Re: [TLS] Another IRINA bug in TLS

Santiago Zanella-Beguelin <santiago@microsoft.com> Sun, 24 May 2015 12:27 UTC

Return-Path: <santiago@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AB331A8ABD for <tls@ietfa.amsl.com>; Sun, 24 May 2015 05:27:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1unS26dcDcPN for <tls@ietfa.amsl.com>; Sun, 24 May 2015 05:27:09 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0147.outbound.protection.outlook.com [65.55.169.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D00BC1A8ABC for <tls@ietf.org>; Sun, 24 May 2015 05:27:08 -0700 (PDT)
Received: from BY2PR03CA009.namprd03.prod.outlook.com (10.255.93.26) by BY2PR0301MB0744.namprd03.prod.outlook.com (10.160.63.22) with Microsoft SMTP Server (TLS) id 15.1.166.22; Sun, 24 May 2015 12:27:04 +0000
Received: from BY2FFO11FD040.protection.gbl (10.255.93.4) by BY2PR03CA009.outlook.office365.com (10.255.93.26) with Microsoft SMTP Server (TLS) id 15.1.172.22 via Frontend Transport; Sun, 24 May 2015 12:27:04 +0000
Authentication-Results: spf=pass (sender IP is 206.191.250.196) smtp.mailfrom=microsoft.com; ietf.org; dkim=none (message not signed) header.d=none;
Received-SPF: Pass (protection.outlook.com: domain of microsoft.com designates 206.191.250.196 as permitted sender) receiver=protection.outlook.com; client-ip=206.191.250.196; helo=064-smtp-out.microsoft.com;
Received: from 064-smtp-out.microsoft.com (206.191.250.196) by BY2FFO11FD040.mail.protection.outlook.com (10.1.14.225) with Microsoft SMTP Server (TLS) id 15.1.172.14 via Frontend Transport; Sun, 24 May 2015 12:27:02 +0000
Received: from DB4PR30MB032.064d.mgd.msft.net (141.251.50.216) by DB4PR30MB030.064d.mgd.msft.net (141.251.50.210) with Microsoft SMTP Server (TLS) id 15.1.112.16; Sun, 24 May 2015 12:27:01 +0000
Received: from DB4PR30MB032.064d.mgd.msft.net ([141.251.50.216]) by DB4PR30MB032.064d.mgd.msft.net ([141.251.50.216]) with mapi id 15.01.0112.000; Sun, 24 May 2015 12:27:00 +0000
From: Santiago Zanella-Beguelin <santiago@microsoft.com>
To: Tanja Lange <tanja@hyperelliptic.org>
Thread-Topic: [TLS] Another IRINA bug in TLS
Thread-Index: AQHQkwYvDdHZ+lmQNUW54l67jurcrZ2E9gcAgAD9fwCAAB8/AIAAAj6AgAAyIwCAAAGZgIAAAX4AgAACGWGAAAP8AIAAAqUAgAAvugSAAch4gIAAUHiSgAJlpoCAABBL7A==
Date: Sun, 24 May 2015 12:27:00 +0000
Message-ID: <1432470419547.99826@microsoft.com>
References: <9A043F3CF02CD34C8E74AC1594475C73AB027EED@uxcn10-tdc05.UoA.auckland.ac.nz> <555D90F6.10103@redhat.com> <1432195799.3243.18.camel@redhat.com> <555DBCE6.7080308@redhat.com> <1432206909.3243.45.camel@redhat.com> <555DBF7E.9050807@redhat.com> <1432207863352.27057@microsoft.com> <555DC498.2000109@redhat.com> <1432209104.3243.65.camel@redhat.com> <1432337750554.95436@microsoft.com>,<20150524112039.GU20757@cph.win.tue.nl>
In-Reply-To: <20150524112039.GU20757@cph.win.tue.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [109.216.4.228]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BY2FFO11FD040; 1:YMTCBprXY0iJaQ2GRiVT5XAVaGX9sScKPmnvHzuxXxWDHdgd+ADSm36BeUCS+uZPcRe2nu0OnkC05tFnH7eM26XlZqkE8Ks13NzVPtcTWe7TH0Y/woBCkBxJe4MmilQ2oe54ZVCTBE34xmwHgvQLJ0CgjzIka9DSRjYpg+tvrURC4d5ucDwYUyJELzXXedEiBbZwYzgoiHHmjadp3lxA++egIfb3P6F8XSH/u7xnTyv3r4s1LV2cAs8Ho3abnbIXjjwBhNMFgrMuSZ4ZQLpVz8Gwyj7/YByVCIwet72rDsQIvbeX9zkTij0Tuuejx+CD
X-Forefront-Antispam-Report: CIP:206.191.250.196; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(438002)(199003)(51704005)(377454003)(189002)(77156002)(102836002)(87936001)(110136002)(5001860100001)(50986999)(5001830100001)(50466002)(62966003)(86146001)(47776003)(15975445007)(6806004)(106466001)(106116001)(69596002)(2950100001)(66066001)(19580395003)(54356999)(86612001)(36756003)(46102003)(16796002)(92566002)(86362001)(68736005)(97736004)(76176999)(93886004)(5001960100002)(64706001)(117636001)(19580405001)(2900100001)(189998001)(81156007)(2656002)(23756003)(4001540100001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR0301MB0744; H:064-smtp-out.microsoft.com; FPR:; SPF:Pass; PTR:ErrorRetry; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0301MB0744; 2:18pySzqGDu0R3KYb7Pjyn8bKNPiRB19sFqFJh5HR9YjMgroLnQVjZHTgojL4Fp3d; 2:fmooUxkzGTwV2yWeb8tnwTnB7cT+q6S9Bvz3Expv8r2V0SZORkx/Ilob0tprVivq57l2aN6FAqOaX0vi8fuAmnLsFHxg449S9h1M0tzOjZ+PEoHiwLG8nZOfY5GHT6a5uEKp8cc05xQtGvgUjbVtT/Oq+m0zowvJFllRRmP9sQQd0dyPmP1pQVSGBJCly2YV5x+HxHQlvoK5fXzxpE3TUKaW9RsRt26fydakXhLrcv5xnFrsoPgTWu4kwMUWYzGq; 6:GVPtmMMqHjsZPBRIMY6UnK3CjteQJsC2q4z6LUnUCPMx8D8KctWSUbx6EjExubTUKrSwxjy/yPpP2kWa92At4gUprO28F+dLdve1vz/i+BrXOTR/6q1M+rmijG2Ea6ouiDJHC0f69030Cwejz5IRMWQSrd76mbLwkOqujjEwaJVoFpa91dM6kP7tptRRGV49eIlZhCtHh7gkkeeMaWFZoA5xqst9YW/0LNzE6zoXWQkHYVyT/+do/ReY8v4EbJnQu2nr6qsT+H/JLqwNcn2qMSkSa7wUcSLm798mCLtMIqvQ7eV7yxYcmcoxXqucGg9OD9zxTAnB+YP57n1ifLihFTV/gHYyh23Hu/WtTlJrzbeDSb2fU1WOchUSdl82yeqe/NyeybhaIhz4X/jKIsaxGR6GaLCEc0qAdFAjildvhtFWqcClss5OvBago6cARjyt0EDq5f4q+Igcbt4Vvk7m7uKPM5urJlfHl8o72gfxGKPcXrq2q6eIJZJGAtGsyQ4L
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR0301MB0744;
X-Microsoft-Antispam-PRVS: <BY2PR0301MB0744BC8BF0494B1A0B08FF1DC9CE0@BY2PR0301MB0744.namprd03.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(520002)(3002001); SRVR:BY2PR0301MB0744; BCL:0; PCL:0; RULEID:; SRVR:BY2PR0301MB0744;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0301MB0744; 3:h+/F2quPEA0lyAwGDNF01J5wIh7QNgoaoF2BBK5tKKepPd+epT8bcKvRqNHnd1llSuRzrBsbzxTQtfVVy8M9EzegTFzuCyKYsjhPs7gSzhgB8AjYrKq8US1huffvwoonDHWNJp2pmr9JCF574Nx+6ha0KybnDRQrB4khizIeCfcYCn/wVbYGEGWbX4T3KmWnL1qtwRRDwOIZpW4ndOJPUhQKcegOcqj8DXPwWFHPvYGAtiY5o2k/G+3y68W4Y2B4xXIa2dy4rbFKIw6IbOm/96CLvn9xK0nYBRQ0R94wzMTcZfWnpdu74/NSkJ7coQ03XejqZs8JNBDnhSE+aWAm1w==
X-Forefront-PRVS: 058637CA05
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0301MB0744; 9:TVnO5NsrGnWMWwXDuLyV7aGYr6zYU0nl+VwW92Sb+zV/CodvVuoNHRr1FHWsOuhOkA4cXhVGdnzm/aFjuQJEsdq8YNl3UmT90EM6976cmDAwiSpCqhf8GGNqyDgorlESEj4wzTQDAto4P+1xLzh3J6uVC3raCa0ZhkRWrFyr8eSX+gtMgPNOraZvO53aWm+7vxCJJ/PhTK9QBxt4qwb3S7ir+C7XFxwClvNjO29blfHJBWeSBJL3kJYBI9iwUnNybMYvszy+IFhUTB4Hx5O3OPLW38AARI5XmTGEnpCxBkfU6aLDiqnv4KMz5Pmbx/1DtJSuU3NQrKvJv1BC5Q19PU+X07bhtaswK1QcaonEPrwASCP8idYEqAV+c61ByMy9GpxjIznT2bY+CuSV4HuiikT39xl0C79/0FzGMwIh0I/ctTDvXT3CopduFGWEvTPhdxz2m3/LEwQvd0No9qTFWI5Die53/QDWLGkVTeuOqon9M2iDIrRVIx04sQkhU84aWIxq8gZpsMkbNYi0OpfSbQDjAAB4+UG2bpw2GHofQu4KLFar9iFZe8MOfVJPWL7D5XzE8k21OT2xk7yW1QNlAJvaAu/9a7K2AAuCqXCDaXlsfx/WNQGA++qn3crGTsLBH1h8oz6GhGKPgGK7WZXfS4cudqM6ewVstzL5bLN41VhpNu2hLV+5ArHQBVRV8RuZgZ1UULJgv6Qmnx/lfaU8K7DjD1WDJxKVYp5FrNTMgfQkj65Fm5Ynmx8JN2WiOSxZbGbQLW5SV5J0peg37rZkTtQueYmS4fFNSlRGIwQQ8fMrKQvrkX7ZBJ0utL/x6gfnqudnEMcKsOYiPxgIh3/TDV6SdJknwWjJlid9DIgC8ym3Lks5vb4UPYR4tRny0aTkTU+s7AqBQlOiw9wIDeJ0ybFTgGJARqXZjBeKz3c8P82YoahE/+ZRbT3Dkh7KyjkIPQLmsP7kLMNWnPZ64/1OzSiMiHumTGG52xviHt/ObcPm18x34CL81jCEN0U7iuKMSglbzCHW5qZ/MAgM4DNVVyz8dta7QPIRkYRNroFjaoPzFPmcKPYt6X2eSMKKRZOL1lWHLnqAQhdtm+zNcrKRzw3MCLS/FixmV08ylVLzR1EllVkbx38c9DoxwpnYsWNBUf4tk10gS3KFs43/4Jn/sZvnDVWY+2tN2D6jv69bD9w=
X-Microsoft-Exchange-Diagnostics: 1; BY2PR0301MB0744; 3:ugonG0rEv0tFfK/EEue62RZZ+dTktGm6ytTqaYPWAW+2+gQqRfActfpVbh7clQV3isT8WyNiyMJih5SI84tXTqKZ7fTWGgOlKQe0iWBYm2B0oQubvF+brAWt3cUXb8BZXdLVxEUue60HdlMAR6cO9Q==; 10:q9uxchLq79y6R1fKvuKcWxIYhTYMB0XoWkfVHcquMFQWHS58v1bAJ3/M+r4g6v4ZM0hWnY6qtOSnHkcuFP+M89kJw2Lxf1LpGMc1Ii0O1FA=; 6:7ArrDVCzTPNf8ZOzjANgcQZWzgkrp9UstsOzMZJPjU78dXN9tQP69LdnAl5MAOpm
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 May 2015 12:27:02.5912 (UTC)
X-MS-Exchange-CrossTenant-Id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=72f988bf-86f1-41af-91ab-2d7cd011db47; Ip=[206.191.250.196]; Helo=[064-smtp-out.microsoft.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR0301MB0744
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/iJWQ-oOSs3iUW7g0wVHejR_C274>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Another IRINA bug in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 May 2015 12:27:13 -0000

Hi Tanja,

miTLS-0.8.1 (http://www.mitls.org/downloads/miTLS-0.8.1.tgz) comes with a table (data/dh/dhparams-db.bin) with just one entry for the 2432-bit group used by default. In case you wonder, that group comes from an early version of the negotiated-ff-dhe draft and uses a safe prime.

We have a larger table that includes several common DSA parameters. We got the q values from many sources, including RFCs and factorization with GMP-ECM and CADO-NFS. Our plan is to include that table and utilities to maintain it in the next release of miTLS, but I'm also working on making it available independently.

________________________________________
From: Tanja Lange <tanja@hyperelliptic.org>
Sent: Sunday, May 24, 2015 12:20 PM
To: Santiago Zanella-Beguelin
Cc: Kurt Roeckx; Florian Weimer; tls@ietf.org
Subject: Re: [TLS] Another IRINA bug in TLS

Hi,
> > When is it non-safe but trusted?
>
> When it is in the table of trusted parameters, and hence we know the subgroup order
> (the prime q in DSA terminology). Just to avoid misunderstandings, we clarified
> the formal meaning of "non-safe" earlier in this thread.
>
Do you have an easy pointer to the table? I've poked around a bit in
the online interface but couldn't get to it. Where did you get the
DSA parameters from? RFC 5114?

Thanks
        Tanja