Re: [TLS] Sending Custom DHE Parameters in TLS 1.3

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Mon, 12 October 2020 23:50 UTC

Return-Path: <prvs=7554f9b1f4=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9258E3A0D2B for <tls@ietfa.amsl.com>; Mon, 12 Oct 2020 16:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jMVZoOqHDtWZ for <tls@ietfa.amsl.com>; Mon, 12 Oct 2020 16:50:50 -0700 (PDT)
Received: from llmx3.ll.mit.edu (LLMX3.LL.MIT.EDU [129.55.12.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E074F3A0D1E for <tls@ietf.org>; Mon, 12 Oct 2020 16:50:49 -0700 (PDT)
Received: from LLE2K16-MBX02.mitll.ad.local (LLE2K16-MBX02.mitll.ad.local) by llmx3.ll.mit.edu (unknown) with ESMTPS id 09CNoWii023917; Mon, 12 Oct 2020 19:50:32 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=TGiN9mCVuVJNu3T6HHjqS47JF4Dx7imgDW6SQADNP5VynBFCnazDFURPgH/k7c8L+1Rx7X9+/yaWzZkmg4DMI7DcPpEzwGPu3RtaIK+kR1WnF5qe4iNdur2WgSNmmSz8hmUtYVGKzX1xpDoXLZtxPUu4yq5SdAnvJocBnAkVLhrDY168e3pBHADUHZpwYpzSjabZe17iHEPoRwzNN/q2KpvAm4k5PmepzuzyLlL8rsBdsXwzRutuuyW2KsCND6NPqPY2T2s6UAqkMgEO2jfXu5YWvu6lYVjatHjYvIOvGfEDhMT87HmmTc1YaVso+5hDTVRvMYgHM4E7LX4jDDNOjA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mYhvyBsiolewKktGzMjQvVkyAu2R8JV8NIK5YCq7Elc=; b=smsXUCbPEI6LdXzlHhznW2taWHqCWtXpNQAxUFJPqwM5wrx/RQT9MQAkTY65A7gX5OtzcClhTU6Q81VZm0hDuSxQTJpK2taxao6EQxqxNiZsXT49liOwYOOPuka5G9u9Q0p9iv1iLJgG9nB2VR188QrM+/Ejxpj8Dd19f0CtQB84Aluk/qowbtiFbKCDaoCUKvp3/ZHCOg2N8rK/nk/V8Ac1/W3g2rAfmDFCXO+yyxb492EMpYzI48bB8eVHkau/eJ0N5LvGr5dO70pFLp3r0u3+eOhFFlFlR8HeaG0jJP5Ih5jGBEUT1l6xgHlqbrqRNdwu7xGCm4B9C7Lg2TbeqQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
CC: TLS List <tls@ietf.org>
Thread-Topic: [TLS] Sending Custom DHE Parameters in TLS 1.3
Thread-Index: AQHWoLYGtcjhKiOao06UF4I+ILR3K6mUOOIAgABoP4CAAAJGgA==
Date: Mon, 12 Oct 2020 23:50:07 +0000
Message-ID: <207C44FB-54BE-43C5-BB17-DFDE1E4E4460@ll.mit.edu>
References: <1602546120817.36559@cs.auckland.ac.nz>
In-Reply-To: <1602546120817.36559@cs.auckland.ac.nz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ll.mit.edu;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e405b3ac-3a4c-4b91-ffd0-08d86f098d38
x-ms-traffictypediagnostic: BN3P110MB0258:
x-microsoft-antispam-prvs: <BN3P110MB025822C66D3621B0C024292590070@BN3P110MB0258.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:1728;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN3P110MB0241.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(75432002)(2906002)(186003)(6506007)(2616005)(4326008)(53546011)(66946007)(956004)(8936002)(966005)(5660300002)(76116006)(498600001)(86362001)(6486002)(6512007)(6916009)(71200400001)(66476007)(66616009)(33656002)(8676002)(66446008)(64756008)(99936003)(66556008)(26005); DIR:OUT; SFP:1102;
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; boundary="Apple-Mail-A181DAB2-57F0-4294-B87B-E7B1D86456B7"; protocol="application/pkcs7-signature"; micalg=sha-256
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN3P110MB0241.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: e405b3ac-3a4c-4b91-ffd0-08d86f098d38
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2020 23:50:08.6637 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3P110MB0258
X-OriginatorOrg: ll.mit.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-12_18:2020-10-12, 2020-10-12 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2009150000 definitions=main-2010120173
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vhDC4FKOE8VlWQyioiwhxyd87Z4>
Subject: Re: [TLS] Sending Custom DHE Parameters in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2020 23:50:52 -0000

In some cases toy key sizes are necessary. 

E.g., classes where your students break encryption because the keys are weak or small.

Regards,
Uri

> On Oct 12, 2020, at 19:42, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
> 
> Ilari Liusvaara <ilariliusvaara@welho.com> writes:
> 
>> The Diffie-Hellman support in TLS 1.2 is severly broken. There is no way to
>> use it safely on client side. This has lead to e.g., all the web browers to
>> remove support for it.
> 
> It's actually pretty simple, don't use toy key sizes.  Many implementations
> were never vulnerable to Logjam et al because they applied the simple measure
> of... not using toy key sizes.
> 
>> There is no way to ensure that the parameters sent are not totally broken,
>> e.g.:
> 
> This requires that the server that you're connecting to is malicious.  If
> you're connecting to a malicious server then you've got bigger things to worry
> about then what they set g to.
> 
>> This has lead to e.g., all the web browers to remove support for it.
> 
> Because throwing out the baby with the bathwater and jumping on the next shiny
> thing that comes along every time someone points out a problem seems to be a
> requirement for crypto protocol implementers.
> 
> Peter.
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls