Re: [Uta] [art] Artart last call review of draft-ietf-uta-rfc7525bis-09
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 04 August 2022 10:02 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9824BC15C53C for <uta@ietfa.amsl.com>; Thu, 4 Aug 2022 03:02:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XCTGL7dtgpnO for <uta@ietfa.amsl.com>; Thu, 4 Aug 2022 03:02:03 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E85EC15C53D for <uta@ietf.org>; Thu, 4 Aug 2022 03:02:03 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2237.outbound.protection.outlook.com [104.47.71.237]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-83-RCm71LaqMDWBqaNaOPSU1w-1; Thu, 04 Aug 2022 20:00:49 +1000
X-MC-Unique: RCm71LaqMDWBqaNaOPSU1w-1
Received: from ME3PR01MB6242.ausprd01.prod.outlook.com (2603:10c6:220:104::8) by ME3PR01MB6196.ausprd01.prod.outlook.com (2603:10c6:220:102::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.14; Thu, 4 Aug 2022 10:00:48 +0000
Received: from ME3PR01MB6242.ausprd01.prod.outlook.com ([fe80::8187:e1e4:3c50:9f55]) by ME3PR01MB6242.ausprd01.prod.outlook.com ([fe80::8187:e1e4:3c50:9f55%3]) with mapi id 15.20.5504.015; Thu, 4 Aug 2022 10:00:48 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Peter Saint-Andre <stpeter@stpeter.im>, Cullen Jennings <fluffy@iii.ca>
CC: "draft-ietf-uta-rfc7525bis.all@ietf.org" <draft-ietf-uta-rfc7525bis.all@ietf.org>, "art@ietf.org" <art@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "uta@ietf.org" <uta@ietf.org>
Thread-Topic: [Uta] [art] Artart last call review of draft-ietf-uta-rfc7525bis-09
Thread-Index: AQHYpem6/Cr0fCq7y0ezkEP6wlGEC62anW2AgAEmPoCAAOzI84AAp+aAgAEsZPU=
Date: Thu, 04 Aug 2022 10:00:48 +0000
Message-ID: <ME3PR01MB6242EA89B1857FCD1C028B83EE9F9@ME3PR01MB6242.ausprd01.prod.outlook.com>
References: <165728991008.45773.10659091812976572509@ietfa.amsl.com> <4c7fcbfe-5055-d33d-e1d1-27e85592551a@stpeter.im> <A0DD6035-C9D1-4FEC-A5E7-7D95FFC55602@iii.ca> <9c9922a8-93b5-611f-6433-dbac122dcc4f@stpeter.im> <e7b17bbe-0b6b-2a54-2100-b220a9afa92e@stpeter.im> <B186BFAC-6584-4395-837E-C8F09FE6AEC7@iii.ca> <e36b7842-9ebc-2fbd-54be-9a8a1fe05771@stpeter.im> <92ad78a4-5e28-31e8-aa25-b41cb0692ff3@stpeter.im> <SY4PR01MB625185A08074FECE804E5BABEE9C9@SY4PR01MB6251.ausprd01.prod.outlook.com> <da5b62f6-9c38-0ec7-e566-d80edd4d570b@stpeter.im>
In-Reply-To: <da5b62f6-9c38-0ec7-e566-d80edd4d570b@stpeter.im>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a9264091-3ccf-4d63-f6a0-08da760034b5
x-ms-traffictypediagnostic: ME3PR01MB6196:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: dB9t4UjJEcROfyh4rVsYUcHVla5wWst9h89nHndLXpItrULFACDgan+FPxsVoQo+8P1eINxdcJq4FGQO26ilTbWBgT3a0FMAQSMOlqajHFcZ8ei6JXy7DBshnPmKrpkc5L4LFFSqpM+gy3VqLbjCymlZQLXNol74NCsqu1V1WDe2qkgXopEPbJCAVkyALuqKi0g2yGiRDqWNCcHMi1FwYLMBPtwHMi/ejh/9f6cUEbK3fBaLTQlnIkhVGCLrxDZ/hOEwvPigTWzGjnJ7yhtVghmxfD3xShfyUAx5JWa770BQniG7ahGP/sERIuHqzuhOxqwd/jRh71eBxGsnA0gKZR7otTvu3VNLbmex+nZfbd3Z8wJUXpG09EKdwcT3KJ5rwWjaOWP6j0P0K/u1+FytCfucxfQLJNbbO1Agpjq8YUz4Tanyn5bNQFU2v2SWrMy71tkFG1vvS3OXh5Xumc4RirZqb7yWsA2hoMcSlXV2OHBj95KUejjdo6plGHf2D4H1jyfSw7IJmkjUMmPKUXIRHg8hnVyfyn8Ju06tV+zJ21uz1pp5BjRSpNbIC0qZmmPiDy6LCNpIDyu2YvTpCwxZa/eiuB5fMwxlTJRXOJX6fSs/EuHnBlogxfz082aISipSesTRNcc+jpKGvvmrBi9o1HA+nZk+hoIswlMs8czWi3ShB0mZcohL5xkOdrUfxyJK+f987cBhM0xcRfMBIIEknqAF6QZXzNs5KDklP79W9q2h7aWsmfmfAPDW6CO6GzN+PvA1pZ2kc2EI2TNm7NH7FdODblX/G0/98s1teATeDfcEZ1VPnKWSeDE0++WOgjjp
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:ME3PR01MB6242.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(136003)(396003)(366004)(39860400002)(376002)(346002)(122000001)(83380400001)(9686003)(7696005)(26005)(186003)(6506007)(33656002)(86362001)(38070700005)(54906003)(110136005)(91956017)(786003)(41300700001)(316002)(71200400001)(4326008)(8936002)(8676002)(5660300002)(66476007)(66556008)(66946007)(76116006)(66446008)(64756008)(52536014)(38100700002)(2906002)(55016003)(478600001); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: J9LoSlXbGfawH5y5bQl3PuZC5HlFizziMu280QRj5Cv8fKNyrUu0PwBQlKJuohtNFntIeckrRTLEtfYzvFdV2WiY14eZmqIpqMVsbzzXlodZunbenbw1dbQ0dOIkpS7U414b3TyuYnOK8TZ7EwdMruv39sRdxoR+wY0mTA8FCqLOMAOTJXDpx2oEDgoeNZhJcgb85fZ6F6+LnM8t5FJHm755cvT8H4TM/VwimWF3prgrrjukTdSMbOnVw6kDPrKjYmfnhO1khVCyAaMdzeHTHGIJT8B+/t/GhvaC7EjGh/Gw2wjGH+GfoZ4JFxWJEUzxlSNrWAfuDS0us/LNuDFuchUGgOyOMwVh/SiQ1zaKv1b7KtPB9ExqS5yUypaPC7mSoyduMS3ndu+qVCUkeazfdQ7PbfNvRg/NJE6iUKL7klym/lgt5o5DO+6A7jSCSe+c5Esb4x2x0g2e37NhpM0rXOnuGnnKEW9XmIPscgTIOwllWYh200d4MqK3fiOVukMOvHJTSwBeGGNLe/FE/OoMxqGNXlMmGVLvQCSnodlGNsLJGJ4PujQ4dG6G3dzyAqImLLL0tYIoAshqvsAhQGTevjVTabtBfyuErXl2G4jIxCp9nMlGIa1N+Zq4Y+zkGB04v53vKMIZCtet6clHP6ORBR6nfTd93UOQJPkf8LIP3bgqg+2/haearchovwNg6TfTbg/PjISHaYBdXyzo1eBHPv9D6KVEjstSu1eZw+IzwUQO5dclcX8OtlicabVs2b+TzsSrVA5p4hNYYk6SgKQHE1xKs8PNlsnaGd6A6QUaBUGCCv9rBVG73KQDfnWgMR9HBtmy1N7JBHh9/GA32pgYlaW4sn4ilrxF7RFFSto9sJH/W5mWMpuu2br9xACGDcvt4oUUVOxRQNC4oYCgVc3wJrzL1qQ0SlRYL7DGGP+Eo2IMcrBsvM2FwIIS0PrkRRPtl8AJMRNcBUeHtBuV8wbdKwwR7epWdlgm6JcQvmPCYmoFmquJHvsUTdVyoNAMkg1eflfzlSvEwBM/MTa16FsXrWF7GOuHFCx6C8/oV9J4biXLeX+b1cAg/3zM9FjFL6GYZFXGzgBvP2Z3GaJNYMRLVhx6TDN+EK75sRvBqj9DxvUaZy0qk7FlXZbenT1KzGi2GbzYmTS2LMX5F0dBmWT4Lg3jM8R+c2o8PPQ8++S6I6rPVtGzzQCizUwIMXIDYMOJeS0Y7PGZVKqH06FSt4xSpjbJ9eF0gOMYTqs0LVSA8S0ckUKus+znU5d6A8bpdAEuyYczocydtZTORY72f45OsgarVX0tJeqBV93txhLcsCE+7Sf1CYPSXEUNYAYCWik3EX4NbV321T9z+VMJeomGS3/WZ/5n3UZDHtplmOc7lcvSiZ7hoiAY0ouaD8kdkQyuRu3BZWIshurcRUoqqg0coLcc+3Ii8eYa1bAk+v6VgjukefCQ+ufAXON51LDs4IRxWtjQB7VYKCq3iQrwpElGlH+mkfVT7f0oMF6CE5Yil8ovek7y0HR/G5DLCYzo3J5gxSnTZIfLdS2UTeW9Aj7E35Q9GbsSMRN0G+imIRrHJIqgO21fEMhgVRDHc317ipROLTgs4ZCP/zsct6BxrqT5DQ==
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME3PR01MB6242.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a9264091-3ccf-4d63-f6a0-08da760034b5
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Aug 2022 10:00:48.2295 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: L1oqB2+U/JO/5BbZBLj/D+U66rhu1AdmQBsNmAd+m9NHDAOcploNE9cLm10TeWs33b9VRkQ5yOoV33pVOVBw4b90BfXJrNoAlSl1QVVaEjo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME3PR01MB6196
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/_VfkbI2GG7frQYnigZhf_Drp7LE>
Subject: Re: [Uta] [art] Artart last call review of draft-ietf-uta-rfc7525bis-09
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2022 10:02:06 -0000
Peter Saint-Andre <stpeter@stpeter.im> writes: >Given that we already discuss these matters in Section 7.4, I don't see the >need for additional text. The issue that I pointed out is in section 4.1, "General Guidelines", while what you're referring to is buried in the security considerations right at the end. What's in 4.1 at the moment is wrong (Raccoon is static-ephemeral DH, not ephemeral-ephemeral DH), so I think it needs to be changed. 4.1 refers to 7.3 but not 7.4, so anyone reading the doc who doesn't read into every corner, including the parts buried after the IANA considerations at the end, will get an incorrect idea of what the issues are. Also what 4.1 is in effect saying is "implementations MUST use ECC algorithms" (via SHOULD NOT RSA (key transport), SHOULD NOT DH, SHOULD NOT DHE), and that includes TLS_ECDH_*, not just TLS_ECDHE_* (section 4.1 says, about *_DH_*, "These cipher suites, which have assigned values prefixed by 'TLS_DH_*', have several drawbacks, especially the fact that they do not support forward secrecy", but omits any mention of the equivalent *_ECDH_* which is no better). Since the ECC algorithms are notoriously vulnerable to nonce issues as well as various others (e.g. forgetting to perform validity checks on received values), it's just moving the insecurity from one algorithm over to another. There's no mention in the security considerations of any issues with replacing DHE with ECC algorithms, it's just "badly implemented DH is insecure" but no mention that badly-implemented ECC is also insecure. For example Brumley et al's attack on ECDHE takes advantage of the same not-really-ephemeral nature that Raccoon uses against DHE, but it's never mentioned. Anyone reading the draft would be forgiven for thinking that all you need to do to magically make all security problems go away is switch to ECC (and GCM, the other universal solution to all problems, despite it also having led to endless vulnerabilities around nonce reuse). Peter.
- [Uta] Artart last call review of draft-ietf-uta-r… Cullen Jennings via Datatracker
- Re: [Uta] Artart last call review of draft-ietf-u… Thomas Fossati
- Re: [Uta] Artart last call review of draft-ietf-u… Peter Saint-Andre
- Re: [Uta] [Last-Call] Artart last call review of … Cullen Jennings
- Re: [Uta] [Last-Call] Artart last call review of … Thomas Fossati
- Re: [Uta] Artart last call review of draft-ietf-u… Peter Saint-Andre
- Re: [Uta] [Last-Call] Artart last call review of … Viktor Dukhovni
- Re: [Uta] [Last-Call] Artart last call review of … Rob Sayre
- Re: [Uta] [Last-Call] Artart last call review of … Benjamin Kaduk
- Re: [Uta] [Last-Call] Artart last call review of … Rob Sayre
- Re: [Uta] [Last-Call] Artart last call review of … Rob Sayre
- Re: [Uta] [art] [Last-Call] Artart last call revi… Anjam Saqib
- Re: [Uta] [art] [Last-Call] Artart last call revi… Anjam Saqib
- Re: [Uta] [Last-Call] Artart last call review of … Peter Saint-Andre
- Re: [Uta] [Last-Call] Artart last call review of … Rob Sayre
- Re: [Uta] [SPAM] Artart last call review of draft… Cullen Jennings
- Re: [Uta] Artart last call review of draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Artart last call review of draft-ietf-u… Peter Saint-Andre
- Re: [Uta] [Last-Call] Artart last call review of … Rob Sayre
- Re: [Uta] [Last-Call] Artart last call review of … Stephen Farrell
- Re: [Uta] [EXTERNAL] Re: Artart last call review … Andrei Popov
- Re: [Uta] [art] Artart last call review of draft-… Cullen Jennings
- Re: [Uta] [art] Artart last call review of draft-… Peter Saint-Andre
- Re: [Uta] [Last-Call] [art] Artart last call revi… Benjamin Kaduk
- Re: [Uta] [art] Artart last call review of draft-… Peter Saint-Andre
- Re: [Uta] [art] Artart last call review of draft-… Peter Gutmann
- Re: [Uta] [art] Artart last call review of draft-… Peter Saint-Andre
- Re: [Uta] [art] Artart last call review of draft-… Peter Gutmann
- Re: [Uta] [art] Artart last call review of draft-… Yaron Sheffer
- Re: [Uta] [art] Artart last call review of draft-… Rob Sayre