Re: [TLS] [EXTERNAL] Explicit curve parameters in Server Key Exchange messages

Andrei Popov <Andrei.Popov@microsoft.com> Fri, 17 January 2020 18:13 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37BE6120025 for <tls@ietfa.amsl.com>; Fri, 17 Jan 2020 10:13:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0t3DWFjzP1mN for <tls@ietfa.amsl.com>; Fri, 17 Jan 2020 10:13:16 -0800 (PST)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640104.outbound.protection.outlook.com [40.107.64.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2349512007C for <tls@ietf.org>; Fri, 17 Jan 2020 10:13:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=euWUY/PpJAxZ3cwmFcCPbxv8EuI73okhgDw2VArekudg5+zGUyQf3WhhUqia2GoZKsaJ7fK8lYQZOC5jbFB2usk8zVLaiVVWQ1GZ1AakXAgWYA6xLb3/C96gwBzWVOcc72I1Ywj5HcsMKo63YpZVZsrXxrgnFcSJeVh29VqRPR41EbgO5gTj4uA25Yz+F1uaRuPQIER8YdXexjf6yZlkuMXsL92DdeJ3KrPws3I3TECIRIbH4vuGHoWEQ19jt5kddYT2jTp/vyNTAFkp4zKtJ/a9aebYTXoeXo6iu9ke19GPnudz0OA9omLX3BPU0aI1kl7klMMD5VsmEtMB/t1ODQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0qBgdqFbJtXp3bd1X2crgo/RyRycXm0S+EmLDtheeTg=; b=ArPXz2FNVOpO6tStD5j80MIdaRNX9x1p2ntcMmQrdD4suQfmlm/itrhnOj6KslhRSzvQLJMMUnWI6odpAgGIBEGAHd47AkkxjkC+4ZygORajsu0Q/Vf6x16Ws6GrsxvyvnZzoT2JehG4SmM5UVvp4jjs8Clf3f1OoA14qx8gDUcUkp4tBjOKphTYP+tHkZySkCykrS6kJZfbwE8PCp6t35dGrkX9ONNZoi/63R6QeEIFMRiqREpjQCYWPBO9B0vO5pZRsenutr9/ZRdwhjHcfio/O1p+MlOoc6vJOQWYGwRzGOGOTfr2lKMvQCOZ7SaHmeHx+hmOsIzcd4J1q8Un/Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0qBgdqFbJtXp3bd1X2crgo/RyRycXm0S+EmLDtheeTg=; b=PR+2zr7PeA2wzxTMAoC9d4Zt98ITM8+JVq9WcadhIJnqZKGjf9XipCIff1XaZCZ4Oa2MjzXTotfKGFAM4AM/DvijjOwHuBBGaG0b7kW4c4xx4y4MVZYjwA3PxS2dt7NrA4vTaNgLjug7cv+KbI4iuodwxBbXg6swG5QOItLtCIE=
Received: from MN2PR00MB0462.namprd00.prod.outlook.com (20.178.240.144) by MN2PR00MB0605.namprd00.prod.outlook.com (20.178.255.224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2687.0; Fri, 17 Jan 2020 18:13:13 +0000
Received: from MN2PR00MB0462.namprd00.prod.outlook.com ([fe80::5db4:6362:de71:612b]) by MN2PR00MB0462.namprd00.prod.outlook.com ([fe80::5db4:6362:de71:612b%3]) with mapi id 15.20.2687.000; Fri, 17 Jan 2020 18:13:13 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Juraj Somorovsky <juraj.somorovsky=40rub.de@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
CC: Robert Merget <Robert.Merget@ruhr-uni-bochum.de>, Nimrod Aviram <nimrod.aviram@gmail.com>
Thread-Topic: [EXTERNAL] [TLS] Explicit curve parameters in Server Key Exchange messages
Thread-Index: AQHVzVhqTKFfpAF8VE2LAYrLVO9Bu6fvJ/Yw
Date: Fri, 17 Jan 2020 18:13:12 +0000
Message-ID: <MN2PR00MB04622D06F4015EF7F69457D58C310@MN2PR00MB0462.namprd00.prod.outlook.com>
References: <ffa0ed39-529c-6e89-90e3-99f601153dfc@rub.de>
In-Reply-To: <ffa0ed39-529c-6e89-90e3-99f601153dfc@rub.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=cdba4786-5f00-43a5-9a86-0000edd0369c; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-01-17T18:09:58Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-originating-ip: [2001:4898:80e8:a:18a9:a023:971b:e42c]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 066fb8ae-bb20-4b82-504a-08d79b78ea99
x-ms-traffictypediagnostic: MN2PR00MB0605:
x-microsoft-antispam-prvs: <MN2PR00MB06054FA036DF17909F6DA66E8C310@MN2PR00MB0605.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 0285201563
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(39860400002)(376002)(366004)(136003)(346002)(199004)(189003)(53546011)(110136005)(6506007)(10290500003)(966005)(71200400001)(8936002)(2906002)(5660300002)(54906003)(9686003)(33656002)(55016002)(316002)(478600001)(186003)(8990500004)(4326008)(66946007)(86362001)(66476007)(66556008)(64756008)(15650500001)(8676002)(76116006)(81156014)(81166006)(52536014)(66446008)(66574012)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR00MB0605; H:MN2PR00MB0462.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: eWGlMJz1vANiiwwsAtq0ONLCVm+DJN3LAtuNFIoX9uLDlySQU9F1x7jODT5eiJLIeFkfcGJSDKyvgopqiaL6OR9KMF1y7ujR6YL5JCNDsBeK4KtmuOYHhyhTLDzrAuWaIn7i8/3Np93DYHriGEZzc6EXwWAOyMQc1vOVcv3jiuF6zYmXIYkNyqJ3BDD/xZk7vE5hykQ6xZx6SmfAwwbSCGTRC/TsyaSOD/WGElNEld/J4eY/gY32uwpYuYAMTxsPtEGPKVs8MYWZ0JR5nCvQRc61m9Nn/HdT4oxc4K3RnTjavZq3b0ay3yRjel3sPSqnZuWGdqPgRfFCJDYSs3yiUR1UXqMjdtNHXhsY8egtSliGcXizwnABACeMGP88TeM3Wffu7bzDuT93gLVNwNcg/q+nphnDawSO78qFvfNxvTLkM5SpFWP3vz+LOKOKY4JyyBc5Wgl05vT3/MynjmLsofH4kc1k02LVk0pHpJ7yA9s=
x-ms-exchange-antispam-messagedata: Kr9twoOOHrnGEzZKvssDd+iAznhfdzJ1EMvguDq512jDR+O7bQP1GQSyd2WnmW9ANgrjvPiBZxIbJZVrzD2eSssq58YG5peMpK/XQDQRovLQ8Td0i+EtKj0sRttSCHCN+LkwnuSmXgDhXMTwIFefNt8GvC8KJt6hxvOTmB/lz1+3uVCOjW9YD0yyfN9yc1zD+c9NvlHrHznDuYQGA2RWDw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 066fb8ae-bb20-4b82-504a-08d79b78ea99
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jan 2020 18:13:12.9262 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ejkMzMDm983bxLz6kDFkf48TCo7+F0FwC6R+eAvFhHQIXT/GfUMtvoSpzqrlSLhq/ZjobsDfGz3czSklm/onGQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR00MB0605
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/pwzqMt8J64jiBaTOFJc-N3Rs9ns>
Subject: Re: [TLS] [EXTERNAL] Explicit curve parameters in Server Key Exchange messages
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2020 18:13:21 -0000

Hi Juraj,

> related to the recent Windows/NSA custom curve certificate issues, we are wondering whether there are any implementations also supporting explicit curves in TLS server key exchange messages...
Just to clarify: Windows TLS stack only supports named_curve in SKE messages.

Cheers,

Andrei

-----Original Message-----
From: TLS <tls-bounces@ietf.org> On Behalf Of Juraj Somorovsky
Sent: Friday, January 17, 2020 5:08 AM
To: tls@ietf.org
Cc: Robert Merget <Robert.Merget@ruhr-uni-bochum.de>de>; Nimrod Aviram <nimrod.aviram@gmail.com>
Subject: [EXTERNAL] [TLS] Explicit curve parameters in Server Key Exchange messages

Dear all,

related to the recent Windows/NSA custom curve certificate issues, we are wondering whether there are any implementations also supporting explicit curves in TLS server key exchange messages as defined in
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc4492%23section-5.4&amp;data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf76997d47f804c33ab4208d79b6f7aab%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637148775489120191&amp;sdata=EQNVhlVtJnLlpuRF3eIVwbAfu9bivC%2FXsuFSjvmzS40%3D&amp;reserved=0

Typical TLS implementations we are aware of only support named curves in server key exchange messages.

Note that this is different from the custom curves in X.509 certificates. According to RFC4492, it is also possible to use custom explicit curves directly in the TLS protocol.

Thank you

--
Dr.-Ing. Juraj Somorovsky

Lehrstuhl für Netz- und Datensicherheit
Ruhr Universität Bochum
-----------------------------------
Universitätsstr. 150, Geb. ID 2/403
D-44780 Bochum

Telefon: +49 (0) 234 / 32-26740
Fax: +49 (0) 234 / 32-14347
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nds.rub.de%2Fchair%2Fpeople%2Fjsomorovsky&amp;data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf76997d47f804c33ab4208d79b6f7aab%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637148775489120191&amp;sdata=D76wCkI5gs0H5%2ByMcBlcUMZ3Alec5EpfOjJ2X8xVyX0%3D&amp;reserved=0
@jurajsomorovsky

_______________________________________________
TLS mailing list
TLS@ietf.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&amp;data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf76997d47f804c33ab4208d79b6f7aab%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637148775489120191&amp;sdata=4UsAJvqTSE2ICmMsHHe78j3haF25CDxqsvFkT3ZmXFU%3D&amp;reserved=0