IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd

Bodo Moeller <bmoeller@acm.org> Wed, 27 November 2013 22:31 UTC

Return-Path: <SRS0=e3ap=VE=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E291B1AE184 for <tls@ietfa.amsl.com>; Wed, 27 Nov 2013 14:31:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.93
X-Spam-Level:
X-Spam-Status: No, score=-0.93 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WEVfU2NOaru0 for <tls@ietfa.amsl.com>; Wed, 27 Nov 2013 14:31:41 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by ietfa.amsl.com (Postfix) with ESMTP id 98C031ADFD2 for <tls@ietf.org>; Wed, 27 Nov 2013 14:31:41 -0800 (PST)
Received: from mail-ob0-f176.google.com (mail-ob0-f176.google.com [209.85.214.176]) by mrelayeu.kundenserver.de (node=mreu0) with ESMTP (Nemesis) id 0MHtl3-1VnBkf0etR-003dY1; Wed, 27 Nov 2013 23:31:40 +0100
Received: by mail-ob0-f176.google.com with SMTP id va2so7963400obc.21 for <tls@ietf.org>; Wed, 27 Nov 2013 14:31:38 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=heVHkk23M6IZ7AHxjLRK+6xpQ0WYpHdKhbVN10p29dY=; b=CiXPfH/H8IB6Bexm30PFMKTnbQUIGG7QKa7sPtR78U6NvdETtxCXWCmEI/lN88vW8x ATcTC7wGo4cTzTjnAShfw3P1Bv769tViiHSHdzBwnowkPkxq86Bj6uMyKeLm6gftTmf7 Xu2ZYcSbzODILND2zdjcLRHhW2hxEzkao6IBslVVbbX6A8l6/ZA1QOTGflShHmx7hWxN LuWIHTij0E8zFVcPaMkUKVA47RWNRgUK+HZ+fgbVV4WZaJZgRoIfP4Dqe2nyepXlZKo7 6ynkRFNeP6O2oBgz/Mq8lb6cmMcFoGhVOvS3gQ4wvH3ws6u5Qgl5YgDLDBOyG9YLH/n+ VI3w==
MIME-Version: 1.0
X-Received: by 10.182.28.134 with SMTP id b6mr36313019obh.27.1385591498908; Wed, 27 Nov 2013 14:31:38 -0800 (PST)
Received: by 10.60.137.194 with HTTP; Wed, 27 Nov 2013 14:31:38 -0800 (PST)
In-Reply-To: <e2d8d4a17842e828a3325665a2e5e348.squirrel@www.trepanning.net>
References: <3065D910-832C-47B6-9E0B-2F8DCD2657D2@cisco.com> <9CD5611C-2742-435D-8832-9F85448591BA@qut.edu.au> <CADMpkcJ3wO_GMsSH33B8fQKnnr=nAUdU58bwSkks4ERF9ccAJw@mail.gmail.com> <CADMpkc+YAhDNwTk-6XsnUAscPnb7byStTE09e86L-gYhqn6L9Q@mail.gmail.com> <e2d8d4a17842e828a3325665a2e5e348.squirrel@www.trepanning.net>
Date: Wed, 27 Nov 2013 23:31:38 +0100
Message-ID: <CADMpkc+ArvpCA5rpqhSGH8WmV3AsPMsL6ZMf0r2-UeHR=jOjug@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c2903c18b7a904ec30294d"
X-Provags-ID: V02:K0:MWI7KlNjbvgoLj9Lef6CacxshzZC9BHDvYXsZEi3NVz CdnOSPMrPg6JjrRxZvj0dAQ6ZhGplHoew5JBpdMTw5pz/l6iA9 xk0WXe2J0M+1HdgfY71nW7FtUY0V9nawBg0XGBFjyRawvXpjT7 knO9DdBcwdQtbzPQ1ICsu2A+hJnlVvJ6WyrjM7MJuaiQL6TS2C eVazvRu0/fgWU2U3QDuDfhQA/Dctf4/ccpOucKy1lvUsbRzQzM sKixa8OCG6SDkb0c8M5bUWG59LoNfGpYhYYiPWQC4b6RMftMbC pgL/rC4A3VJUS7LOf1IypzYAhRtIzvB4ql0XiXwLHeR6pz9el3 kIGKXj9iO6Tj0OA3Q2EgxxppImmb+J1FPHatZACL2ZoDUH3H53 kGOElJsXaXn1cSOmy6f1+1oA6kqJ8iErmEOda/Rzv21OqG3srn Accl7
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2013 22:31:43 -0000

Dan Harkins:


>   That said, the issue you bring up remains since it is also possible to
> just send the complete domain parameter set. But this is how TLS handles
> discrete logarithm-style cryptographic parameter negotiation. So this
> issue applies to every TLS cipher suite that provides for some kind of
> exchange using discrete logarithm cryptography, including all of the
> ones with DH in the key exchange-- i.e. DHE, ECDH, ECDHE, etc. This
> "full flexibility" issue sounds more like something for TLSv1.3  than for
> TLS-pwd.
>

While parameter negotiation does look like that for TLS DHE ciphersuites,
that's actually a very different issue, because there these groups are used
differently: either parameters are authenticated (signed by the server's
public key from the server cert) or the server is entirely anonymous.  This
is very different from relying on initially unauthenticated parameters for
a password-authenticated key exchange, where the security issues that I
described come up.

Bodo

v2.23.0 | Report a Bug | By Email