Re: [saag] SHA-1 to SHA-n transition
"Chandersekaran, Coimbatore S" <cchander@ida.org> Mon, 23 February 2009 17:11 UTC
Return-Path: <cchander@ida.org>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F0A763A698F for <saag@core3.amsl.com>; Mon, 23 Feb 2009 09:11:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, WHOIS_NETSOLPR=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yqnYcDZsp09d for <saag@core3.amsl.com>; Mon, 23 Feb 2009 09:11:02 -0800 (PST)
Received: from exim1-out.ida.org (exim1-out.ida.org [129.246.101.13]) by core3.amsl.com (Postfix) with ESMTP id B2FD13A6874 for <saag@ietf.org>; Mon, 23 Feb 2009 09:11:02 -0800 (PST)
Received: by exim1-out.ida.org with local-smtp for <saag@ietf.org>; Mon, 23 Feb 2009 12:11:15 -0500
Received: by exim1-out.ida.org with esmtp ; Mon, 23 Feb 2009 12:11:15 -0500
Received: from exch07-hc2.ida.org ([129.246.101.156]) by ex2kmail.ida.org with Microsoft SMTPSVC(6.0.3790.1830); Mon, 23 Feb 2009 12:10:13 -0500
Received: from EXCH07-4850.ida.org ([129.246.101.159]) by exch07-hc2.ida.org ([129.246.101.156]) with mapi; Mon, 23 Feb 2009 12:10:13 -0500
From: "Chandersekaran, Coimbatore S" <cchander@ida.org>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, 'Eric Rescorla' <ekr@networkresonance.com>, 'Stephen Kent' <kent@bbn.com>
Date: Mon, 23 Feb 2009 12:08:56 -0500
Thread-Topic: [saag] SHA-1 to SHA-n transition
Thread-Index: AcmUjxiOM7Mw1vSGSXqFLDSYdpoXOwAQrrEAAEHlhCQ=
Message-ID: <9F8E44BC27E22046B84EC1B9364C66A181CD725935@EXCH07-4850.ida.org>
References: <p06240802c5c5c22d92f0@[128.89.89.88]> <20090222020709.8621A50822@romeo.rtfm.com>, <026501c994d4$13691080$0201a8c0@nsnintra.net>
In-Reply-To: <026501c994d4$13691080$0201a8c0@nsnintra.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 23 Feb 2009 17:10:13.0349 (UTC) FILETIME=[972C8950:01C995D9]
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] SHA-1 to SHA-n transition
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Feb 2009 17:11:04 -0000
Cannot connect to the site. Get a 404 error. Can someone post this deck to SAAG? ________________________________________ From: saag-bounces@ietf.org [saag-bounces@ietf.org] On Behalf Of Hannes Tschofenig [Hannes.Tschofenig@gmx.net] Sent: Sunday, February 22, 2009 4:58 AM To: 'Eric Rescorla'; 'Stephen Kent' Cc: saag@ietf.org Subject: Re: [saag] SHA-1 to SHA-n transition Hi Ekr, Stephen is referring to the nice presenation at the Black Hat conference, see http://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Ma rlinspike-Defeating-SSL.pdf I don't think that there is anything new in there but the slide set provides a nice sate-of-the-art summary and points to the importance of properly designed user interfaces. On the latter issue I have also noticed that in the IETF we used to say that user-interface aspects are outside the scope of our work. This leads to totally ignoring the way how the user utilizes the protocols we develop (even though I understand that we don't want to standardize a particular interface itself). However, for the complete solution the user experience is something really important. My recent examples were user interface aspect matter are: authorization policies we use in the SIP environment, SIP Identity/SIP Security, early warning messages, all sorts of identity management solutions (although they are mostly developed outside the IETF). Ciao Hannes >-----Original Message----- >From: saag-bounces@ietf.org [mailto:saag-bounces@ietf.org] On >Behalf Of Eric Rescorla >Sent: 22 February, 2009 04:07 >To: Stephen Kent >Cc: saag@ietf.org >Subject: Re: [saag] SHA-1 to SHA-n transition > >At Sat, 21 Feb 2009 11:10:03 -0500, >Stephen Kent wrote: >> I agree wit Phil's suggestion that we begin work on this >topic sooner >> rather than later. Solutions probably will require coordination >> between folks in both PKIX and TLS, plus some browser >experts from the >> APP area. > >I should note that TLS 1.2 already has support for SHA-n, as >well as mechanisms for indicating that an implementation will >accept these certificates. Deployment of 1.2 has been minimal >so far, but I'm not aware of any new protocol design work that >needs to be done here. > >> Since we're talking about how well browsers implement PKI mechanisms >> in the context of SSL/TLS, it is worth noting a presentation at last >> week's Black Hat conference in D.C. The presentation >provided details >> on how several browsers remain vulnerable to attacks because they >> fails to check the Basic Constraints extension. This >oversight of one >> of those pristine principles of PKIX ( we can use the >acronym P3 going >> forward) and allows a web sites to act as a CA, based o the EE cert >> issued to it by any of the trust anchors embedded in the browser. > >I agree that this is a problem. > > >> Another vulnerability, and matching MITM attack, is enabled by the >> issuance of certs that contain wildcard DNS names. This is not, a >> violation of P3, because PKIX caved to pressure from the TLS WG, to >> accommodate web site operators who wanted to purchase one >cert from a >> TTP that could be used to verify the EE certs for multiple web sites. >> I argued against this, but lost. The phrase "I told you so" comes to >> mind :-). > >Can you briefly describe how this leads to MITM attacks? This >is something I haven't heard before. > >Best, >-Ekr >_______________________________________________ >saag mailing list >saag@ietf.org >https://www.ietf.org/mailman/listinfo/saag > _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- [saag] SHA-1 to SHA-n transition Stephen Kent
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Hannes Tschofenig
- Re: [saag] SHA-1 to SHA-n transition Stephen Kent
- Re: [saag] SHA-1 to SHA-n transition Chandersekaran, Coimbatore S
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Yoav Nir
- Re: [saag] SHA-1 to SHA-n transition Pasi.Eronen
- Re: [saag] SHA-1 to SHA-n transition David McGrew
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Santosh Chokhani
- Re: [saag] SHA-1 to SHA-n transition der Mouse
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Paul Hoffman
- Re: [saag] SHA-1 to SHA-n transition David Harrington
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Michael O'Neill
- Re: [saag] SHA-1 to SHA-n transition Theodore Tso
- [saag] Deployment Deadlock Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Bill Sommerfeld
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- [saag] Channel binding is great but not a silver … Sam Hartman
- Re: [saag] Channel binding is great but not a sil… Nicolas Williams
- Re: [saag] Channel binding is great but not a sil… Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] Channel binding is great but not a sil… Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] Channel binding is great but not a sil… Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] Channel binding is great but not a sil… Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] Channel binding is great but not a sil… Alan DeKok
- Re: [saag] Channel binding is great but not a sil… Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] Channel binding is great but not a sil… Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] Channel binding is great but not a sil… Alan DeKok
- [saag] Or grow a real PKI (Re: SHA-1 to SHA-n tra… Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Stephen Kent
- Re: [saag] Channel binding is great but not a sil… Stephen Kent
- Re: [saag] Channel binding is great but not a sil… Stephen Kent
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Stephen Kent
- Re: [saag] Channel binding is great but not a sil… Nicolas Williams
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Nicolas Williams
- Re: [saag] Deployment Deadlock Pasi.Eronen
- Re: [saag] Deployment Deadlock Hallam-Baker, Phillip
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Nicolas Williams
- Re: [saag] SHA-1 to SHA-n transition Nicolas Williams
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Hallam-Baker, Phillip
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Stephen Kent
- Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n… Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Eric Rescorla
- Re: [saag] SHA-1 to SHA-n transition Peter Gutmann
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition Theodore Tso
- Re: [saag] SHA-1 to SHA-n transition Hallam-Baker, Phillip
- Re: [saag] SHA-1 to SHA-n transition Bill Sommerfeld
- [saag] Credential portability RE: SHA-1 to SHA-n … Hallam-Baker, Phillip