Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration
Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 18 March 2018 16:08 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F93712DA2B for <tls@ietfa.amsl.com>; Sun, 18 Mar 2018 09:08:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2COdvezA4uz3 for <tls@ietfa.amsl.com>; Sun, 18 Mar 2018 09:08:15 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CE1812D88B for <tls@ietf.org>; Sun, 18 Mar 2018 09:08:15 -0700 (PDT)
Received: from [192.168.1.161] (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 255C07A3309 for <tls@ietf.org>; Sun, 18 Mar 2018 16:08:14 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <CABcZeBOFvdfV3b5+yfJbeYxHLi_uDY34X7u3cbpiLa6RtnmFkQ@mail.gmail.com>
Date: Sun, 18 Mar 2018 12:08:13 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: TLS WG <tls@ietf.org>
Message-Id: <9A9BB6E5-2620-4DE8-9BA1-18DB47801A50@dukhovni.org>
References: <6112806.hxzZ6NivhB@pintsize.usersys.redhat.com> <CABcZeBOFvdfV3b5+yfJbeYxHLi_uDY34X7u3cbpiLa6RtnmFkQ@mail.gmail.com>
To: TLS WG <tls@ietf.org>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KKhS_9yoDECIe-yNzRs_LVELa0c>
Subject: Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 16:08:19 -0000
> On Mar 18, 2018, at 11:27 AM, Eric Rescorla <ekr@rtfm.com> wrote: > > After discussion with the chairs and the AD, I have opted to just add a section > that explains the attack. I just merged that (but managed not to get it into -27 > due to fumble fingering). It seems to me that privacy considerations for external PSKs are a rather secondary issue. These are infinitely more likely to be used by IOT devices calling the mothership than by users browsing content they'd rather keep private. I've never used an external PSK, nor do I expect have any of the posters pointing out the privacy issues. The devices that might use external PSKs will likely be unavoidably fingerprinted by source IP address and the target mothership. So I agree with the above approach. It is better to keep external PSKs simple, with understood limitations, that to attempt (and fail) to turn privacy up to eleven. -- Viktor.
- [TLS] draft-ietf-tls-tls13-26 is vulnerable to ex… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Christian Huitema
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Lanlan Pan
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Viktor Dukhovni
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Daniel Kahn Gillmor
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Joseph Lorenzo Hall
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Nikos Mavrogiannopoulos
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Sean Turner
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Kathleen Moriarty
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario