Re: [TLS] Static DH timing attack

Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 11 September 2020 02:25 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52EBC3A0A26 for <tls@ietfa.amsl.com>; Thu, 10 Sep 2020 19:25:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZNx8aIXG3swr for <tls@ietfa.amsl.com>; Thu, 10 Sep 2020 19:25:04 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [180.189.28.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 068D13A0A06 for <tls@ietf.org>; Thu, 10 Sep 2020 19:25:03 -0700 (PDT)
Received: from AUS01-ME1-obe.outbound.protection.outlook.com (mail-me1aus01lp2059.outbound.protection.outlook.com [104.47.116.59]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-49-yQGmHVkkN0ebhM_Dl6lHDw-1; Fri, 11 Sep 2020 12:24:55 +1000
X-MC-Unique: yQGmHVkkN0ebhM_Dl6lHDw-1
Received: from HK2PR02CA0170.apcprd02.prod.outlook.com (2603:1096:201:1f::30) by ME2PR01MB4819.ausprd01.prod.outlook.com (2603:10c6:220:46::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Fri, 11 Sep 2020 02:24:49 +0000
Received: from HK2APC01FT019.eop-APC01.prod.protection.outlook.com (2603:1096:201:1f:cafe::7b) by HK2PR02CA0170.outlook.office365.com (2603:1096:201:1f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16 via Frontend Transport; Fri, 11 Sep 2020 02:24:48 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.208) smtp.mailfrom=cs.auckland.ac.nz; akamai.com; dkim=none (message not signed) header.d=none;akamai.com; dmarc=none action=none header.from=cs.auckland.ac.nz;
Received: from uxcn13-ogg-a.UoA.auckland.ac.nz (130.216.95.208) by HK2APC01FT019.mail.protection.outlook.com (10.152.248.187) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3370.16 via Frontend Transport; Fri, 11 Sep 2020 02:24:47 +0000
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-a.UoA.auckland.ac.nz (10.6.2.2) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 11 Sep 2020 14:23:49 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.006; Fri, 11 Sep 2020 14:23:49 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "Salz, Rich" <rsalz@akamai.com>, Achim Kraus <achimkraus@gmx.net>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Static DH timing attack
Thread-Index: AQHWhrp+9EGmAKHnM0S2YOV3OYQKzqlhmhsF//998wCAAEzOAIABUsmo
Date: Fri, 11 Sep 2020 02:23:48 +0000
Message-ID: <1599791029197.84073@cs.auckland.ac.nz>
References: <5595BB40-3AFD-4327-B7B7-5E63FFC594DD@akamai.com> <1599729784370.87441@cs.auckland.ac.nz> <fff1a66a-0a49-cfbd-461a-c1d0ed3aeaaa@gmx.net>, <F5B3E4EB-1342-428B-B28B-CCDB323BAF86@akamai.com>
In-Reply-To: <F5B3E4EB-1342-428B-B28B-CCDB323BAF86@akamai.com>
Accept-Language: en-NZ, en-GB, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9068654a-716d-4d4f-5636-08d855f9daf9
X-MS-TrafficTypeDiagnostic: ME2PR01MB4819:
X-Microsoft-Antispam-PRVS: <ME2PR01MB4819819FDADD452027299FC6EE240@ME2PR01MB4819.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:3826;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: J5uhbRZ1QpYREYmtREv+tqiydwzgNwyWTiIEMAy2/6kvoe+FeGF7ozpnjUzf8WkXr45JhQUxKXNDVPf7WZ+xxCeNyxJ7lZzxkOixC9j3y8859xxrPRMX1FymyNzDfb8/BViu2XQfzTytlEiHcQyjXXf7ZOGbnacVUuIeoQ3Zp0jX1hjvltUgOq5wgGcylG2ap8gkRookK8UcdJN2ZQMAvXxXND84sM/S6qPYihYfdF0CSEsRrpSG82RTfDJxHO/weKW6FzUrt8zHSDeltFO4aVMlDAZVWdV/aYrtX3I/8pli/JWeY/CsukSqSzvOa+Jw3oYq0sA6R5rq1a2uXRiFqbA5Bg63tPBK2hC5z49MlpIA9RP7q+CY2SjBUuhJRedtj5Myy+3YXIQ5HD1NaR6gJA==
X-Forefront-Antispam-Report: CIP:130.216.95.208; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-ogg-a.UoA.auckland.ac.nz; PTR:natgate1-1.auckland.ac.nz; CAT:NONE; SFS:(4636009)(136003)(376002)(39860400002)(346002)(396003)(46966005)(478600001)(82740400003)(47076004)(7636003)(336012)(4744005)(8676002)(356005)(2906002)(82310400003)(186003)(26005)(70206006)(110136005)(8936002)(5660300002)(70586007)(2616005)(86362001)(36906005)(786003)(316002); DIR:OUT; SFP:1101;
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Sep 2020 02:24:47.8532 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 9068654a-716d-4d4f-5636-08d855f9daf9
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.208]; Helo=[uxcn13-ogg-a.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: HK2APC01FT019.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME2PR01MB4819
X-Mimecast-Spam-Score: 0.0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-NZ
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/IDMckz1fpNasnGq6VNmvvOjfBAE>
Subject: Re: [TLS] Static DH timing attack
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2020 02:25:05 -0000

Salz, Rich <rsalz@akamai.com> writes:

>Do you mean this because people will confuse DH with ECDHE ?

See my reply to Achim, it's not that but because banning static-ephemeral
(EC)DH will also affect all the cases where it's being applied as it if were
RSA.

Which, given that it's such a footgun would IMHO be a good thing, but others
will probably disagree :-).

Peter.