Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration

Joseph Lorenzo Hall <joe@cdt.org> Mon, 19 March 2018 11:03 UTC

Return-Path: <jhall@cdt.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4560E1271FD for <tls@ietfa.amsl.com>; Mon, 19 Mar 2018 04:03:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rkg6WNLWbbdg for <tls@ietfa.amsl.com>; Mon, 19 Mar 2018 04:03:08 -0700 (PDT)
Received: from mail-ua0-x233.google.com (mail-ua0-x233.google.com [IPv6:2607:f8b0:400c:c08::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 401341200B9 for <tls@ietf.org>; Mon, 19 Mar 2018 04:03:08 -0700 (PDT)
Received: by mail-ua0-x233.google.com with SMTP id b13so10606861uam.10 for <tls@ietf.org>; Mon, 19 Mar 2018 04:03:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RkExBA+D068KPXZKQTkgLNaUsfmaiXnGti9GRaTyb7Y=; b=AxYV1b9hMAmL9937WXePfu0m9RaKipXfeB76xf6Sau0sZC6E+2vxHHw7IfdEDMY5YV sOJhW6pLjac7bOBf812rNWmRVd01m0ObehQrXF20SGzqTiM+bPfPEHyUqw9RcKXhxZI1 f6aYMiU58BpxHYrg8/s42PVO1Aq520FUHSZBs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RkExBA+D068KPXZKQTkgLNaUsfmaiXnGti9GRaTyb7Y=; b=Lvr0PIubvjXCpA81pdsiGJ7Mxa/ykW3qh0hac8mD7EDvyYY457bRbD6s6L2zvWsKzl vzcKI4GzVE6Mg5vq2smPf6asAI18FR2QNCA9OGhzNPDjfczaEwEIclZhusAbrcRGUgSr vRZF+LwEz+IIHwtyZ+gEIvPpEk7Atj0gGQl2wl3HK5NzGY8iUI5RuWc3AjfKxX0wYOAM Qg1PEwf/wrE7Q+xx/bYK2H7ukX4TsfYeJK2JIPC+HBwljTZ6UxdPHejU0rj4Ygin30Wx mXMdxul2DnzbTqpYkueeu5StRE3JIH/J5EZhKXrVsHCy/bPyv4va3y0ZBdisdt6/7icv zEog==
X-Gm-Message-State: AElRT7GwPkBnrPTLSjWflVPJM5vl8KZORAC3T29ch4/JhRMcI0c90d4G fb8Q5Io7H3ArkVpJR7EUcPsRRsoXj3RfIk80zgsSsw==
X-Google-Smtp-Source: AG47ELvQ0Pt13muNu2I1s5/efY2lKSTmlqwf53htSs7JwbT0kZQK8/LGzGNk3lhIx1odOweNk5hUooLADSB+omkhvZk=
X-Received: by 10.176.32.176 with SMTP id y16mr5367852ual.151.1521457387136; Mon, 19 Mar 2018 04:03:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.114.196 with HTTP; Mon, 19 Mar 2018 04:02:46 -0700 (PDT)
In-Reply-To: <87lgeotkn1.fsf@fifthhorseman.net>
References: <6112806.hxzZ6NivhB@pintsize.usersys.redhat.com> <CABcZeBOFvdfV3b5+yfJbeYxHLi_uDY34X7u3cbpiLa6RtnmFkQ@mail.gmail.com> <9A9BB6E5-2620-4DE8-9BA1-18DB47801A50@dukhovni.org> <87lgeotkn1.fsf@fifthhorseman.net>
From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Mon, 19 Mar 2018 07:02:46 -0400
Message-ID: <CABtrr-Ux-ANd246aG8-zJspkHA0KQ7Nyhs5Z2ROTpwL6=UKBZg@mail.gmail.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: Viktor Dukhovni <ietf-dane@dukhovni.org>, TLS WG <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qni79zMcsDHWNl0AsO1eznqN1Jg>
Subject: Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 11:03:10 -0000

On Mon, Mar 19, 2018 at 6:38 AM, Daniel Kahn Gillmor
<dkg@fifthhorseman.net>; wrote:
> On Sun 2018-03-18 12:08:13 -0400, Viktor Dukhovni wrote:
>
>> The devices that might use external PSKs will likely be unavoidably
>> fingerprinted by source IP address and the target mothership.
>
> I'm not convinced that this is the case -- it's not at all clear that
> IoT devices will be attached to a stable network (so the source IP may
> change), and for large deployments, the devices might all share the same
> "mothership".  But the device might still present significant privacy
> concerns (for example, if it's a device that travels with a person, its
> presence on the network could be used to track that person).

In addition to locative privacy threats, the nature of the IoT device
itself might expose something sensitive about the user (e.g., a
connected pleasure device, medical device, or solid platinum espresso
maker).