Re: [TLS] draft-dkg-tls-reject-static-dh

Nico Williams <nico@cryptonector.com> Fri, 07 December 2018 16:48 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EAD4130E8A for <tls@ietfa.amsl.com>; Fri, 7 Dec 2018 08:48:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ETy9dFFmR_Hh for <tls@ietfa.amsl.com>; Fri, 7 Dec 2018 08:48:20 -0800 (PST)
Received: from eastern.maple.relay.mailchannels.net (eastern.maple.relay.mailchannels.net [23.83.214.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF6A0130E83 for <tls@ietf.org>; Fri, 7 Dec 2018 08:48:19 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 7CD1942BCB; Fri, 7 Dec 2018 16:48:15 +0000 (UTC)
Received: from pdx1-sub0-mail-a36.g.dreamhost.com (unknown [100.96.20.98]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 153314237A; Fri, 7 Dec 2018 16:48:15 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a36.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.16.2); Fri, 07 Dec 2018 16:48:15 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Minister-Daffy: 6bbb9e77775a001b_1544201295330_3745946379
X-MC-Loop-Signature: 1544201295330:3896869326
X-MC-Ingress-Time: 1544201295329
Received: from pdx1-sub0-mail-a36.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a36.g.dreamhost.com (Postfix) with ESMTP id 9D893802EB; Fri, 7 Dec 2018 08:48:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=LvtPpjh5YsueyQ IN6EJsE00l2L0=; b=RuRE/8jFhtfmC/2r/jsb/25eoEy42jTCXIIBh+Xxx+vYjX k7AAOyUMXLyDb/2FXpbBWJvS8Iiof9LjD38ZQhLQEuDoYr8fdwS41e3zhWOeit2F rrv6qi/Azr7tZcuy1up9dBg6WGdK8aLz4+7IYx3ydn2nJuJhDLGnTX0mf7QAE=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a36.g.dreamhost.com (Postfix) with ESMTPSA id 90EC2802E1; Fri, 7 Dec 2018 08:48:09 -0800 (PST)
Date: Fri, 7 Dec 2018 10:48:08 -0600
X-DH-BACKEND: pdx1-sub0-mail-a36
From: Nico Williams <nico@cryptonector.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "tls@ietf.org" <tls@ietf.org>
Message-ID: <20181207164807.GY15561@localhost>
References: <9a9be8fb-9667-0c6a-9fac-cc167f94599f@cs.tcd.ie> <874lbqcgu2.fsf@fifthhorseman.net> <1544164274460.61998@cs.auckland.ac.nz> <20181207064745.GU15561@localhost> <1544166850611.133@cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1544166850611.133@cs.auckland.ac.nz>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtkedrudefledgleduucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedu
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GHuQe8B3Ku4A767_I-wuS-PdIZ8>
Subject: Re: [TLS] draft-dkg-tls-reject-static-dh
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2018 16:48:22 -0000

On Fri, Dec 07, 2018 at 07:14:17AM +0000, Peter Gutmann wrote:
> It depends on what those resources are, at one end you've got proper DHE with
> a full modexp required, at the other end if you can fake it with something as
> lightweight as a mod-add or similar it's essentially free while defeating DHE-
> reuse detection.

Fair.

> I appreciate that people feel strongly about this, and I support the idea of
> non-ephemeral DHE detection in principal [0] (along with many, many other
> measures to strengthen TLS), but this draft reads a lot like the IETF blowing
> raspberries at ETSI.  

That's my take as well.  However, the possibility of detecting stuck
RNGs like the Debian OpenSSL debacle of ten years ago is interesting.
Still, it's more complexity for clients.

Nico
--