Re: [TLS] Sending Custom DHE Parameters in TLS 1.3

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 12 October 2020 23:42 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F03973A0D02 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2020 16:42:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kiJ3d879RcfO for <tls@ietfa.amsl.com>; Mon, 12 Oct 2020 16:42:14 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [180.189.28.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 493013A0CFA for <tls@ietf.org>; Mon, 12 Oct 2020 16:42:13 -0700 (PDT)
Received: from AUS01-SY3-obe.outbound.protection.outlook.com (mail-sy3aus01lp2059.outbound.protection.outlook.com [104.47.117.59]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-83-mDqtyl7yPFewghWVqBGB_Q-1; Tue, 13 Oct 2020 10:42:10 +1100
X-MC-Unique: mDqtyl7yPFewghWVqBGB_Q-1
Received: from PS2P216CA0095.KORP216.PROD.OUTLOOK.COM (2603:1096:300:2c::33) by ME2PR01MB5297.ausprd01.prod.outlook.com (2603:10c6:220:54::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.22; Mon, 12 Oct 2020 23:42:07 +0000
Received: from PU1APC01FT053.eop-APC01.prod.protection.outlook.com (2603:1096:300:2c:cafe::6) by PS2P216CA0095.outlook.office365.com (2603:1096:300:2c::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.21 via Frontend Transport; Mon, 12 Oct 2020 23:42:06 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.208) smtp.mailfrom=cs.auckland.ac.nz; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.auckland.ac.nz
Received: from uxcn13-ogg-e.UoA.auckland.ac.nz (130.216.95.208) by PU1APC01FT053.mail.protection.outlook.com (10.152.253.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3455.23 via Frontend Transport; Mon, 12 Oct 2020 23:42:05 +0000
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-e.UoA.auckland.ac.nz (10.6.2.8) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 13 Oct 2020 12:42:00 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.006; Tue, 13 Oct 2020 12:42:00 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, Michael D'Errico <mike-list@pobox.com>
CC: TLS List <tls@ietf.org>
Thread-Topic: [TLS] Sending Custom DHE Parameters in TLS 1.3
Thread-Index: AQHWoLX3OjsE/emnlECFuRHL7D1JAamTXvQAgAFBt10=
Date: Mon, 12 Oct 2020 23:41:59 +0000
Message-ID: <1602546120817.36559@cs.auckland.ac.nz>
References: <8f57527d-efba-4d03-a3e5-f0ee33463d56@www.fastmail.com>, <20201012172852.GA2560734@LK-Perkele-VII>
In-Reply-To: <20201012172852.GA2560734@LK-Perkele-VII>
Accept-Language: en-NZ, en-GB, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 071eee43-893b-412f-2a65-08d86f086d9b
X-MS-TrafficTypeDiagnostic: ME2PR01MB5297:
X-Microsoft-Antispam-PRVS: <ME2PR01MB52974011BA54AA0E83C1808CEE070@ME2PR01MB5297.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6108
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: ycM0Xt+JDCflNHu2swqWDIfc/ChexQbCXTpAhJT24I7Lln0dsrmMhMJN3+BoPoJv5hFFKc2reUHYlYNZab2aXgZ/psyx0tw0n35nsbxOMGLDuZHKTykLtvKgQZ+6+eY0WBGJVc7Gkoq263ldQ1qiV7lrXslcaPgBZQgqfVq9X48E/uE9yjCEj/V/g5Wa+5+hvEqQfLmJ9VYAfQ9I++ExXsO26Bzbsn9HMwSSXVCaDkzskPShc8E7jWVCLIcp95LKTOO/NWgHhpKdFb4KuXESjv+I70pDkonuA+XymfPPXG5L5GVFnOCBsjnX7D1OiV0VOHVUzn9uCIy2NhL2jyLdg5TCxmN5ITDsG5RTfw8Vs7nM3YCjuGnClJ+5SiFCQtHW++UV/fAfbdFYB0q8BYPuGg==
X-Forefront-Antispam-Report: CIP:130.216.95.208; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-ogg-e.UoA.auckland.ac.nz; PTR:natgate1-1.auckland.ac.nz; CAT:NONE; SFS:(4636009)(396003)(376002)(136003)(346002)(39860400002)(46966005)(26005)(47076004)(478600001)(86362001)(82310400003)(2906002)(5660300002)(110136005)(7636003)(186003)(70586007)(70206006)(2616005)(8676002)(36906005)(82740400003)(786003)(316002)(8936002)(336012)(4326008)(4744005)(356005); DIR:OUT; SFP:1101
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2020 23:42:05.8334 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 071eee43-893b-412f-2a65-08d86f086d9b
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.208]; Helo=[uxcn13-ogg-e.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: PU1APC01FT053.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME2PR01MB5297
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kTr4G_TalIskPRnEDBfKtXYaqVs>
Subject: Re: [TLS] Sending Custom DHE Parameters in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2020 23:42:16 -0000

Ilari Liusvaara <ilariliusvaara@welho.com> writes:

>The Diffie-Hellman support in TLS 1.2 is severly broken. There is no way to
>use it safely on client side. This has lead to e.g., all the web browers to
>remove support for it.

It's actually pretty simple, don't use toy key sizes.  Many implementations
were never vulnerable to Logjam et al because they applied the simple measure
of... not using toy key sizes.

>There is no way to ensure that the parameters sent are not totally broken,
>e.g.:

This requires that the server that you're connecting to is malicious.  If
you're connecting to a malicious server then you've got bigger things to worry
about then what they set g to.

>This has lead to e.g., all the web browers to remove support for it.

Because throwing out the baby with the bathwater and jumping on the next shiny
thing that comes along every time someone points out a problem seems to be a
requirement for crypto protocol implementers.

Peter.