.595277.953942@fireball.acr.fi>
Date: Tue, 18 Oct 2016 15:51:45 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <913F2EDE-2945-4036-A555-51611F8CF5AC@gmail.com>
References: <alpine.LRH.2.20.1610091711050.8864@bofh.nohats.ca> <D42AB86C.538C3%john.mattsson@ericsson.com> <CADZyTknqvF=zxW2thuN7mf_St2UmnWZzd8dVb5dWzDJ5=8tz5w@mail.gmail.com> <8C717FB2-DDC2-452E-AEC3-115B1E1397CF@gmail.com> <22533.64120.595277.953942@fireball.acr.fi>
To: Tero Kivinen <kivinen@iki.fi>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/qqoLkOh3dCeCTbytTlUe66rcRJI>
Cc: "ipsec@ietf.org WG" <ipsec@ietf.org>, Paul Wouters <paul@nohats.ca>, Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] [IPsec] trapdoor'ed DH (and RFC-5114 again)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 12:51:50 -0000

> On 18 Oct 2016, at 13:33, Tero Kivinen <kivinen@iki.fi> wrote:
> 
> Yoav Nir writes:
>> I’m not entirely comfortable with calling something a MUST NOT when all we
>> have is conjecture, but I have no love and no need of those DH groups.
> 
> Same here, and it also makes it so that we cannot say our
> implementation is conforming rfc4307bis, even when we do already have
> support for AES, SHA2, 2048-bit DH, i.e. all the mandatory to
> implement algorithms in the new document, but we do also have code to
> propose the RFC5114 MODP groups, if user configures them to be used.

I don’t think that’s the right way to interpret compliance with RFC4307bis. If you can configure your implementation to support only algorithms that are MUST, SHOULD, or MAY in the document, then you can configure your implementation to comply with 4307bis. I don’t think implementation compliance requires pulling out code.

Our implementation allows the user to key in long hex strings to construct MODP groups that are not available out of the box. With your interpretation we can never be compliant because they can always make up their own 512-bit group and add that to the available groups.

Yoav

v2.23.0 | Report a Bug | By Email