IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd

Bodo Moeller <bmoeller@acm.org> Thu, 28 November 2013 09:09 UTC

Return-Path: <SRS0=uCA0=VF=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4E831AD6D1 for <tls@ietfa.amsl.com>; Thu, 28 Nov 2013 01:09:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.93
X-Spam-Level:
X-Spam-Status: No, score=-0.93 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LkbX_iVSOHTm for <tls@ietfa.amsl.com>; Thu, 28 Nov 2013 01:09:35 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.9]) by ietfa.amsl.com (Postfix) with ESMTP id 38AD51AC49D for <tls@ietf.org>; Thu, 28 Nov 2013 01:09:35 -0800 (PST)
Received: from mail-oa0-f43.google.com (mail-oa0-f43.google.com [209.85.219.43]) by mrelayeu.kundenserver.de (node=mrbap4) with ESMTP (Nemesis) id 0Lzrgx-1VYCJq2rD9-0154Ol; Thu, 28 Nov 2013 10:09:34 +0100
Received: by mail-oa0-f43.google.com with SMTP id i7so8903798oag.30 for <tls@ietf.org>; Thu, 28 Nov 2013 01:09:32 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=/ShS4T3DlbFjjwFUeHCnTjNKth1TCV6+b9JqIKGjouc=; b=jf3iuWwmKSb7Q8eEYn7qAqJqQ6zUx8GPS43XnFLhO2/+Xrx1OJ5NYDQ9rPSMvzOo56 e7uT1RDtx/nmF5sebRtWPmO4scl3lgOuY9cWpLLY5EqBG/I2Lgjkd6IxrJfyvWn/EtyM Q0RkNYpCagOZwERgu0Qy16oBsTJR3TuMQ+n3PfLF8W9FXAB8yUpxooVIp7zsq41wIpOY 3JXs2k59fDoyXNWVPbUdmmuU/FtJPD1PqgE1anKm4ecSxAXcYYbfcYZQLdnKj0A/WGHc GpKLdXJfT652D5qvIUeew8rE+t3wmn6M6RI1cf4cXkNEAKFaKCZQeUn8w6cTjLvXKJB2 Wwjw==
MIME-Version: 1.0
X-Received: by 10.182.16.33 with SMTP id c1mr7015363obd.4.1385629772382; Thu, 28 Nov 2013 01:09:32 -0800 (PST)
Received: by 10.60.137.194 with HTTP; Thu, 28 Nov 2013 01:09:32 -0800 (PST)
In-Reply-To: <5296F9A5.9050807@edelweb.fr>
References: <3065D910-832C-47B6-9E0B-2F8DCD2657D2@cisco.com> <9CD5611C-2742-435D-8832-9F85448591BA@qut.edu.au> <CADMpkcJ3wO_GMsSH33B8fQKnnr=nAUdU58bwSkks4ERF9ccAJw@mail.gmail.com> <CADMpkc+YAhDNwTk-6XsnUAscPnb7byStTE09e86L-gYhqn6L9Q@mail.gmail.com> <5296F9A5.9050807@edelweb.fr>
Date: Thu, 28 Nov 2013 10:09:32 +0100
Message-ID: <CADMpkcLCm=ONtzu9Wf1tXMr9jeKSeyGEfBXrwU4dO8qzmc+TQg@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="f46d04479f935f8b8f04ec3912c4"
X-Provags-ID: V02:K0:lplPP3Uwpyp5G8Ex6SpSapU59TGpuPcuuyq/frrCPa+ 58n4g3lhlHnvlj5LWD/3KlNFaHlxzS1x/31PNU4fM/MXj+y5Rt +kH/PsTjslIoNqlpcY4ccfMl/WR5Q7shW/AJ0azmkrGIlTrl5P f2rGwQdZhprnyzTWIFUjinCiXdk5kYioVN7o25xCDxXvnlvt67 Sd+nADlamLoPd6i2rUEnjFy420h+M6R9qjb133+ke640KDLB9c 6n0toOSWQaqnE/exzWq77ZKYWG/e1HpIWRodUQE045ZMjacUym UMJvtJNGiG858lJHhfbWHRWxav8XZg07viIl3IGXvRiiNYyXE8 7AKcwAk8sYWw0QPhmqjpgnUJdDTUY4s81yfwGLbeOsgyWT/qCr MjA9egTetEM8W9xRQeovqBdHwix4tE1qMkDkQAsRX9XSNAHe7G lDXF4
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2013 09:16:04 -0000

Peter Sylvester <peter.sylvester@edelweb.fr>:

The server's ability to send arbitrary values for negotiation does not mean
> that the client blindly accepts them.


> In the SRP code of OpenSSL for example, by default, the client accepts
> only a few groups, the one's from the RFC
>

That works, of course.  The TLS-SRP RFC says that "Because of the
difficulty of checking for [trapdoor] primes in real time, clients SHOULD
only accept group parameters that come from a trusted source, such as those
listed in Appendix A, or parameters configured locally by a trusted
administrator."  (Language added as of draft-ietf-tls-srp-09, after I'd
presented the attack idea.)

draft-ietf-tls-pwd-02 does not appear to have a similar provision.  If
there are no standardized primes that you can rely on for interoperability,
there's the danger that implementations might do what the specification
appears to suggest, which is to do the same checks they'd be doing to
validate parameters for a DH key exchange.  (This is useful as a sanity
check to prevent certain types of severely broken implementations from
getting deployed, but it is not sufficient to protect against malicious
parties.)

Bodo

v2.23.0 | Report a Bug | By Email