Re: [TLS] draft-ietf-tls-curve25519-01: Is public key validation necessary or helpful?
Martin Thomson <martin.thomson@gmail.com> Wed, 30 December 2015 22:55 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B009C1B29E7 for <tls@ietfa.amsl.com>; Wed, 30 Dec 2015 14:55:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r8pguFUr-61P for <tls@ietfa.amsl.com>; Wed, 30 Dec 2015 14:55:11 -0800 (PST)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F9081B29E6 for <tls@ietf.org>; Wed, 30 Dec 2015 14:55:11 -0800 (PST)
Received: by mail-io0-x230.google.com with SMTP id 77so52285377ioc.2 for <tls@ietf.org>; Wed, 30 Dec 2015 14:55:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=SczE7ACTkaFbSjzEREQRpZMj7vQF6jLDuz7e5CbQud0=; b=P8D5Fqki635RVfARtiC9pDDUHkLYpqDVMDPZI0CjH6P8i9YJZtoCJr9qEjuFMXmK4G y81uV7fMB2JWYy6/FO4jTuQy8yAcYZcudFmn7fB+PyUoJ85aksHV8WQgV/kde9u/VCv7 dM7WnX5VXLM99W7CA3BkytZeG+Js+K089SSLDfeN3UH1CvQNEus/Cxri93d2OnweWWps 2gtkwbPP36+JPrnWIg3wIZb0c5JCzYec+XEQ3XTgerXWx/8iphZWfj5pWHXrIrZqbI/o N9ZnbFZ0VKedTaqvGEgFezdOZIpmR9UhnXkdCo7Gl9FxgHDwsLt4zoCfJX6wfdMtY86G Kl/g==
MIME-Version: 1.0
X-Received: by 10.107.33.12 with SMTP id h12mr10860822ioh.108.1451516110695; Wed, 30 Dec 2015 14:55:10 -0800 (PST)
Received: by 10.36.149.130 with HTTP; Wed, 30 Dec 2015 14:55:10 -0800 (PST)
In-Reply-To: <20151230111631.GB23341@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CAFewVt4Midtq7X6px4=A4hGkspQuJdzZQ907U=SJox0SdgfAJg@mail.gmail.com> <CACsn0cng1o-5hm=zuL6puOGJ8A2bjB=fFsaFsBCmmVofNSuumg@mail.gmail.com> <CABkgnnXQS3Ek6jDjx0aSQmaf+=EjfGWa8MG1AO4QwhJbK50VQg@mail.gmail.com> <CAFewVt4NSGDP_At8XsX4OsxSUaj_2kRyFP_keDQhfnR0=mBhrg@mail.gmail.com> <CABkgnnUq0_28U6VqE=ZPpwutOBUkTGwhxqHQOEvQve5JYfSVRA@mail.gmail.com> <CAFewVt6fyqbOZfQkWY=9SM20WcrP0UhfH+3wvXjiYoTjPm2pgA@mail.gmail.com> <CAFewVt5U9awAg4FbdWtXiCATd-kWttdsAwe3eWwcD5SXsKvyWQ@mail.gmail.com> <6F6EDAA8-15F2-4949-B927-4D0BD0E8FFE3@inria.fr> <20151230105207.GB6140@roeckx.be> <20151230111631.GB23341@LK-Perkele-V2.elisa-laajakaista.fi>
Date: Thu, 31 Dec 2015 09:55:10 +1100
Message-ID: <CABkgnnV+mzt6tQbM7m2hN5Y=Qk8G1AeYtC=+Xy+e31pdEiq-pQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/KDYGWFNkD34ylQMOwCAtxqnjsQo>
Cc: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-curve25519-01: Is public key validation necessary or helpful?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2015 22:55:12 -0000
On 30 December 2015 at 22:16, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: >> Would it make sense to have session hash as a requirement in TLS >> 1.2 when you want to use Curve25519? > > I don't think that is reasonable. I think that is entirely reasonable. TLS 1.2 relies on contributory behaviour. 25519 doesn't provide that unless you do some extra checking that we know many implementations don't do. I'd be OK with either requiring session hash, some checking of values, or both. Otherwise we create a situation where the shared secret can be forced by an attacker.
- [TLS] draft-ietf-tls-curve25519-01: Is public key… Brian Smith
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Watson Ladd
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Martin Thomson
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Brian Smith
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Martin Thomson
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Brian Smith
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Viktor Dukhovni
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Martin Thomson
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Brian Smith
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Karthikeyan Bhargavan
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Kurt Roeckx
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Martin Thomson
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Brian Smith
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Brian Smith
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Watson Ladd
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Eric Rescorla
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Brian Smith
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Watson Ladd
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Adam Langley
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Brian Smith
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Alyssa Rowan
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Jeffrey Walton
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Eric Rescorla
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Adam Langley
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Eric Rescorla
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Martin Thomson
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Eric Rescorla
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Eric Rescorla
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Ilari Liusvaara
- [TLS] TCP Keep Alive Question: draft-ietf-tls-tls… nalini.elkins
- Re: [TLS] TCP Keep Alive Question: draft-ietf-tls… Watson Ladd
- Re: [TLS] TCP Keep Alive Question: draft-ietf-tls… nalini.elkins
- Re: [TLS] TCP Keep Alive Question: draft-ietf-tls… Roland Zink
- Re: [TLS] TCP Keep Alive Question: draft-ietf-tls… nalini.elkins
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-curve25519-01: Is public… Watson Ladd