From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Noam Postavsky <npostavs@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Wed, 27 Jun 2018 20:14:42 -0400
Message-ID: <87tvpnojgt.fsf@gmail.com>
References: <m3vaa9aius.fsf@gnus.org> <87fu1apchn.fsf@gmail.com>
	<m3tvppq4mx.fsf@gnus.org> <83in65r4n9.fsf@gnu.org>
	<87y3f1njku.fsf@gmail.com>
	<CAKDRQS4MnAJfwxtQoss5vFikpwyzt-7tG3Ghkc+whSdsP9C2cA@mail.gmail.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1530145180 26700 195.159.176.226 (28 Jun 2018 00:19:40 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Thu, 28 Jun 2018 00:19:40 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
Cc: 31946@debbugs.gnu.org, Lars Ingebrigtsen <larsi@gnus.org>
To: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Jun 28 02:19:36 2018
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1fYKer-0006o7-3y
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 28 Jun 2018 02:19:33 +0200
Original-Received: from localhost ([::1]:33844 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1fYKgy-00072n-5a
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 27 Jun 2018 20:21:44 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:59973)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fYKaY-0001nS-3j
	for bug-gnu-emacs@gnu.org; Wed, 27 Jun 2018 20:15:07 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fYKaU-0005RL-4C
	for bug-gnu-emacs@gnu.org; Wed, 27 Jun 2018 20:15:06 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:58336)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1fYKaU-0005Qu-19
	for bug-gnu-emacs@gnu.org; Wed, 27 Jun 2018 20:15:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1fYKaT-0001L7-MA
	for bug-gnu-emacs@gnu.org; Wed, 27 Jun 2018 20:15:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Noam Postavsky <npostavs@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 28 Jun 2018 00:15:01 +0000
Resent-Message-ID: <handler.31946.B31946.15301448945123@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 31946
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security
Original-Received: via spool by 31946-submit@debbugs.gnu.org id=B31946.15301448945123
	(code B ref 31946); Thu, 28 Jun 2018 00:15:01 +0000
Original-Received: (at 31946) by debbugs.gnu.org; 28 Jun 2018 00:14:54 +0000
Original-Received: from localhost ([127.0.0.1]:38000 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fYKaM-0001KZ-1a
	for submit@debbugs.gnu.org; Wed, 27 Jun 2018 20:14:54 -0400
Original-Received: from mail-it0-f53.google.com ([209.85.214.53]:37515)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <npostavs@gmail.com>) id 1fYKaJ-0001KJ-Gj
	for 31946@debbugs.gnu.org; Wed, 27 Jun 2018 20:14:52 -0400
Original-Received: by mail-it0-f53.google.com with SMTP id p17-v6so5037287itc.2
	for <31946@debbugs.gnu.org>; Wed, 27 Jun 2018 17:14:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
	h=from:to:cc:subject:references:date:in-reply-to:message-id
	:user-agent:mime-version;
	bh=rF77JHQpxy4QgmDN7Vu5hKmplCQ6GxwsxgUnkUGPFS8=;
	b=AE9BwA/YnRKbct72dfvvRs0TUx7XQpLSlTbX4QlUxUvaCiwn9AJGt3V3aMYEuQN+xb
	W16hBFwfPgHhDW4XC/y2LsLTERC9HYDNu56Apgb6iS+dHNRHT+OQ4m4BsGxAsY/EC1ui
	jgsJsDBcgq+id5EL6hTLG4r2hj++75Qtu87s8+d7EhUR9U0FWfKQkL2B/jJ/jwszOygz
	MXHNdl5RAELlQQd0QvZcP7k+INaM3dClU52LECzJ7fdVQY/xkX7k864Sv7hOfsIJnLYP
	Gg+unCU8N6Q5TfJ2r9cTaev2OkEQR2Bs1lwu96UD1r8Tl3gdPwnZVNNrEUwX1kkz21Gx
	s2DQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
	:message-id:user-agent:mime-version;
	bh=rF77JHQpxy4QgmDN7Vu5hKmplCQ6GxwsxgUnkUGPFS8=;
	b=g8ilO0lOeHOANoofnOe8bypCLLR7O2BDsFkFzhMvRCIDddcpiK8mdKlw968lpnKf9V
	GwBcmSC6UtZLpkBwXxbDXONgguN+qPzQfNFzcqa1WzqYqhOyI17jj1ntD/jH4EijwFLq
	qRV46GyFvw6ekLGoKEu1Ge9drx1h6GhBtOFfuFuEMU3m3a77Y1UvbMJgpbdUnXrAIxiI
	sIsGMqUJUX48POU2T8eZr/9U5AcJdK7HELoRYG7CUJU8DSuqOGieHN9JVxgBhhhpIpAf
	+jyX/gNgitbLVh88iPSUupcCE4jMTbVtOyUigeCvj2isATXbwhTaptEUkGCcOKMGqDw3
	2JbA==
X-Gm-Message-State: APt69E2aSVci3M+2NreTKHUhexYaM1JhduJ6DtfHYf3NVbDVz5XoD9Iq
	QxFSCgwgKnXMu41SPmoWeLs=
X-Google-Smtp-Source: AAOMgpcBPU20RyZdKFrZkAiq71a0XjXrGkiQnl/9EIth/21kAgOay6jxehCYl9qZNI8ezPdzhtwriA==
X-Received: by 2002:a02:5c45:: with SMTP id
	q66-v6mr6924521jab.140.1530144886058; 
	Wed, 27 Jun 2018 17:14:46 -0700 (PDT)
Original-Received: from zebian (cbl-45-2-119-34.yyz.frontiernetworks.ca. [45.2.119.34])
	by smtp.googlemail.com with ESMTPSA id
	62-v6sm3139209ity.37.2018.06.27.17.14.43
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Wed, 27 Jun 2018 17:14:45 -0700 (PDT)
In-Reply-To: <CAKDRQS4MnAJfwxtQoss5vFikpwyzt-7tG3Ghkc+whSdsP9C2cA@mail.gmail.com>
	(Jimmy Yuen Ho Wong's message of "Wed, 27 Jun 2018 06:09:25 +0100")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:147884
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/147884>

Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:

> Tidbit: The GnuTLS basically ignored a group of Adobe researchers when they
> reported to them GnuTLS was susceptible to the small group
> attack[7]...

> [7]: https://eprint.iacr.org/2016/995.pdf

I guess the report is here (the reporter, Luke Valenta, is the first
author of the paper): https://gitlab.com/gnutls/gnutls/issues/104

The paper just says "didn't patch", but looking in the details of the
report, Luke says:

    From a client's perspective, the TLS protocol limitation does
    prevent "q" from being specified. However, since a server knows the
    value of "q", it should be perform proper subgroup validation checks
    as a precaution against small subgroup attacks[...]

    I agree that since the server does not reuse ephemeral DH keys, it
    is not currently vulnerable to a small subgroup attack.

So, the client side can't be patched, and the server side doesn't really
need to be patched (just leave the "reuse ephemeral key" option turned
off).

Furthermore, it seems gnutls has added support for standardized primes,
so that pretty much resolves the issue as much as it can be:

https://gitlab.com/gnutls/gnutls/merge_requests/437