Re: [TLS] draft-dkg-tls-reject-static-dh
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 08 December 2018 05:21 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F540131113 for <tls@ietfa.amsl.com>; Fri, 7 Dec 2018 21:21:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DxWtBQTah--r for <tls@ietfa.amsl.com>; Fri, 7 Dec 2018 21:21:42 -0800 (PST)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EE1912D4ED for <tls@ietf.org>; Fri, 7 Dec 2018 21:21:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1544246501; x=1575782501; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=avghPUGLQ7OYZfczUseU5Tb7SGGSP4ODUG+x1+zddaA=; b=L1wFNm+JgJ8irTdGEYck7XI7yGgU7wweDOKcRnpxASbSYgnHI7dmYmoJ Vu968wO084mN8s6kx/rPobmCixJPeF+X++hbBQ6vIYy/Fby8//dt/e2UX JYJSuR4py8VFdEpx4O0uoLTSsLw+xY00n6KGic+07smdkzb5TGv5/djsg v3mR5yrSG/pYsmUxS6FoCfwkkP4LW1VsXpPh2L+kF9pqPJDv6tdjuCbmp fkkiHdohG1R2SmRNDnBJnZkj6l+bBwhPcv3SKY5DU1sdcvjoAGN2ZQvQ9 jRCUslfcAAeOX5+s9sDEvAXCt+aJpp7K3yzmUveR/y4LG1StM34MzPwFH Q==;
X-IronPort-AV: E=Sophos;i="5.56,329,1539601200"; d="scan'208";a="42408027"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.3 - Outgoing - Outgoing
Received: from smtp.uoa.auckland.ac.nz (HELO uxcn13-tdc-b.UoA.auckland.ac.nz) ([10.6.3.3]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 08 Dec 2018 18:21:36 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-b.UoA.auckland.ac.nz (10.6.3.3) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sat, 8 Dec 2018 18:21:35 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Sat, 8 Dec 2018 18:21:36 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Nico Williams <nico@cryptonector.com>
CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] draft-dkg-tls-reject-static-dh
Thread-Index: AQHUjMy2+Ip4vOdFW02pqhJ3jndT6qVxloSAgAE690z//yyCgIAA4O8ngAB4LYCAAPr7AA==
Date: Sat, 08 Dec 2018 05:21:35 +0000
Message-ID: <1544246485316.85805@cs.auckland.ac.nz>
References: <9a9be8fb-9667-0c6a-9fac-cc167f94599f@cs.tcd.ie> <874lbqcgu2.fsf@fifthhorseman.net> <1544164274460.61998@cs.auckland.ac.nz> <20181207064745.GU15561@localhost> <1544166850611.133@cs.auckland.ac.nz>,<87pnucbt2m.fsf@fifthhorseman.net>
In-Reply-To: <87pnucbt2m.fsf@fifthhorseman.net>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BvvM3AByo-FUA34Fi-K-m97JoJI>
Subject: Re: [TLS] draft-dkg-tls-reject-static-dh
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Dec 2018 05:21:45 -0000
Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes: >> [0] "In principal" because there's a fair bit of SCADA gear that does this >> because it doesn't have the CPU power to generate new DHE values, as I >> found out when I turned on non-DHE checking some years ago. > >Is this SCADA gear running TLS 1.3? is it clients and servers both, or just >one or the other? When was this scan done? i'd love to see more >documentation about this practice. No, it'd be mostly 1.0, moving slowly to 1.2 at some stage (I spend a fair chunk of yesterday debugging a handshake failure that turned out to be the fact that the current, most-recent release of the code in a fairly significant code base can't understand anything newer than TLS 1.0). It wasn't a rigorous scan, it just got enabled for a new release and then there were enough complaints about it breaking things that it got removed again. I don't really know if it's possible to do any kind of useful survey of the SCADA environment because most of it is invisible to the public internet, you just try various things on a small basis and if no-one complains, push it out to more and more users and hope you don't get complaints. Sometimes things break, for example within the last month we had a customer who thought "USA" was a valid ISO 3166 country code: 231 12: SET { 233 10: SEQUENCE { 235 3: OBJECT IDENTIFIER countryName (2 5 4 6) 240 3: PrintableString 'USA' : } : } Since no-one seems to check whether the C= component in a DN is a valid country or even looks like a valid C= component, it hadn't been noticed before. No idea what would have ended up in there if they were in Saint Vincent and the Grenadines or the Federated States of Micronesia. Anyway, I don't have any real data, just that it was common enough that we had to remove the check again. When I talk about SCADA stuff and it sounds rather anecdotal that's because it usually is, you enable a new feature and if you don't get complaints, leave it enabled, but that's as far as it goes in terms of coverage. Peter.
- [TLS] draft-dkg-tls-reject-static-dh Stephen Farrell
- Re: [TLS] draft-dkg-tls-reject-static-dh R duToit
- Re: [TLS] draft-dkg-tls-reject-static-dh Viktor Dukhovni
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh R duToit
- Re: [TLS] draft-dkg-tls-reject-static-dh Daniel Kahn Gillmor
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh Daniel Kahn Gillmor
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann
- Re: [TLS] draft-dkg-tls-reject-static-dh Tony Arcieri
- Re: [TLS] draft-dkg-tls-reject-static-dh Töma Gavrichenkov
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann