Re: [TLS] TLS and KCI vulnerable handshakes
Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 17 August 2015 15:54 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FFB71B2E46 for <tls@ietfa.amsl.com>; Mon, 17 Aug 2015 08:54:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.31
X-Spam-Level:
X-Spam-Status: No, score=-1.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, J_CHICKENPOX_22=0.6, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kNhwp-PK_bxA for <tls@ietfa.amsl.com>; Mon, 17 Aug 2015 08:54:06 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84D001B2E5A for <tls@ietf.org>; Mon, 17 Aug 2015 08:54:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1439826843; x=1471362843; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=IgnYOKCGPOj0Ihmc68/TG5QAUP+9Nqqb2ohyiW5UMHs=; b=wSJyyX4oqr8DFF+jJVhW5l1HB1bCROxDHWpzTEWTPeDhN4uAsk/+itdh xCzKgD++5V8CjZUvWa2lqZgRbgRIF9Rautz4VkmP6qQIIM4nsSaUzg7rg UTsCRkwzsVZwr0jNrG1nO3/fFNhSG1YgGDQfAmGwO6n0AP8wQ96zMkRd2 IsBNOPpz+Q6y9msJ+cqDKrDdDjixgKqlw9RzdBgXLHi1Iucq+TmKibpd0 O9T/aplI0hPWDh99TAK4xrowYrNdaOpxGX/dydhvRvJF1gA5HZCj4EdY8 XcFaI61NAjxkcXrPRodjSftqzFbLzrn8sDMEN5NHpKfJWcQNvAoBHzH8K Q==;
X-IronPort-AV: E=Sophos;i="5.15,695,1432555200"; d="scan'208";a="35697675"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 18 Aug 2015 03:54:01 +1200
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.48]) by uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id 14.03.0174.001; Tue, 18 Aug 2015 03:54:00 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] TLS and KCI vulnerable handshakes
Thread-Index: AQHQ1F5LrI8QBmnw8E6Q+G9ikduiz54HF7RI//+NqoCACYRrov//ZC4AgADQc9I=
Date: Mon, 17 Aug 2015 15:53:59 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4ADDF25@uxcn10-5.UoA.auckland.ac.nz>
References: <55C8CD7A.7030309@rise-world.com> <9A043F3CF02CD34C8E74AC1594475C73F4AD80F3@uxcn10-5.UoA.auckland.ac.nz> <55CA821B.9090101@rise-world.com> <9A043F3CF02CD34C8E74AC1594475C73F4ADDD17@uxcn10-5.UoA.auckland.ac.nz>, <20150817151814.GE24426@mournblade.imrryr.org>
In-Reply-To: <20150817151814.GE24426@mournblade.imrryr.org>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/-Zb1EIhjoo3SP0ElIxh0XohxzSw>
Subject: Re: [TLS] TLS and KCI vulnerable handshakes
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2015 15:54:08 -0000
Viktor Dukhovni <ietf-dane@dukhovni.org> writes: >I can't answer why, but I know what and when: I was trying to avoid finger-pointing so I didn't go through the changelog to see whodunnit, I was more interested in the motivation. Same for Apple, why would you implement something that pretty much no-one else (at the time) supported, and for good reason? Having said that though: DH-DSS-CAMELLIA256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA1 DH-DSS-CAMELLIA128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA1 DH-DSS-SEED-SHA SSLv3 Kx=DH/DSS Au=DH Enc=SEED(128) Mac=SHA1 DH-DSS-DES-CBC-SHA SSLv3 Kx=DH/DSS Au=DH Enc=DES(56) Mac=SHA1 DH-RSA-DES-CBC-SHA SSLv3 Kx=DH/RSA Au=DH Enc=DES(56) Mac=SHA1 that sort of stuff just compounds the WTF. Static DH + DSA + single DES, added in 2012. W. T. F. Peter.
- [TLS] TLS and KCI vulnerable handshakes Clemens Hlauschek
- Re: [TLS] TLS and KCI vulnerable handshakes Peter Gutmann
- Re: [TLS] TLS and KCI vulnerable handshakes Karthikeyan Bhargavan
- Re: [TLS] TLS and KCI vulnerable handshakes Martin Thomson
- Re: [TLS] TLS and KCI vulnerable handshakes Ilari Liusvaara
- Re: [TLS] TLS and KCI vulnerable handshakes Martin Thomson
- Re: [TLS] TLS and KCI vulnerable handshakes Clemens Hlauschek
- Re: [TLS] TLS and KCI vulnerable handshakes Martin Thomson
- Re: [TLS] TLS and KCI vulnerable handshakes Daniel Kahn Gillmor
- Re: [TLS] TLS and KCI vulnerable handshakes Clemens Hlauschek
- Re: [TLS] TLS and KCI vulnerable handshakes Clemens Hlauschek
- Re: [TLS] TLS and KCI vulnerable handshakes Peter Gutmann
- Re: [TLS] TLS and KCI vulnerable handshakes Peter Gutmann
- Re: [TLS] TLS and KCI vulnerable handshakes Viktor Dukhovni
- Re: [TLS] TLS and KCI vulnerable handshakes Viktor Dukhovni
- Re: [TLS] TLS and KCI vulnerable handshakes Peter Gutmann
- Re: [TLS] TLS and KCI vulnerable handshakes Salz, Rich
- Re: [TLS] TLS and KCI vulnerable handshakes Viktor Dukhovni
- Re: [TLS] TLS and KCI vulnerable handshakes Clemens Hlauschek
- Re: [TLS] TLS and KCI vulnerable handshakes Watson Ladd