IETF Logo Mail Archive

[saag] NSA bug in Windows 10

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 15 January 2020 14:59 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C80C120077 for <saag@ietfa.amsl.com>; Wed, 15 Jan 2020 06:59:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iCcR2nhKDnk3 for <saag@ietfa.amsl.com>; Wed, 15 Jan 2020 06:59:28 -0800 (PST)
Received: from mail-oi1-f178.google.com (mail-oi1-f178.google.com [209.85.167.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF245120026 for <saag@ietf.org>; Wed, 15 Jan 2020 06:59:27 -0800 (PST)
Received: by mail-oi1-f178.google.com with SMTP id c16so15640147oic.3 for <saag@ietf.org>; Wed, 15 Jan 2020 06:59:27 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=NZgXTehp5P8mGYd5Clqcl9VCeWXqnkUch5IXaGZos+s=; b=reHgb+cPRBhs5+NAYsE/rWaLGrZKfc77oyEBMtKG+M6ByhhsY1EJFdC+qHOyOX1dcb wME3aa5UpfxdvCDGOB00EJ3eV3ufdjacXhQvQG/Pi4VdB7vrlXBnHLiyI9IfYc+2Vmtt w19JSaETlFhzqWXnkHgRv1I9Y/5UKXhWy7sQoHBdz2EzFiFETHjMC+3KuqCjRB/bDLrb I97s3uwcZHrdlgBFHM2tT1tO+9XbvEYBUphQFxeEflUZrdWWd5XPOOHigyUDI8VmSOK5 aTO+4gHJ1wrb0J8GlmSL1VgJUFnbaREgO6yY/JD5XWy2xuGaFT8xCKtVaCeeqSBUy00n ACOw==
X-Gm-Message-State: APjAAAW/+EN4paADvHz4r5wZL5QSXYQCEUAq4NqBj5AH7axN7GT9wJBM WWcJyTND7UQytrfSJxFogyhc1Ak4VpOZo1yLDE0UU2i1
X-Google-Smtp-Source: APXvYqwbixnF+YvTx1AKHuKVq9yTn/FPrICPZmKTw6/ibE0uegoRcfGj4WHeZGqgsjANV/5Id620Rwf96iEhEbyIQt0=
X-Received: by 2002:a54:4f04:: with SMTP id e4mr77369oiy.111.1579100366882; Wed, 15 Jan 2020 06:59:26 -0800 (PST)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 15 Jan 2020 09:59:15 -0500
Message-ID: <CAMm+LwjbST2imHARvngfpBsp1vvABukrC+qXmktgxvAWhDnSxA@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006ece5a059c2ef4f2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/wjWWa1z6C9wuQzUd2sH5-HT0dBI>
Subject: [saag] NSA bug in Windows 10
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2020 14:59:30 -0000

I have been reading the reports in the press.

>From what I gather, the attack allows an incompetent or malicious CA to
craft a malicious certificate. It may also be possible for a CSR to be
crafted that could result in a CA issuing a bad EE cert.

>From the limited information I can find, it would appear that we don't
actually have much of a problem as the whole WebPKI is predicated on the
idea that CAs are trusted and they have pretty much infinite ways to defect.

Has anyone checked the Certificate Transparency logs to see if any bogus
certs matching the NSA pattern are recorded? I would expect not as we
require specific NIST curves that have specific names.

v2.23.0 | Report a Bug | By Email