Re: [TLS] Another IRINA bug in TLS

Santiago Zanella-Beguelin <santiago@microsoft.com> Thu, 21 May 2015 13:42 UTC

Return-Path: <santiago@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26FA11AC3E8 for <tls@ietfa.amsl.com>; Thu, 21 May 2015 06:42:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VRAvjSSkqyFU for <tls@ietfa.amsl.com>; Thu, 21 May 2015 06:42:13 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0121.outbound.protection.outlook.com [65.55.169.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2700C1B29A3 for <tls@ietf.org>; Thu, 21 May 2015 06:42:13 -0700 (PDT)
Received: from CH1PR03CA006.namprd03.prod.outlook.com (10.255.156.151) by CY1PR0301MB0697.namprd03.prod.outlook.com (10.160.159.139) with Microsoft SMTP Server (TLS) id 15.1.166.22; Thu, 21 May 2015 13:42:10 +0000
Received: from BN1BFFO11FD050.protection.gbl (10.255.156.132) by CH1PR03CA006.outlook.office365.com (10.255.156.151) with Microsoft SMTP Server (TLS) id 15.1.154.19 via Frontend Transport; Thu, 21 May 2015 13:42:10 +0000
Authentication-Results: spf=pass (sender IP is 206.191.250.196) smtp.mailfrom=microsoft.com; redhat.com; dkim=none (message not signed) header.d=none;
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 206.191.250.196 as permitted sender) receiver=protection.outlook.com; client-ip=206.191.250.196; helo=064-smtp-out.microsoft.com;
Received: from 064-smtp-out.microsoft.com (206.191.250.196) by BN1BFFO11FD050.mail.protection.outlook.com (10.58.145.5) with Microsoft SMTP Server (TLS) id 15.1.172.14 via Frontend Transport; Thu, 21 May 2015 13:42:08 +0000
Received: from DB4PR30MB032.064d.mgd.msft.net (141.251.50.216) by DB4PR30MB032.064d.mgd.msft.net (141.251.50.216) with Microsoft SMTP Server (TLS) id 15.1.112.16; Thu, 21 May 2015 13:42:07 +0000
Received: from DB4PR30MB032.064d.mgd.msft.net ([141.251.50.216]) by DB4PR30MB032.064d.mgd.msft.net ([141.251.50.216]) with mapi id 15.01.0112.000; Thu, 21 May 2015 13:42:07 +0000
From: Santiago Zanella-Beguelin <santiago@microsoft.com>
To: Aaron Zauner <azet@azet.org>
Thread-Topic: [TLS] Another IRINA bug in TLS
Thread-Index: AQHQkwYvDdHZ+lmQNUW54l67jurcrZ2E9gcAgAD9fwCAAB8/AIAAAj6AgAAyIwCAAAGZgIAAAX4AgAACGWGAAAP8AIAAAqUAgAAJjSKAABE/AIAAAhIs
Date: Thu, 21 May 2015 13:42:07 +0000
Message-ID: <1432215726134.67809@microsoft.com>
References: <CACsn0ckaML0M_Foq9FXs5LA2dRb1jz+JDX7DUej_ZbuSkUB=tQ@mail.gmail.com> , <1432134170.2926.9.camel@redhat.com> <9A043F3CF02CD34C8E74AC1594475C73AB027EED@uxcn10-tdc05.UoA.auckland.ac.nz> <555D90F6.10103@redhat.com> <1432195799.3243.18.camel@redhat.com> <555DBCE6.7080308@redhat.com> <1432206909.3243.45.camel@redhat.com> ,<555DBF7E.9050807@redhat.com> <1432207863352.27057@microsoft.com> <555DC498.2000109@redhat.com>,<1432209104.3243.65.camel@redhat.com> <1432211226723.39265@microsoft.com>,<555DDD4A.4040206@azet.org>
In-Reply-To: <555DDD4A.4040206@azet.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [92.151.241.88]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD050; 1:mfDWaAd7xJtJfZ6kedzFee3zb+DnROuy/9Y9AxNZeEr/P3RspQmIR6lvPsCcdnnovdG9AYp42Z7WxjWqh+g7Jj38cZvFo2vNJ5Eq1+0Hdpup+VEbropJPfxe/w9U8SlgFiMsOte+a0Kvy4PQDcUij7+iTxmOXEGWB+KGv9dMs1xaqaLyz8d7UW/Ihw2nJVWJXChBY92+sbjWdvmAYPpVDCwB8ewH8iMCiL9Nekl98O60EO7N92yw013up8F05X3Omi/VH61Bd7AVXy79DyTNC7Hr1IQwrp1I3rftTzdWHnd8Q7woa2urn0kleacBktYf
X-Forefront-Antispam-Report: CIP:206.191.250.196; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(377454003)(164054003)(51704005)(57704003)(189002)(24454002)(199003)(62966003)(77156002)(46102003)(189998001)(4001540100001)(36756003)(68736005)(97736004)(16796002)(47776003)(81156007)(66066001)(5001830100001)(86612001)(64706001)(86146001)(50986999)(19580395003)(19580405001)(69596002)(117636001)(5001920100001)(2656002)(50466002)(86362001)(2950100001)(5001960100002)(106466001)(92566002)(2900100001)(5001860100001)(110136002)(6806004)(106116001)(87936001)(76176999)(93886004)(54356999)(102836002)(23756003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB0697; H:064-smtp-out.microsoft.com; FPR:; SPF:Pass; PTR:ErrorRetry; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB0697; 2:NQ/pphafGhARWFM2kKrxesOsvHLrz1UpW+K9taHGTmhVRHxI4dHQ5URHKmfN7aKc; 2:I7CMrznzz7824e7LUDhuaqzOPNq7TgtLNywNkjHltTkq8qtFV3Zatz/fyFBpdNJLwTikKhu/nM3iYg9e9H/ttkURpSykmHyfCjnGtvVayf0XMzT0Q3HJJwwOQmKZdcvc+aVpYanpQQPgLvfdVdkXT5iKaROBu+L7AIE0D7X6FntSLVamjDV/19T9oBziRBgGmeT8bfKRNGmVebEZR8iCrresi2jZUFY/ngmXC7fU8svWzq+var/fWZXpPdiu9NJB; 6:66SzqIpnqlEzuQ8NGZXH9WOJcZBnYCz46YgCj6g6wQXBmG8iaeaNxsPKNGsrGZNMGRmqJLmOYQkSTtci0plTSn1KgF36oiFa5uzQ20jXgD7M/u3pT21QjpYO/YShml5/jjolgbthUYfl0bTSyUQH/WtYLnMtsusjMJD/GqoP3dlrl+HVQ6iNYMbZUaPcgf1YanaaCbJ3hl0lOtHzPwWf9Wocq2oDqd3PE5VNHe/CC0zn57E1mzvezbiCUp3TxBBtFGIiBNLu04F2LoWbKlPm2bsPubcQ08bAQnZLqUiaPhgVGQsmJwADSw33DRkxdV1BGDzWsIo7+tVO4i9XNZ7wQY4JYgR5RyK/cwMi3E9edG6ndrGrF1sOnbvFx83lkjKV6lboEXxhO1yM5M3sF2RV9oqb0wo4q1xMC3uP5ppLdtLJvsr5wpxGJAN/zmGlxokzxPAYijz1NQgK3BNXLgzfjtz5fXrkF210js/PpWqE+uqdxcb8ysbMqJqyVUzhV6Yj
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0301MB0697;
X-Microsoft-Antispam-PRVS: <CY1PR0301MB0697CD16E16D5636A26CBABDC9C10@CY1PR0301MB0697.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:CY1PR0301MB0697; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB0697;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB0697; 3:ok2c+ykftOJFALaC8dqVWHgfUxY8m8AZonFtdKGme0wc9bS8T+2wgzq+vvlzsCV1Z4imvAhLPJzGsyJyl5WQH1wQMOo4s+uISPRIrPdDyehkeodeqhBG4xglF5WRtIHHAmM3YopKs9CwOQJbE5ZZ2JKQxDR1QzbQvYIik3DQB6mPPLsspsqAzy8SwCE1vjeXtCx8ynEuS8/AKVqWFkvqlWQLH28obZMShC44Qwt8CdIE+ZtzIlSfWTBA49ObIPvxDvAEPg7QL+VInVH9ipZr4NNj1xyuytgQ9/+yTDE/vhouEDuV5G7GQopk7vZ4C7fF
X-Forefront-PRVS: 0583A86C08
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB0697; 9:3E4USLo3l76Z4BnWi48uFJYPrfrwQtTJdceTC5myELelgLNIVFrcHYv80T1Y7XtKaTNvQkLP6P60Tfg1EqgNyvkpsCV92yaRnNUTMtj1D9hcrVo44WE4JIycoBLADqq/Ech/867iBtLIBrH+mWJQiubUQAzxhlpMpKuzH19iq1iN3kqwMEHAgfzvM0E18NjQy2reXHO9Mjssiyl3hDFICHVDb45rrnFikLAVhC68VpFr+WOcTyQ0wtD9rcyJMit7cieuquwbj7jYsp1YIXRuqwlrQRpEgGPgz8ajyYX5As1+YC4cUwnnOHUlMkq2nFqLzobF9ndXWOecflhOHLsg8pLDbzjCZWVna7/+Zu/UxwAoDpvm6HFDLjhNeEUUUtBOmG40FC3LGjKGkjMQj72RKXhchx+39JZhWQffwNhWa834EJ1ZDoqfaTU/lPrw4ipKLIu1VwlWN9oOxliDG17XVzFApzg04AMc/vvsHg46g/3nafc34sMayok/YhhXczsRxHLZiWzh/Vlw1/UcJoqpM846eRId7M8zSRW14aa30YtxtTOz9kscfNQ5zEZdzswoaPEKAx1QC8DGuoTj5upN3oy7QfbwMR/wWGNXejD8DsKjvOM7Zk1eKS+xPrEsdLVJ76T5fEelYxlNCMXArCo69XYJrWQyB8YcREBaYJvzPYMEgv4DyTKVCNbo0os47t4Hd8h0JmEzhEfVwqvQKkWEG6MmZz3a5cdl8DSPZGLROE25qa/JNNkFd3+NdXxjZlv5uia5d8jyyFfCXmf3QL8jCRmxMJ4saFN4pET9+fygD8UjBa76Orep2QnTX5H+kJEjzvQlO77OIwS4GK4U1VkFVZuLbM9ISEKvoYBQngp9dQdkuaXa6JTTXOhviQsvHkdVE886jdYN3ot3XDqM6OuxyfcAka+LtZOIZtFnyMgAuzUf7dUOX/CCjE6v8N9fObibl7Gn3TRw5EIC6Us74zaTrwA8ZABSH4hUnJqGGNU1cV4a6BHn/hWNZwPi/VpYcCHAwNtZGzz2V0CddRsbQ5BPSQAXL5wNktabc+URF6FbADMuuQcEVEWwaF3V5Y+upyG64LSLcl4kQZwrwTNqNWoowiZB2QpE3/8UqOQJ2cQKqsfr9p7KW7cL7pC8/6pF2+K6dZF31NGrO4w9WrzAgSdwQ82vVbek0qb8UnKPzbaHuZJm+dNO/IpeL5DPqO5rwPcLaqS8M2tp4MIbsqEK9lsJBFdwz6FZOzuB6jRpYgSb7T0M0BZHeW/rswvOLgHmunwA
X-Microsoft-Exchange-Diagnostics: 1; CY1PR0301MB0697; 3:mOzw9RQxc/cDPQpIy+ua8ogLpLJ3u2eIO1JCLMsTmyV1KriCRaDx72SmqKt9oEFWER21JBqThubkXzn1g4GUCq5PozeGzN2pUXbgWJkeNSHbVu+pb4oecY5CoUEaBBOmOLY7jXzXZOuBDY5e/RCT+w==; 10:idySUB8UoAMkfgi0BoSFL6TCmNLCPmyfVgOgDmXf6EkMfLCbF9+iKx8M35kvkA6/Z3xMPR/QoCw45DOLA/kjpRq2w3GO8XCdzy2jywzEIoY=; 6:Z+bEdcP/ApQadCQBDgd76cxRysZuU0xE6T499WUV8yPgFt8UUkZzI4hfKNHuNLi/
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2015 13:42:08.3003 (UTC)
X-MS-Exchange-CrossTenant-Id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47; Ip=[206.191.250.196]; Helo=[064-smtp-out.microsoft.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0301MB0697
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/bXnB9YgnIDHyhqDNH8ghpLF6ypE>
Cc: Florian Weimer <fweimer@redhat.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Another IRINA bug in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 13:42:15 -0000

Non-safe primes can be generated using OpenSSL dhparam with the -dsaparam flag, e.g. openssl dhparam -dsaparam 2048

They are still very common. In a recent full IPv4 scan on port 443, we found 1.7M hosts using non-safe primes against 8.42M using safe primes.

By far, the most common non-safe prime appears to come from hosts using Amazon EC2; around 321K hosts authenticating with browser-trusted certificates use it.

________________________________________
From: Aaron Zauner <azet@azet.org>
Sent: Thursday, May 21, 2015 2:27 PM
To: Santiago Zanella-Beguelin
Cc: Nikos Mavrogiannopoulos; Florian Weimer; tls@ietf.org
Subject: Re: [TLS] Another IRINA bug in TLS

Hi,

Santiago Zanella-Beguelin wrote:
>> Well, you assume that the so-called "safe primes" are universally
>> used, which is not really the case. Expecting all servers sending
>> these parameters wouldn't really work.
>
> Yes, non-safe primes should be first deprecated.
>

I'm curious: what are instances where unsafe primes are still used,
generated and distributed for use in TLS? Hence where do we need to
deprecate?

Thanks,
Aaron