Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
Bodo Moeller <bmoeller@acm.org> Thu, 28 November 2013 09:00 UTC
Return-Path: <SRS0=uCA0=VF=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CB0E1ACCFF for <tls@ietfa.amsl.com>; Thu, 28 Nov 2013 01:00:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.93
X-Spam-Level:
X-Spam-Status: No, score=-0.93 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bkK2UYEfGk3b for <tls@ietfa.amsl.com>; Thu, 28 Nov 2013 01:00:06 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.9]) by ietfa.amsl.com (Postfix) with ESMTP id E82331AC49D for <tls@ietf.org>; Thu, 28 Nov 2013 01:00:05 -0800 (PST)
Received: from mail-oa0-f54.google.com (mail-oa0-f54.google.com [209.85.219.54]) by mrelayeu.kundenserver.de (node=mreu4) with ESMTP (Nemesis) id 0MIkdY-1VoANY0gDw-002DWK; Thu, 28 Nov 2013 10:00:04 +0100
Received: by mail-oa0-f54.google.com with SMTP id h16so8797792oag.41 for <tls@ietf.org>; Thu, 28 Nov 2013 01:00:02 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=IJkigmF4QpZv73p7b8ItprBJ9GMpwTPRRukj24t9HAw=; b=ExLWUdoMyYYB1nNn4A4c76UGoPWCsUS+2MWCXa5BrPm7dsm84eGbdFGvU9l9+1D4/c f4g0ZkyCh1+GUXHkzJCxyQSXTBRWUrDl18AtC8nkryBNls0hhOJtRIJPnTjW8VkJ0Zf1 QS70WJBucmdr2MUZKwV5PEKqriiNBCQe+UIaMr+mkcvAfeiojpiEK6Qr+MwG9gwcPzNL zKEGxjKViyR/KcgFCwvU+qGPSqU1raMme4zu0jXQ/nGV4BusnojxfynB2fTE6ZYqbVMw j09gT1ncsPac58DZn3heXYzIXiI2BgdJ8iOlZAkD86NJ/oSVdtKDcVqaVYY4Rpi2WrTw YUBQ==
MIME-Version: 1.0
X-Received: by 10.60.103.106 with SMTP id fv10mr18087460oeb.44.1385629202978; Thu, 28 Nov 2013 01:00:02 -0800 (PST)
Received: by 10.60.137.194 with HTTP; Thu, 28 Nov 2013 01:00:02 -0800 (PST)
In-Reply-To: <3f9cc03f542291ac17e0d173c09d0177.squirrel@www.trepanning.net>
References: <3065D910-832C-47B6-9E0B-2F8DCD2657D2@cisco.com> <9CD5611C-2742-435D-8832-9F85448591BA@qut.edu.au> <CADMpkcJ3wO_GMsSH33B8fQKnnr=nAUdU58bwSkks4ERF9ccAJw@mail.gmail.com> <CADMpkc+YAhDNwTk-6XsnUAscPnb7byStTE09e86L-gYhqn6L9Q@mail.gmail.com> <e2d8d4a17842e828a3325665a2e5e348.squirrel@www.trepanning.net> <CADMpkc+ArvpCA5rpqhSGH8WmV3AsPMsL6ZMf0r2-UeHR=jOjug@mail.gmail.com> <3f9cc03f542291ac17e0d173c09d0177.squirrel@www.trepanning.net>
Date: Thu, 28 Nov 2013 10:00:02 +0100
Message-ID: <CADMpkcLgke+p+vx51BxTPnwMzxQmJR9wv9WgF1SKRR8C_zRPWw@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="089e012277b46f1e6d04ec38f01b"
X-Provags-ID: V02:K0:i2/d2rYbwF4A1JWEG5ynepxNT42uWHxmvBf6abQfENC PKizeqGYNSOnO/LRD2mn7wHv77sQyR8a2ZMNyUZDtnysaR/Ato DvhSEnhnYhF6FEt2u5p5RnpSLs1H6e9l7CBOduu694PlYDD7Ar KINiCloQjfLnaOqRFmABrNnZ4ZNlN3djOKtZIdriL0PauuHMz5 7uKSjkrD1Vao6Cw1Mr8RMngQi84TjdIaJPC7eD5iEY2cRDrdv8 Nql3gyPJpzQw6ennLqORFjkb+eXl5gzzM0PL8kU0pXdvm/wKZk ZRNNuda8dF1UV6tSZDP10WRoXQUey/kHjZ7WrPZreHExHlFiwJ ETbgHZ0iZH04aXMNmaSFxgkEOdo1LGz7rfQqAEiorbn+0+tRzy OK+rwhnqCBlV0F8CJ1yD3gIJDXWOY7vnPxkwx9mQvHtnfRNCOp Q0SAf
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2013 09:16:12 -0000
2013/11/28 Dan Harkins <dharkins@lounge.org> I'm not sure how using a cipher suite with an anonymous (i.e. > unauthenticated) server is "very different from relying on initially > unauthenticated parameters" since with an unauthenticated server > the parameters will not only be initially unauthenticated but always > unauthenticated. > Right; in that case you have no hopes of defending against an active adversay anyway. > And that is not possible with TLS-pwd because the client presents the > set of domain parameter sets and the server picks one. What I got from draft-ietf-tls-pwd-02 is that (in the non-EC case) the server proposes a group in ServerFFPWDParams in the ServerKeyExchange message, and "Upon receipt of the ServerKeyExchange, the client decides whether to support the indicated group or not." Before the server chooses the group for the ServerKeyExchange, all the client sends is the ClientHello, which does not seem to allow the client to present a set of domain parameters. I may have missed something. In any case, if the client presents the domain parameters and the server accepts or rejects, we should have a similar attack the other way around. It's interesting that the fix you suggest for this problem-- "The proper > fix is to allow just a certain fixed (standardized) set of parameters" -- > is what TLS-pwd already does. > It doesn't seem that FFC primes are standardized in draft-ietf-tls-pwd-02. Am I missing something? Bodo
- Re: [TLS] Working Group Last Call for draft-ietf-… Douglas Stebila
- [TLS] Working Group Last Call for draft-ietf-tls-… Joseph Salowey (jsalowey)
- Re: [TLS] Working Group Last Call for draft-ietf-… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Love Hörnquist Åstrand
- Re: [TLS] Working Group Last Call for draft-ietf-… Love Hörnquist Åstrand
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Love Hörnquist Åstrand
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… oscar.koeroo
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Peter Sylvester
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Rene Struik
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Robert Ransom
- Re: [TLS] Working Group Last Call for draft-ietf-… Robert Ransom
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… CodesInChaos
- Re: [TLS] Working Group Last Call for draft-ietf-… Rene Struik
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Mohamad Badra
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Mohamad Badra
- Re: [TLS] Working Group Last Call for draft-ietf-… Eric Rescorla
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Robert Ransom
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Mohamad Badra
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… CodesInChaos
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Joseph Birr-Pixton
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins