Re: [TLS] MITM Attacks on Client Authentication after Resumption

Adam Langley <agl@google.com> Wed, 05 March 2014 13:07 UTC

Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2298B1A02AD for <tls@ietfa.amsl.com>; Wed, 5 Mar 2014 05:07:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.926
X-Spam-Level:
X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvaS5bniLN1i for <tls@ietfa.amsl.com>; Wed, 5 Mar 2014 05:07:47 -0800 (PST)
Received: from mail-vc0-x235.google.com (mail-vc0-x235.google.com [IPv6:2607:f8b0:400c:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id EC6B21A0121 for <tls@ietf.org>; Wed, 5 Mar 2014 05:07:46 -0800 (PST)
Received: by mail-vc0-f181.google.com with SMTP id lg15so964879vcb.26 for <tls@ietf.org>; Wed, 05 Mar 2014 05:07:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=iwMXsu62UJNQzSA6kMc9Gppn2xDviNXRBcjAAidlpRc=; b=HoUPYjBmWanWNCJR15U/YuQvtvbKlhw1PD4CgpOONXCtzDC0v3qoG743PQl9x5aTq8 SSZHT/LBhhTCyR/xyZGXEJvkqBMwyaJHyVfOz4rn5gU18AP/z5GjRQuRgTWWVT1mGvWQ HKrdmewujyM+ZQFpWdvvr9eEb1FaLt8SncbOlq6+3y5ejz1Xr40LJ4aJb/HTVI2f8Agp rjF4VLTvWetwPSve7hyD3S4Ok+SUWQlNDbq6LC5Dmo0Xgk8aPOSpsg9AM1Muhqq05D7n Tb7+ZGvmdui2DPZ0D6+qErYohFPqytGh561S1iK6ofJNX/gyA67ju+AbHq3hktRSdr6S Faig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=iwMXsu62UJNQzSA6kMc9Gppn2xDviNXRBcjAAidlpRc=; b=mST1sAYfqvDH0f1k8BMhGD5dZzpWr1f3y3zjjLt5VE1VGfD/0h5wPSQCGFB76JeRRw BRMHOGmH+bdveG6yfjzqHdV51Eoti5ucecNEzSMQpMQTHYliODrARbnhrA4UrXQU/Cfp KFa9nmndvMtnfwXt4+0Azuchr5QPr+XubnVjec3b6QYhCClDH6PVCk8cjLV5J3XmxyhL YGoz6piNL0C8IOPDRt0mqmBVkFo3CwW8sTKoLc0LKqHCnnxHNb/hTOXQPN725t8dJTnp OJNBZMwWFaCXhWLmhK7DXg7DJey+JWslmfDrZs6tIFWpAlQaUs+P1yDBW8RGPqCbTRRV so3A==
X-Gm-Message-State: ALoCoQnioPqk49qRF2FsHZWRbW77a6fknRoaN4CN/HUPlZ9yq8X7bY1j9bI9e1y+aHkEm/whZJgOSScwezwnYy0gXa7rI8zGQkya7mZl5AE8pClSkaw8dIWdD3e7v0GdfdMSM7ZP5UVDk8EeEjhmhFbgaGpsWtAExBCvr+LI61xRlKbWat5wTLJywxkoPOlSh8nFQoWVJjV8
X-Received: by 10.58.45.100 with SMTP id l4mr264516vem.48.1394024863107; Wed, 05 Mar 2014 05:07:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.52.104.37 with HTTP; Wed, 5 Mar 2014 05:07:22 -0800 (PST)
In-Reply-To: <20140304195610.7AF1F1AC3B@ld9781.wdf.sap.corp>
References: <CAL9PXLy4KM_bqS3biRqOMsZ7j+mA6uu75GqJVmBF9wC98_3aQA@mail.gmail.com> <20140304195610.7AF1F1AC3B@ld9781.wdf.sap.corp>
From: Adam Langley <agl@google.com>
Date: Wed, 5 Mar 2014 08:07:22 -0500
Message-ID: <CAL9PXLzuj0FPeLb79VcAHSSsQzfNsK_U_nzh-jRpuqYV-P5Ktw@mail.gmail.com>
To: "mrex@sap.com" <mrex@sap.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/SrZ5Cl6HoJ87qkg2PNiaRmifjRk
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] MITM Attacks on Client Authentication after Resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 13:07:49 -0000

On Tue, Mar 4, 2014 at 2:56 PM, Martin Rex <mrex@sap.com> wrote:
> A while ago I noticed that it was possible to resume a TLS session
> originally established with https://www.google.com/ when proposing
> that session for resumption to https://docs.google.com/ (not using
> any TLS extension here, neither SNI or TLS session tickets).

Yes, both of these services are terminated by the same frontend
machines and they shared a session cache.

Completely unrelated to this matter, you should find that's no longer
the case. Sessions for www.google.com should no longer be resumable
for docs.google.com.


Cheers

AGL