IETF Logo Mail Archive

Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites

"Dan Harkins" <dharkins@lounge.org> Mon, 04 April 2016 18:23 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 996EC12D159 for <tls@ietfa.amsl.com>; Mon, 4 Apr 2016 11:23:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YDuCviO_Zv_M for <tls@ietfa.amsl.com>; Mon, 4 Apr 2016 11:23:35 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 02FCC12D0B9 for <tls@ietf.org>; Mon, 4 Apr 2016 11:23:35 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 91E081022404C; Mon, 4 Apr 2016 11:23:34 -0700 (PDT)
Received: from 31.133.176.131 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Mon, 4 Apr 2016 11:23:34 -0700 (PDT)
Message-ID: <b03c36aa568e27b2728e01b363b4dadc.squirrel@www.trepanning.net>
In-Reply-To: <CAPofZaH+S3vpUC_XD4WGKfzJRUULdG3P0b=MKtoTqU-iq+qg2w@mail.gmail.com>
References: <20DDE657-E1A9-4705-936D-40673294C4EB@sn3rd.com> <56FD2A0A.1050607@gmx.net> <56FD4A42.2080100@akamai.com> <56FD4E32.5060409@gmx.net> <56FD55E3.9060605@akamai.com> <56FD599D.2040206@gmx.net> <56FD5B00.3090007@akamai.com> <ca13e48abd8042c38bc2116bd5574f85@usma1ex-dag1mb1.msg.corp.akamai.com> <56FD5CFC.8090508@gmx.net> <9ed6f4205baf4602857b3c4539fc1941@usma1ex-dag1mb1.msg.corp.akamai.com> <56FD610F.10301@gmx.net> <56FD63B0.2070205@cs.tcd.ie> <1640361f86795f7c3117d9c25be91a72.squirrel@www.trepanning.net> <CACsn0cmM+YTkPKf-nbqgyq=GdG=8M7i+Jq1a-kx77C9CbWCwqg@mail.gmail.com> <fa7284ff7f22aa724fbdc7122707c0e3.squirrel@www.trepanning.net> <CAPofZaGYpMEiJGz=kFJwfYGPJ433JhcEhLzBky9pi+0RwceeqQ@mail.gmail.com> <1c1246d3be495728863f1633691e4a53.squirrel@www.trepanning.net> <CAPofZaH+S3vpUC_XD4WGKfzJRUULdG3P0b=MKtoTqU-iq+qg2w@mail.gmail.com>
Date: Mon, 04 Apr 2016 11:23:34 -0700
From: Dan Harkins <dharkins@lounge.org>
To: Phil Lello <phil@dunlop-lello.uk>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/SiRXgyetldoFOx4tQrr5skGr5pY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] call for consensus: changes to IANA registry rules for cipher suites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 18:23:36 -0000


On Mon, April 4, 2016 10:46 am, Phil Lello wrote:
>>
>> >> Usually what happens is the server generates a self-signed
>> certificate
>> >> and the apps are given some "username" and "password" and the app
>> >> ignores the unauthenticated nature of the TLS connection and sends
>> >> the u/p credential on through.
>> >
>> > Isn't this use case more of an argument for an updated auth-digest to
>> use
>> > something better than MD5? I'm not convinced MITM is a real concern
>> for a
>> > typical IoT environment (however that's defined - I'm assuming http in
>> a
>> > domestic environment).
>>
>>   First of all, what makes you think it's MD5 digest and not just
>> plaintext? And updated by whom? These are ad hoc constructions done
>> because the alternative is too onerous.
>>
>
> I didn't say that. I was suggesting using a standard HTTP digest mechanism
> rather than sending a plaintext username/password. The IETF has already
> updated HTTP digest, so there's no work.
>
>>
>>   As someone who has stolen wi-fi from the apt next door that was
>> protected by a PSK I would say that doing a dictionary attack in
>> a "domestic environment" is entirely plausible. If I have to do a
>> soft AP advertising the neighbor's SSID in order to lure a set-top
>> box or thermostat or whatever to connect to me then that's a very
>> low bar.
>>
>
> Whilst you have my sympathy, I don't see how that's relevant; a dictionary
> attack can be used just as easily against a TLS protected resource.
> Securing the WiFi configuration so that devices connect to the correct one
> is not a TLS issue.

  I'm not asking for sympathy. I'm pointing out that your proposal
does not work.

  Mentioning the ease at which one can launch a dictionary attack
(regardless of the protocol) is relevant because you're proposing to
use a technique that is susceptible to dictionary attack (presumably,
but not necessarily, after misusing a certificate). As I mentioned, to
support this kind of use case I favor using a TLS cipher suite that
supports a PAKE  (draft-ietf-tls-pwd-07, for example). Using such a
cipher suite would mean that a dictionary attack cannot "be used just
as easily against a TLS protected resource."

  regards,

  Dan.

v2.23.0 | Report a Bug | By Email