Re: [secdir] secdir review of draft-ietf-curdle-gss-keyex-sha2-07

Jeffrey Hutzelman <jhutz@cmu.edu> Tue, 01 January 2019 22:13 UTC

From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: David Mandelberg <david=40mandelberg.org@dmarc.ietf.org>, Simo Sorce <simo@redhat.com>, "draft-ietf-curdle-gss-keyex-sha2.all@ietf.org" <draft-ietf-curdle-gss-keyex-sha2.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: [secdir] secdir review of draft-ietf-curdle-gss-keyex-sha2-07
Thread-Index: AQHUoUMUHwl08B2MXUm7QLQuuiqmK6Wax6aAgABsKYD//8YKXw==
Date: Tue, 01 Jan 2019 22:13:28 +0000
Message-ID: <7167ade4a5f34131b0febdbf838ed1fe@cmu.edu>
References: <d27185fb-17ea-f84b-4c33-ea2ba2f50637@mandelberg.org> <c2b59fec7c229f5ee1dc5297b1b4a92a5f0d7c17.camel@redhat.com>, <116626_1546374823_x01KXf1b120191_e99a19cd-6e21-f859-db68-23cdd20c1e25@mandelberg.org>
In-Reply-To: <116626_1546374823_x01KXf1b120191_e99a19cd-6e21-f859-db68-23cdd20c1e25@mandelberg.org>
Accept-Language: en-US
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_7167ade4a5f34131b0febdbf838ed1fecmuedu_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/zYs_scoNhzuKdvwJi_2Z4FdRAtk>
Subject: Re: [secdir] secdir review of draft-ietf-curdle-gss-keyex-sha2-07
Precedence: list

Actually, this is not an issue. The value H is the SSH exchange hash, which is a common element across all key exchange methods. It is discussed in detail on the following page, which I think makes it clear that the hash is over a concatenation of a number of items of type 'string', except for K, which is an mpint. These types and their representations are described in RFC4251 section 5. In particular, 'string' is a counted string, so no, the cases you describe do not result in the same value for H.

-- Jeff

________________________________
From: secdir <secdir-bounces@ietf.org> on behalf of David Mandelberg <david=40mandelberg.org@dmarc.ietf.org>
Sent: Tuesday, January 1, 2019 3:33 PM
To: Simo Sorce; draft-ietf-curdle-gss-keyex-sha2.all@ietf.org; iesg@ietf.org; secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-curdle-gss-keyex-sha2-07

On 1/1/19 9:06 AM, Simo Sorce wrote:
> On Mon, 2018-12-31 at 14:57 -0500, David Mandelberg wrote:
>> Section 5.1: When calculating H, are the boundaries between each
>> concatenated thing clear? E.g., would V_C = "1.21" V_S = "0.1" and V_C =
>> "1.2" V_S = "10.1" result in the same value for H?
>
> All else equal I think it would

Ok. I don't have any specific attacks in mind, but that seems like a
potential weak point. This probably isn't the right document to change
that in though.

[secdir] secdir review of draft-ietf-curdle-gss-k… David Mandelberg
Re: [secdir] secdir review of draft-ietf-curdle-g… Simo Sorce
Re: [secdir] secdir review of draft-ietf-curdle-g… David Mandelberg
Re: [secdir] secdir review of draft-ietf-curdle-g… Jeffrey Hutzelman
Re: [secdir] secdir review of draft-ietf-curdle-g… Simo Sorce
Re: [secdir] secdir review of draft-ietf-curdle-g… Hubert Kario