IETF Logo Mail Archive

Re: [TLS] [EXT] Re: Deprecating Static DH certificates in the obsolete key exchange document

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Sun, 21 April 2024 21:27 UTC

Return-Path: <prvs=6841278fae=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A162C14F5F5 for <tls@ietfa.amsl.com>; Sun, 21 Apr 2024 14:27:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.196
X-Spam-Level:
X-Spam-Status: No, score=-4.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id COWSSVonyUWm for <tls@ietfa.amsl.com>; Sun, 21 Apr 2024 14:27:00 -0700 (PDT)
Received: from MX2.LL.MIT.EDU (mx2.ll.mit.edu [129.55.12.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B5CAC14F5EB for <tls@ietf.org>; Sun, 21 Apr 2024 14:26:59 -0700 (PDT)
Received: from LLEX2019-2.mitll.ad.local (llex2019-2.llan.ll.mit.edu [172.25.4.124]) by MX2.LL.MIT.EDU (8.17.1.19/8.17.1.19) with ESMTPS id 43LLPVYt229361 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <tls@ietf.org>; Sun, 21 Apr 2024 17:25:31 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=D0fOwF68ZKNVlUJ4AHi5x9vu4c86kDdpGXoZ/iP50EageQNCsfzJf/u8I45X1IjRRqqJxH59JWzzvDaqaMCG3XlfQKz0+WJ99cabVUcbcX2hZLR9GCc2SWZQVHTr3ZTVxb+E6KZ8C96VMKrCQ/uJruvhHptsaRj2EnsXAIvy3LE52TREOAujgBltuuCjSrgaGNH1NqwFHaXnE6RY2JchEaPtHGLGsxypO8cNZ9n9b8MEfaQpzjBB+ZYc1mmUluvLJRvJYXydPfkm6pcg+4cKI5cbYxq/DHiewxuxlX6Km/uhVOXjTMfd8CKd+eFG1tJe3pqCFJ2BA1BiKUXOzXjvbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8ze5NLEJz0i8JQIwAC93gj+yIpd3/lr5nZlHQTEyhbs=; b=BKgMS/md69RU2zJ3D32Hf0jxmIaj5cbln9CiGSn4gsgBn6fU5y3ZKsJa1PTZ7je1mo5BmSWaTcZ3wUojYsC0SDC9ZahTTjN9962+46qtgtJppSXtwtkC/UUBRcKZb/MZJmp0dFuk44CQpSsEQe50kT81L+n7HxtNyNYdYPCuWHKymMkS7u75cSBkTlyAuYZE6UhQZ7OxVf7/EHUcByE9pq+X4kn0Bn3z18hFe2lTCxZjPvvMerOCSiHG8kEzammt8dYuB4q+gFprbKJEaXZmTB82L9BMGzqdSYBwLoh4uaEbQRVoEBL+H05LfvBzWWgQF8xsvsFl2giMLti2GcrypA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [EXT] Re: [TLS] Deprecating Static DH certificates in the obsolete key exchange document
Thread-Index: AQHaktkl35TMW6xv4kSC51njaTcVQ7FzB8IAgAA2Ci0=
Date: Sun, 21 Apr 2024 21:26:56 +0000
Message-ID: <BN0P110MB1419089AB59181ADDD061DB59013A@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM>
References: <CAOgPGoBBq-SBb4N1b0VCyUxMytbgRCoGWOQug-XJAKSYh6Ezag@mail.gmail.com> <CAOp4FwTOOqaM9=qbGY3ggZ=zJ0M9QBK+ZSA4jvrRx45QuY5Yrw@mail.gmail.com> <ME0P300MB0713FAEDDEB374F45F8B41C8EE0C2@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <ZiVVzrToTdpoPjJ7@chardros.imrryr.org>
In-Reply-To: <ZiVVzrToTdpoPjJ7@chardros.imrryr.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|BN0P110MB1127:EE_
x-ms-office365-filtering-correlation-id: 8a522b3c-d0c6-495d-3429-08dc6249c55b
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8qrF/oHj8XDjwWdIm2hX911SSrjloC8uhkJh3URQokaTIS839nKs+llG4K+bdzgM69q4quoIpW0slRT11W2HDqjwhWdCX3xfo7A3tu7fW/ahasLF9lo28K+mYXMIhCSt5t/PHO8QteDHOc3bqFDORMH5ps64Enn4Fvy+vWM6KsCdAz8pXXOKmHeuf8A7tKHvKbcYAW/1AHAhtQstvsn034ajn5DRJwIK/jJIUMwS3wJYua9LkU8gxV+LafbWq02ZSNePI3qR2rMtELxQmjT1OImtE1AApTUGXYoiCNZua4YV8jO1YSoJPYKFPMB0+vHi3t1nOBXmkKY+kK3DO22GHVNHKN6I7jBHkQgGbVhWpHBncBx8A5/5QB4gUJlx0FyhDJjMRh2GvPJYNNDY6fEJZ4qjx0g06dipb4PHMp0/B8ptmvPiRa8Ee30s1MRnnLWerxkZbF9/ramXAC9/iWq3nsyE4YDuuDLF8C/V++WP4LbclP8NS+eR4xhmiAl/hs2XEFiqNjc2M3oppUQgYYNbCDSiUP9PqaYOrueYx83jfqJX9/qhnvMAbsB3ha8oKe63R6j04uXpqMcU/JM7dQ0UxvfIWeHz+XCTkGRNiixFmBIfZUEckGQvWi+r5gG7d55a3lbMFfR3dvi3p4n1Lgu3YQcLQMR2i6i1zk0u8V4ZUxZWEcIbgzy4BXfFI7zc9z4c33K0IxIOPYmFtQ3HHk2ql1P/JdNXeOJ+jQlAaVUuIsBSW3/EVOrv0psFxlaRulgXzY8uokc9070R4/RQby5KB9BzvwhafRD0PvEd3Fo8VVjyT8xVEjS88W6c68g5ZnDJaOOFWDiM16D3XQUr4SJIiZw5MQ8dhPdKUMybVN0FV8jZ0YCjLRcnyqafb6mvNXjOFg6bMP6dwpOSuRJKz2FCFaweKPVi05nsKJhywCW03IjzIh30V74wBhXlAt4NpqlMJNPcmZe+GeFFPWM7cPkFkjtfsCbSqG9UMERV0WjA+n2iiHFpXBDbGLG7ZmDBf2sp3Rjv+G9Kii/8CsaqfVgh5rkACFmiIutheE3lKOEsidN2GeBy9RPro7ZYc/MnDkobv8XrKZMUJTeJjE0pV+zleVxOSp8x2TlkoIdPo3VnYv8faco/95X3lPcNtijUz4hCGW17vpwSyeye0Yez6YnM0/joiuelS0yeiKvtexDOSCqxKUvEOo6gq21pQU7rjRqc2Ehr7mcp18dK3K4HY8/hvytv70Wgh31bx9hNtNjhCbhawLTr/F1jV3xE9KURtNnoA9jPq2GMoy1LLE3/Q3FWZw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(366007)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Vd5A3jFqZbprEJWEyc6KplNkEykIGqUNQWwtCbl6MV22qjUNSr6MFpGH0MRmLfP6SIOUpCjnI2AQD23S7TftO3I/RpDK9W7W27qgnbCkQyIOP5kLsi3YkAZ26vR//uEKRfiMQFhAhy3YCn6ahxHZyrzhMENEbNsTyJ97XkkuUuKOnvo6o0DZZv44OVKzCh4RG91P8oIZLikhOfcZNDtyY9JK9H7rS7xElwRuNHyK8KHPsN0qrDgit3WVWRpdEoShuUx1DZO3R4I7uxQ2oOWNbLAxMPS6kB0E46WE1jvElwPp+TdYoIWMmqsTR+GQ06ulzbqRXjkaHJERuW/snftUWeX0Z4A7x3lwqQ0spBCwhvA7J5A5NYioBhPuVZS6W5eN40rC/lLEyiEtWfGl4gQKDx9NNEIyqVMXk+yuXnmJukwzN89qMkIK7rayHkgDMIvOc74U87kjs6PhXyMzaGprNUSiBW6t9zTSPVYGZbrhUYViXZm21Vhw9Py86+nLz9uprwAj/l9nHHMRxOdRoQV97fMYtbRcLLuJ3zaQvfdsmuHm40TWAaYHYQX81SnD1VJ57pyjykVFmntRv6h5mkD/YPigF5806uTJ8suVr9XF5eU/6G9LIZQOcoAVmj6uyW06FgdEPPH7QXgLHQKHQ4dpAbjoaUlQWZ8BGIKg+Fc84xnJ/uRXlJlpgSkn6h5Ck+te8IdQIuoeJF+ur8vE4WbkC48rDnm8SRjRO1rgCUY6t6Sxbtm2Y5PUS/PQoy6utg3svozd43/TUlrZ0HKU/f4Bi0HWhuY/PfR2ShFUobqcWQZZD4LqIrGVlZmT9rQxSgL9va7ApTNtTCKWlldMcSuifJHCTr9BrEQovG6bTHn8OwMijNkcBK0HTqgpt2MXPRFrjmhZB5PIH56obItI1upxEYRlOCfZbk+7bmCpvydC59F/W8rI628iGN/WexXs66uXs+Y9xZggULZTJmIXx9LAyQaylB8cE1R4XTXzYJ09txS54PAAp8Xi1P5Uh0xPeKT1HGd2pZ98+ZktH0pV/+VleJyHtQm/NuGemNIRSvU1QkLz7jgXUGClsdjZC2r+dRyU1t63XIfpC03oAMEcnFWsHuLY/5SgCcJaexdtbWY7pJCHWuWFtpg4YOdfeRg7yjqZa3euoqMfH5FnmlNscYYuSq20mmHa80klfjmIbA4lJvTjDOZPpquWS82cOb70TXhk8gGuTrYAKcnJ4xdYNli1XYCR4wzAgu9+cbxCPuJKDpWkf6hSuROQzhzNgHeRH1ySP2hrXSCi/uL4ml6naIoDVMmS8FR7G9UhOzZKpQd5BlVwp5W2Lf0ZnXU1i1JnambkE2zpP4UMds+BMq3XgMrlKduP/jPCnE045bxtOD+zzP2SE1HvD9YnS4xjbXLXpdpMlPACPfGlYuP304pa23XVM7mum8NYPsLtCgsdBmnj8ol2Yx2zwe081nXROlG5FKuuTe88uG9dreaiGReorxzwOvjqCHUHK97rY+4p1B9YTVpN9sStTVNj1m5LyVYPAJrv
Content-Type: multipart/alternative; boundary="_000_BN0P110MB1419089AB59181ADDD061DB59013ABN0P110MB1419NAMP_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 8a522b3c-d0c6-495d-3429-08dc6249c55b
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Apr 2024 21:26:56.2369 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1127
X-Proofpoint-GUID: VRcCBYNElI2H69SNWji6EaPXn0BXt9te
X-Proofpoint-ORIG-GUID: VRcCBYNElI2H69SNWji6EaPXn0BXt9te
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-21_20,2024-04-19_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxlogscore=999 spamscore=0 phishscore=0 bulkscore=0 malwarescore=0 suspectscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2404010000 definitions=main-2404210131
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Uu18n_33jGCjK6aBuRsz2vbDvCI>
Subject: Re: [TLS] [EXT] Re: Deprecating Static DH certificates in the obsolete key exchange document
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Apr 2024 21:27:05 -0000

I see two possibilities:


  1.  Nobody in the real world employs static DH anymore – in which case this draft is useless/pointless; or
  2.  On private networks people employ static DH to implicitly authenticate their peers (a-lá MQV) – in which case this draft is harmful.

Overall, I’m amazed by drafts like this one. Is nothing constructive remains out there to spend time and efforts on?
--
V/R,
Uri

There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare


From: TLS <tls-bounces@ietf.org> on behalf of Viktor Dukhovni <ietf-dane@dukhovni.org>
Date: Sunday, April 21, 2024 at 14:07
To: tls@ietf.org <tls@ietf.org>
Subject: [EXT] Re: [TLS] Deprecating Static DH certificates in the obsolete key exchange document
!-------------------------------------------------------------------|
  This Message Is From an External Sender
  This message came from outside the Laboratory.
|-------------------------------------------------------------------!

On Sat, Apr 20, 2024 at 04:12:48AM +0000, Peter Gutmann wrote:

> I realise that absence of evidence != evidence of absence, but in response to
> my previous request for anyone who has such a thing to comment on it, and even
> better to send me a sample so I can see one, no-one has mentioned, or
> produced, even one example of "a legitimate CA-issued [static-epmeheral DH
> certificate] rather than something someone ran up in their basement for fun".
>
> So is the draft busy deprecating unicorns and jackalopes?  Nothing against
> that, but it's probably worth adding a note that such certificates are
> currently not known to exist so you probably don't have to worry about it too
> much.

Can't say I've seen any static DH certificates in the wild, but
I have seen code to support these, and perhaps the point is to
bless deprecating/disabling/removing such code?

In any case, this feels like cosmetic cleanup, rather than an
effort to migrate a significant population of existing users
to better practice.

--
    Viktor.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email