Re: [TLS] MITM Attacks on Client Authentication after Resumption

Adam Langley <agl@google.com> Mon, 03 March 2014 22:07 UTC

Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D60E51A0148 for <tls@ietfa.amsl.com>; Mon, 3 Mar 2014 14:07:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.926
X-Spam-Level:
X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aleCWYM1npOJ for <tls@ietfa.amsl.com>; Mon, 3 Mar 2014 14:07:30 -0800 (PST)
Received: from mail-ve0-x231.google.com (mail-ve0-x231.google.com [IPv6:2607:f8b0:400c:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 620C31A0136 for <tls@ietf.org>; Mon, 3 Mar 2014 14:07:30 -0800 (PST)
Received: by mail-ve0-f177.google.com with SMTP id sa20so4271813veb.36 for <tls@ietf.org>; Mon, 03 Mar 2014 14:07:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Wcd2U05+p0nq5KRhUsgFyNeTTnxIsGuitobltWjdzzk=; b=hxsoWH1GGIMHNUFC7mNx82enjdFtsunBTpse3dCJX2lJK0cAPHMD4qzhz5eNQ/0I8H i2vrpa6rSuPXfUiDOVLAkumkyNT7vRASk1RNFgNs3B6LqobBqkyKSp7wpZ2VqhHCoWtn nIQ+BsROS3ojby0p9w4/MbG4IU1RIkjMPQgAPdYjTS/OipOTxLuzBcjvWJVGLtttqfCA zmR6YSxbZRcw/0OmrhaL2z2zNMFKGOFbb/O8+2Hgfa4/MWmiMIpjEhj/UB87osBJyS7z esesank7qc4bjfNeW42xZdd0OVXy1voT6EnpNgkJm7xV52ebQlOwKoVXOvJWCC9qb5SA 2nZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Wcd2U05+p0nq5KRhUsgFyNeTTnxIsGuitobltWjdzzk=; b=BohgjmY1fkvIwlf557cbujxiqjV0zgY9UQdCJrnPHkAiCDG6e7pxQJxsCu+iz04c5V +5yi24+mGHLsIu+ZALSIqBvD1tG6tjaQOF4OT9KBX/RosSPm4rD6UpLlyqwvq4NV20Ci eY677VF/MJIkXdAxqE23J9EAqXkN10KFd9QzABDOwkCXW6o0LH+OkSgmTBue5bcOtYq5 4T0JuBT2zk5OzugoHwZ0r2zqIxLpNH+bRhUgGEnXJjTTSZYIlycXFxI5pwV1aKSIXdgO JeeW25aUe4wToKB4X7/1DsAtt+Bvajb2tAkWsJwTKo9zTDwp7HHdlUMCEO/l67/oqqQG s+Iw==
X-Gm-Message-State: ALoCoQkhzKU+Gz2J3y1E7THkzvcJNYwNyfYuzb6ZDXxBzj73dTj4dnJ3ux/MN2ScMUqwbfftgLtxA+eXKCHfn+PsPahQQVOKR4FN3pBQ6VDRU9/9PdxjEUvqm3P0SapMXjRqL90tVUMJV6Q5iizandlRuY5pJN47OVl8Qcl7AsxmYd3DpQ8mTD0EswypX5N0+LaBj0kxrcWN
X-Received: by 10.52.30.230 with SMTP id v6mr1179134vdh.6.1393884446997; Mon, 03 Mar 2014 14:07:26 -0800 (PST)
MIME-Version: 1.0
Received: by 10.52.104.37 with HTTP; Mon, 3 Mar 2014 14:07:05 -0800 (PST)
In-Reply-To: <b38d76f917ce46ca8d673928d35eb76d@BL2PR03MB419.namprd03.prod.outlook.com>
References: <BB2FE60E-A7CA-4EA7-BFC8-AB794EC6FF00@inria.fr> <CF3A5B04.184EE%kenny.paterson@rhul.ac.uk> <E3602DA5-B23A-444D-BBF7-CFE949953C92@inria.fr> <b38d76f917ce46ca8d673928d35eb76d@BL2PR03MB419.namprd03.prod.outlook.com>
From: Adam Langley <agl@google.com>
Date: Mon, 3 Mar 2014 17:07:05 -0500
Message-ID: <CAL9PXLyrU1gSwpUywB7X1WS5wj9eEVT6CL9B8zsNtdcDViBLRg@mail.gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/mC-_VFLOqFuNKw3q18b4lUD4QTk
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] MITM Attacks on Client Authentication after Resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Mar 2014 22:07:33 -0000

On Mon, Mar 3, 2014 at 4:07 PM, Andrei Popov <Andrei.Popov@microsoft.com> wrote:
> It appears that the attack described is only feasible when two
> implementation defects are present:

That's not an unreasonable characterisation of the renegotiation-based
attacks, but the problem with tls-unique is more fundamental.


Cheers

AGL