Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
Bodo Moeller <bmoeller@acm.org> Thu, 28 November 2013 09:09 UTC
Return-Path: <SRS0=uCA0=VF=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4E831AD6D1 for <tls@ietfa.amsl.com>; Thu, 28 Nov 2013 01:09:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.93
X-Spam-Level:
X-Spam-Status: No, score=-0.93 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LkbX_iVSOHTm for <tls@ietfa.amsl.com>; Thu, 28 Nov 2013 01:09:35 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.9]) by ietfa.amsl.com (Postfix) with ESMTP id 38AD51AC49D for <tls@ietf.org>; Thu, 28 Nov 2013 01:09:35 -0800 (PST)
Received: from mail-oa0-f43.google.com (mail-oa0-f43.google.com [209.85.219.43]) by mrelayeu.kundenserver.de (node=mrbap4) with ESMTP (Nemesis) id 0Lzrgx-1VYCJq2rD9-0154Ol; Thu, 28 Nov 2013 10:09:34 +0100
Received: by mail-oa0-f43.google.com with SMTP id i7so8903798oag.30 for <tls@ietf.org>; Thu, 28 Nov 2013 01:09:32 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=/ShS4T3DlbFjjwFUeHCnTjNKth1TCV6+b9JqIKGjouc=; b=jf3iuWwmKSb7Q8eEYn7qAqJqQ6zUx8GPS43XnFLhO2/+Xrx1OJ5NYDQ9rPSMvzOo56 e7uT1RDtx/nmF5sebRtWPmO4scl3lgOuY9cWpLLY5EqBG/I2Lgjkd6IxrJfyvWn/EtyM Q0RkNYpCagOZwERgu0Qy16oBsTJR3TuMQ+n3PfLF8W9FXAB8yUpxooVIp7zsq41wIpOY 3JXs2k59fDoyXNWVPbUdmmuU/FtJPD1PqgE1anKm4ecSxAXcYYbfcYZQLdnKj0A/WGHc GpKLdXJfT652D5qvIUeew8rE+t3wmn6M6RI1cf4cXkNEAKFaKCZQeUn8w6cTjLvXKJB2 Wwjw==
MIME-Version: 1.0
X-Received: by 10.182.16.33 with SMTP id c1mr7015363obd.4.1385629772382; Thu, 28 Nov 2013 01:09:32 -0800 (PST)
Received: by 10.60.137.194 with HTTP; Thu, 28 Nov 2013 01:09:32 -0800 (PST)
In-Reply-To: <5296F9A5.9050807@edelweb.fr>
References: <3065D910-832C-47B6-9E0B-2F8DCD2657D2@cisco.com> <9CD5611C-2742-435D-8832-9F85448591BA@qut.edu.au> <CADMpkcJ3wO_GMsSH33B8fQKnnr=nAUdU58bwSkks4ERF9ccAJw@mail.gmail.com> <CADMpkc+YAhDNwTk-6XsnUAscPnb7byStTE09e86L-gYhqn6L9Q@mail.gmail.com> <5296F9A5.9050807@edelweb.fr>
Date: Thu, 28 Nov 2013 10:09:32 +0100
Message-ID: <CADMpkcLCm=ONtzu9Wf1tXMr9jeKSeyGEfBXrwU4dO8qzmc+TQg@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="f46d04479f935f8b8f04ec3912c4"
X-Provags-ID: V02:K0:lplPP3Uwpyp5G8Ex6SpSapU59TGpuPcuuyq/frrCPa+ 58n4g3lhlHnvlj5LWD/3KlNFaHlxzS1x/31PNU4fM/MXj+y5Rt +kH/PsTjslIoNqlpcY4ccfMl/WR5Q7shW/AJ0azmkrGIlTrl5P f2rGwQdZhprnyzTWIFUjinCiXdk5kYioVN7o25xCDxXvnlvt67 Sd+nADlamLoPd6i2rUEnjFy420h+M6R9qjb133+ke640KDLB9c 6n0toOSWQaqnE/exzWq77ZKYWG/e1HpIWRodUQE045ZMjacUym UMJvtJNGiG858lJHhfbWHRWxav8XZg07viIl3IGXvRiiNYyXE8 7AKcwAk8sYWw0QPhmqjpgnUJdDTUY4s81yfwGLbeOsgyWT/qCr MjA9egTetEM8W9xRQeovqBdHwix4tE1qMkDkQAsRX9XSNAHe7G lDXF4
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2013 09:16:04 -0000
Peter Sylvester <peter.sylvester@edelweb.fr>: The server's ability to send arbitrary values for negotiation does not mean > that the client blindly accepts them. > In the SRP code of OpenSSL for example, by default, the client accepts > only a few groups, the one's from the RFC > That works, of course. The TLS-SRP RFC says that "Because of the difficulty of checking for [trapdoor] primes in real time, clients SHOULD only accept group parameters that come from a trusted source, such as those listed in Appendix A, or parameters configured locally by a trusted administrator." (Language added as of draft-ietf-tls-srp-09, after I'd presented the attack idea.) draft-ietf-tls-pwd-02 does not appear to have a similar provision. If there are no standardized primes that you can rely on for interoperability, there's the danger that implementations might do what the specification appears to suggest, which is to do the same checks they'd be doing to validate parameters for a DH key exchange. (This is useful as a sanity check to prevent certain types of severely broken implementations from getting deployed, but it is not sufficient to protect against malicious parties.) Bodo
- Re: [TLS] Working Group Last Call for draft-ietf-… Douglas Stebila
- [TLS] Working Group Last Call for draft-ietf-tls-… Joseph Salowey (jsalowey)
- Re: [TLS] Working Group Last Call for draft-ietf-… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Love Hörnquist Åstrand
- Re: [TLS] Working Group Last Call for draft-ietf-… Love Hörnquist Åstrand
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Love Hörnquist Åstrand
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… oscar.koeroo
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Peter Sylvester
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Rene Struik
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Robert Ransom
- Re: [TLS] Working Group Last Call for draft-ietf-… Robert Ransom
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… CodesInChaos
- Re: [TLS] Working Group Last Call for draft-ietf-… Rene Struik
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Mohamad Badra
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Mohamad Badra
- Re: [TLS] Working Group Last Call for draft-ietf-… Eric Rescorla
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
- Re: [TLS] Working Group Last Call for draft-ietf-… Robert Ransom
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Mohamad Badra
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… SeongHan Shin
- Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… CodesInChaos
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Joseph Birr-Pixton
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… Manuel Pégourié-Gonnard
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Trevor Perrin
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins
- Re: [TLS] Working Group Last Call for draft-ietf-… Ralf Skyper Kaiser
- Re: [TLS] Working Group Last Call for draft-ietf-… Dan Harkins