IETF Logo Mail Archive

Re: [TLS] PSK in 1.3?

Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 21 October 2014 16:02 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3C161A88D1 for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 09:02:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uAipbxvyDpw5 for <tls@ietfa.amsl.com>; Tue, 21 Oct 2014 09:02:55 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5833E1A88D0 for <tls@ietf.org>; Tue, 21 Oct 2014 09:02:55 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id A651F2AB24B; Tue, 21 Oct 2014 16:02:47 +0000 (UTC)
Date: Tue, 21 Oct 2014 16:02:47 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20141021160247.GP19158@mournblade.imrryr.org>
References: <9A043F3CF02CD34C8E74AC1594475C739B9D3EAE@uxcn10-5.UoA.auckland.ac.nz> <96b88d73f776e16e3f5487643fb59a31.squirrel@www.trepanning.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <96b88d73f776e16e3f5487643fb59a31.squirrel@www.trepanning.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/nICPJkt9ONJS6SDGUyZ5D1r2L20
Subject: Re: [TLS] PSK in 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 16:02:57 -0000

On Mon, Oct 20, 2014 at 01:34:38PM -0700, Dan Harkins wrote:

> The ciphersuites are _completely oblivious_
> to the type and quality of the credential they use. You can't claim the
> _protocol_ is resistent to dictionary attack if the protocol can be used
> in a manner that makes it susceptible to dictionary attack.

No protocol is resistant to dictionary attack under the above
definition.

In TLS with DHE or ECDHE key agreement, the client's private exponent
may be drawn from the set "eeny, meeny, miny, moe" (suitably
encoded).  The server's secret may be drawn from "Chico, Harpo,
Groucho, Gummo, Zeppo".  Dictionary attack away!

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email