Re: [secdir] secdir review of draft-ietf-curdle-gss-keyex-sha2-07

Simo Sorce <simo@redhat.com> Wed, 02 January 2019 16:02 UTC

Return-Path: <simo@redhat.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24B0F130E34; Wed, 2 Jan 2019 08:02:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CddPk8fQAiyD; Wed, 2 Jan 2019 08:02:19 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C7AD12950A; Wed, 2 Jan 2019 08:02:19 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id ADB7A8764B; Wed, 2 Jan 2019 16:02:18 +0000 (UTC)
Received: from ovpn-116-112.phx2.redhat.com (ovpn-116-112.phx2.redhat.com [10.3.116.112]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0073A19C65; Wed, 2 Jan 2019 16:02:17 +0000 (UTC)
Message-ID: <e6c85c830cde504773d106449c773d3bcaedb00a.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Jeffrey Hutzelman <jhutz@cmu.edu>, David Mandelberg <david=40mandelberg.org@dmarc.ietf.org>, "draft-ietf-curdle-gss-keyex-sha2.all@ietf.org" <draft-ietf-curdle-gss-keyex-sha2.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Date: Wed, 02 Jan 2019 11:02:16 -0500
In-Reply-To: <7167ade4a5f34131b0febdbf838ed1fe@cmu.edu>
References: <d27185fb-17ea-f84b-4c33-ea2ba2f50637@mandelberg.org> <c2b59fec7c229f5ee1dc5297b1b4a92a5f0d7c17.camel@redhat.com> , <116626_1546374823_x01KXf1b120191_e99a19cd-6e21-f859-db68-23cdd20c1e25@mandelberg.org> <7167ade4a5f34131b0febdbf838ed1fe@cmu.edu>
Organization: Red Hat, Inc.
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 02 Jan 2019 16:02:18 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/jeQ-utwBwZqhbYh111pGC9NGnzw>
Subject: Re: [secdir] secdir review of draft-ietf-curdle-gss-keyex-sha2-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jan 2019 16:02:21 -0000

Thank you Jeffrey,
I forgot it was a counted string!

Simo.

On Tue, 2019-01-01 at 22:13 +0000, Jeffrey Hutzelman wrote:
> Actually, this is not an issue. The value H is the SSH exchange hash,
> which is a common element across all key exchange methods. It is
> discussed in detail on the following page, which I think makes it
> clear that the hash is over a concatenation of a number of items of
> type 'string', except for K, which is an mpint. These types and their
> representations are described in RFC4251 section 5. In particular,
> 'string' is a counted string, so no, the cases you describe do not
> result in the same value for H.
> 
> 
> -- Jeff
> 
> 
> ________________________________
> From: secdir <secdir-bounces@ietf.org>; on behalf of David Mandelberg <david=40mandelberg.org@dmarc.ietf.org>;
> Sent: Tuesday, January 1, 2019 3:33 PM
> To: Simo Sorce; draft-ietf-curdle-gss-keyex-sha2.all@ietf.org; iesg@ietf.org; secdir@ietf.org
> Subject: Re: [secdir] secdir review of draft-ietf-curdle-gss-keyex-sha2-07
> 
> On 1/1/19 9:06 AM, Simo Sorce wrote:
> > On Mon, 2018-12-31 at 14:57 -0500, David Mandelberg wrote:
> > > Section 5.1: When calculating H, are the boundaries between each
> > > concatenated thing clear? E.g., would V_C = "1.21" V_S = "0.1" and V_C =
> > > "1.2" V_S = "10.1" result in the same value for H?
> > 
> > All else equal I think it would
> 
> Ok. I don't have any specific attacks in mind, but that seems like a
> potential weak point. This probably isn't the right document to change
> that in though.
> 
> 
> 

-- 
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc