[TLS] Using Warning Alerts to Accommodate Offline Attacks?

Jeffrey Walton <noloader@gmail.com> Thu, 21 May 2015 18:51 UTC

Return-Path: <noloader@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9A191A87C2 for <tls@ietfa.amsl.com>; Thu, 21 May 2015 11:51:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YJKw4xwcm-lN for <tls@ietfa.amsl.com>; Thu, 21 May 2015 11:51:35 -0700 (PDT)
Received: from mail-ig0-x22a.google.com (mail-ig0-x22a.google.com [IPv6:2607:f8b0:4001:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47A111A87B8 for <tls@ietf.org>; Thu, 21 May 2015 11:51:35 -0700 (PDT)
Received: by igbpi8 with SMTP id pi8so18119029igb.0 for <tls@ietf.org>; Thu, 21 May 2015 11:51:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:date:message-id:subject:from:to:content-type; bh=MWeILi++/Glej8UN4mjNnr1z413S1yC/uvAmeqmHHmM=; b=eA6hiQx1a/Wfaqw8siC8UZizicCXWHpJNR7ozbvyCmByFNXPx6Nys5n7SN6beT3HUu a0FgF1UpZdEfju/wCaBRF5KgXYN2zkcTlDc+HE83NbSRRxmmRSlAmQuadXssXyeytL5E C8YD1SPge5Wzp2K+qT9KPxGEyhDD7x/UnOA8rNik43uM3ibcay29S1Fa3GpI/2UFy2vj KsqyvLBEtQbizIqvywig/iWpBWc3X/avCFuLpAZ/4L5HHYpKXaAACoqMXKTr9AOKuQCl f0JXD7oyXIV2HSTCSwI1DW2U6HucVGMaGqC3gLP8z/Xw7M+AUVjQeT5CydkQt3W0/zWW P3bw==
MIME-Version: 1.0
X-Received: by 10.107.157.130 with SMTP id g124mr5435536ioe.11.1432234294695; Thu, 21 May 2015 11:51:34 -0700 (PDT)
Received: by 10.36.77.15 with HTTP; Thu, 21 May 2015 11:51:34 -0700 (PDT)
Date: Thu, 21 May 2015 14:51:34 -0400
Message-ID: <CAH8yC8=ET3_cebR4rF366-Rd7gwhcewFTV9b9j3vCQOVA81KUQ@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/VnCVKv5nwpCBLo1hrnlFlgLXc7M>
Subject: [TLS] Using Warning Alerts to Accommodate Offline Attacks?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: noloader@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 18:51:36 -0000

The logjam paper is available at
https://weakdh.org/imperfect-forward-secrecy.pdf.

Note that the authors were successful in exploiting some user agents
because they could send an alert warning to reset the handshake timer.
The timer reset accommodated the offline portion of the attack. Cf.,
page 5.

Is this desired behavior? Or is it a security bug?

Jeff