Re: [TLS] draft-dkg-tls-reject-static-dh

Daniel Kahn Gillmor <> Fri, 07 December 2018 04:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 85C18130E52 for <>; Thu, 6 Dec 2018 20:33:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.298
X-Spam-Status: No, score=-0.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_03_06=1.592, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sPiKczGjAzL7 for <>; Thu, 6 Dec 2018 20:33:54 -0800 (PST)
Received: from ( [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4C9A512008A for <>; Thu, 6 Dec 2018 20:33:54 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id D2CC0F99B; Thu, 6 Dec 2018 23:33:51 -0500 (EST)
Received: by (Postfix, from userid 1000) id DDC1920DCE; Fri, 7 Dec 2018 03:37:25 +0300 (EAT)
From: Daniel Kahn Gillmor <>
To: Stephen Farrell <>
Cc: "tls\" <>
In-Reply-To: <>
References: <>
Date: Fri, 07 Dec 2018 03:37:25 +0300
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <>
Subject: Re: [TLS] draft-dkg-tls-reject-static-dh
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 07 Dec 2018 04:33:59 -0000

On Wed 2018-12-05 18:59:07 +0000, Stephen Farrell wrote:

> it's feasible and not easily defeated.

TLS endpoints can share their data (key material, cleartext, etc) with
whoever they choose -- that's just how the universe is implemented.
They can even do it out of band, on a channel that the peer has no
knowledge of.

The question for TLS implementers is what to do about risks or leakage
that they *can* become aware of.

> It'd be good to describe in detail a way in which one might
> efficiently retain the client state required, e.g. via a bloom filter
> maybe?  (Assuming an occasional false positive isn't too alarming;-)

Yes, that would be great.  the way i was going to write it that guidance
was pretty dumb (i was thinking of just a hashtable combined with a
fixed-size ring buffer to be constant-space and roughly constant-time,
and hadn't even considered bloom filters), so i welcome suggested text.

Given that the size of the set of elements to include is effectively
infinite, standard Bloom filters seem likely to be trouble (way too fast
to converge onto false-positives).

Perhaps "stable bloom filters" would represent a better tradeoff:

But hm, even a 0.1% false positive rate sounds pretty alarming too.  1
in a thousand connections failing?  yikes!  I think we'd want to err on
the false-negative side for this particular use case.

> It might also be good to outline how a survey or CT-like mechanism
> (say logging some value as a witness for the DH public) could be used
> to detect this kind of badness even if common TLS clients didn't
> deploy.

oof, CT itself is *really* heavyweight, and given our overall failure to
get any sort of monitoring that would detect abuse by the CT logs
themselves working (gossip hasn't had the necessary traction), i'm not
sure i have the stamina to go down that route for ephemeral DH values.

If someone wants to try to think that through (how do you ensure it's
not spammed?) i'd be happy to see it as a separate draft, but i don't
think it belongs in this one, which is intended as guidance for TLS
endpoint implementations.

> I think in 3.2 you need to be a bit more precise about which DH values
> you mean, e.g.  if doing ESNI then clients will see the same DH value
> from ESNIKeys a number of times. (So I suspect you couldn't implement
> this at a very low level in the crypto engine.)

Yes, that's absolutely right.  Proposals for text welcome!

> "MUST avoid accidental" is an interesting phrase:-)

good catch, i'll drop "accidental" :)

> Section 4 could probably do with some text about how not to do this,
> e.g. keeping a list of {servername,[DH values]} would be bad if a
> client's disk were compromised.

right, this would align with the bloom filter (or whatever)
implementation guidance you mention above.  I've been thinking about
this, and i'm not sure that we even need servername as part of the key.
is there any reason that a client should ephemeral DH reuse *across*
hosts?  If anything, ephemeral DH reuse across hosts *proves* that a DH
secret has been shared (wittingly or unwittingly), which is one of the
things we're trying to avoid, right?  Simpler implementations are
probably better, and it's certainly easier to not deal with the