Re: [TLS] ECDH_anon

"Dan Harkins" <dharkins@lounge.org> Mon, 01 February 2016 16:48 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC19B1B3266 for <tls@ietfa.amsl.com>; Mon, 1 Feb 2016 08:48:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FtITSxT5ab66 for <tls@ietfa.amsl.com>; Mon, 1 Feb 2016 08:48:23 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 962631B3264 for <tls@ietf.org>; Mon, 1 Feb 2016 08:48:23 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id D5E9910224008; Mon, 1 Feb 2016 08:48:22 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Mon, 1 Feb 2016 08:48:23 -0800 (PST)
Message-ID: <031c3dafb6fd308daab9e5174812c385.squirrel@www.trepanning.net>
In-Reply-To: <CABkgnnVY8h=PVoaMPrPPm1J2thMisQqH_p+0SQUo26z9keOHCA@mail.gmail.com>
References: <20160127151803.17788998.50067.47728@ll.mit.edu> <CABkgnnUV68bYxQwk6Wk_8+YmBBi9EnzGEU4EGaMOSv7VAmpfiQ@mail.gmail.com> <f7ae2dfc50722f13876c76ae963c4f7b.squirrel@www.trepanning.net> <CABkgnnVY8h=PVoaMPrPPm1J2thMisQqH_p+0SQUo26z9keOHCA@mail.gmail.com>
Date: Mon, 01 Feb 2016 08:48:23 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Martin Thomson <martin.thomson@gmail.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/xIQ6x6Up5J3ODWYxQaFs3wwWiBw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] ECDH_anon
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2016 16:48:25 -0000


On Sun, January 31, 2016 10:00 pm, Martin Thomson wrote:
> On 1 February 2016 at 16:56, Dan Harkins <dharkins@lounge.org> wrote:
>>>>From a protocol perspective, they are the same.  The distinction at
>>> the protocol level between ECDH_RSA (for example) and ECDH_anon is
>>> that ECDH_anon requires a ServerKeyShare message in the same way that
>>> ECDHE_RSA does.
>>
>>   So? A static-static, static-ephemeral, and ephemeral-ephemeral
>> all look the same from a protocol perspective too but they are
>> very different and have very different properties.
>
> If a tree falls in the forest and no one deletes the private key, is
> it static or ephemeral.

  If you never use it again then its compromise would only expose
that 1 exchange so I'd say it's ephemeral. If you reuse it then it
becomes static.

  But if this problem is because we have code that is not deleting
the private keys for the ECDH_anon exchange then I'd say the pull
request should be with that codebase to fix that problem.

  Dan.