Re: [TLS] chairs - please shutdown wiretapping discussion...

Ted Lemon <mellon@fugue.com> Tue, 11 July 2017 19:48 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B33EE131788 for <tls@ietfa.amsl.com>; Tue, 11 Jul 2017 12:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v8U_2VFW08n7 for <tls@ietfa.amsl.com>; Tue, 11 Jul 2017 12:48:29 -0700 (PDT)
Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37991126B6D for <tls@ietf.org>; Tue, 11 Jul 2017 12:48:29 -0700 (PDT)
Received: by mail-qt0-x229.google.com with SMTP id b40so2173291qtb.2 for <tls@ietf.org>; Tue, 11 Jul 2017 12:48:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=en6/KtAQ+lanJCksOtcs4urTkubZN46FjFqG/yPK9oE=; b=g/mJeBGPpv2FVBuk2m3HVGD2hxzUteotDslqoV/n2qNpjG/n1B9IwXBPs0sXKF6Ztf 6mq02sb+9pUYWe/pMz7iQqSN3ii9mfmK1dDxctTXyvBO2KLN/jaDTFYGwFhRw2naNpj0 xgAt3fYe2DIN4asBahYcwm7HWO3QG0MNY8XkAkLfYLZdf1B3bHNtfbKQT0DwcQ6PkiDK Si9O/Iz1M1euResURxZpX/8wXwbrtxq5X/lJ+uMfXP8Pg1ycv3HT552zU8aiM765q0nR bbS+nUuXIrXOcC/uXAK+kYEy1jC5SwIPY1gMehUBUVN7oHCePLW5Efy3q4Co1j0JRtnU 7itw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=en6/KtAQ+lanJCksOtcs4urTkubZN46FjFqG/yPK9oE=; b=EI4UVlAqYDZD4N+dx8BwMrD7Sn3x6+zM8pv4k3yPUL7V9+HSgEcB0atF/e+RyOdBGI 2iFbhjoja8JLGAz6Q9r5Ic2d7iTONdZ432mXtn+7xbl0f6uVXktiwpS/TO+bBDpCeEfm EqamJukCz86qTYDL2aSkozsMgy1wz8tcmUIXDGIMY7I5VnfF71dubptVBYELpYOqdHzX xS3S9AkhJF5Wl5xvzvsn5ofadrWmFnsG4A6Y1vcq4qUDBfWikL2TbIe1EPg5IDmcZKDk TacauGDniYGNbXp2CuLl29Ficd2AjRQ4h9WTlvExZcMB6feeyBIsNcD6dtuvk8S+7diy U5QA==
X-Gm-Message-State: AIVw110+O/jesLAToHN2YMJdr5pknHFshl+BExEb7G+FectxI9v/Rjmr JfdXOh6SnFAKJuCRNntYWw==
X-Received: by 10.200.40.150 with SMTP id i22mr1989313qti.59.1499802508190; Tue, 11 Jul 2017 12:48:28 -0700 (PDT)
Received: from [10.0.30.114] (c-73-167-64-188.hsd1.ma.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id r191sm165171qke.22.2017.07.11.12.48.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Jul 2017 12:48:27 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (1.0)
From: Ted Lemon <mellon@fugue.com>
X-Mailer: iPad Mail (15A5304i)
In-Reply-To: <26848de4-ce08-8ebd-bd67-ed3af3417166@cs.tcd.ie>
Date: Tue, 11 Jul 2017 15:48:26 -0400
Cc: Christian Huitema <huitema@huitema.net>, tls@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CD0E0745-EA72-41D9-87F6-B40369ED6A70@fugue.com>
References: <E9640B43-B3AD-48D7-910D-F284030B5466@nist.gov> <CY4PR14MB13688370E0544C9B84BB52A3D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <9693fc25-6444-e066-94aa-47094700f188@cs.tcd.ie> <CY4PR14MB1368BA01881DD9495FE86DF0D7A90@CY4PR14MB1368.namprd14.prod.outlook.com> <d806a69c-af30-c963-a361-91075332a61b@cs.tcd.ie> <F87D7646-DC53-4EF8-A2D8-D0939A0FB351@vigilsec.com> <b9001044-83d7-805c-2a49-c2780401bbf8@cs.tcd.ie> <C4125902-CA3A-4EA8-989B-8B1CE41598FB@fugue.com> <0c87999c-9d84-9eac-c2c4-0f1fc8a70bdb@cs.tcd.ie> <6DA3E09E-5523-4EB2-88F0-2C4429114805@fugue.com> <fa6e64a2-b1c8-9c55-799b-b687b830a246@huitema.net> <26848de4-ce08-8ebd-bd67-ed3af3417166@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tSjJhRnAL7qsj0jqpTcdLXP_WOI>
Subject: Re: [TLS] chairs - please shutdown wiretapping discussion...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2017 19:48:31 -0000

On Jul 11, 2017, at 3:40 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>; wrote:
> It'd seem possible for a server to hold a rather long
> list of re-used static DH values and unlikely for normal
> clients to detect those.

Bearing in mind that the current proposal is intended to perpetuate a well-established use model so as to avoid having to re-tool, I don’t think this is a real concern. In practice I expect that the number of keys used in such a system will be small because the operational burden of making it large will be enough to motivate re-tooling. 

So in practice I would expect a client to be able to cache enough keys to notice this attack, if the user were motivated, or the client vendor considered this to be a credible threat worth addressing.