From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Noam Postavsky Newsgroups: gmane.emacs.bugs Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems Date: Tue, 26 Jun 2018 20:45:21 -0400 Message-ID: <87y3f1njku.fsf@gmail.com> References: <87fu1apchn.fsf@gmail.com> <83in65r4n9.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1530060252 7104 195.159.176.226 (27 Jun 2018 00:44:12 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 27 Jun 2018 00:44:12 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) Cc: Lars Ingebrigtsen , 31946@debbugs.gnu.org, wyuenho@gmail.com To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Jun 27 02:44:08 2018 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fXyZ6-0001jn-26 for geb-bug-gnu-emacs@m.gmane.org; Wed, 27 Jun 2018 02:44:08 +0200 Original-Received: from localhost ([::1]:55949 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fXybD-0001h4-9d for geb-bug-gnu-emacs@m.gmane.org; Tue, 26 Jun 2018 20:46:19 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48783) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fXyb1-0001gy-Ms for bug-gnu-emacs@gnu.org; Tue, 26 Jun 2018 20:46:11 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fXyaw-0002Y9-OP for bug-gnu-emacs@gnu.org; Tue, 26 Jun 2018 20:46:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:57056) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fXyaw-0002X3-Jd for bug-gnu-emacs@gnu.org; Tue, 26 Jun 2018 20:46:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fXyaw-0001jm-64 for bug-gnu-emacs@gnu.org; Tue, 26 Jun 2018 20:46:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Noam Postavsky Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 27 Jun 2018 00:46:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31946 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 31946-submit@debbugs.gnu.org id=B31946.15300603386644 (code B ref 31946); Wed, 27 Jun 2018 00:46:02 +0000 Original-Received: (at 31946) by debbugs.gnu.org; 27 Jun 2018 00:45:38 +0000 Original-Received: from localhost ([127.0.0.1]:36720 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fXyaV-0001j2-7A for submit@debbugs.gnu.org; Tue, 26 Jun 2018 20:45:38 -0400 Original-Received: from mail-it0-f44.google.com ([209.85.214.44]:32769) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fXyaO-0001ii-VN for 31946@debbugs.gnu.org; Tue, 26 Jun 2018 20:45:33 -0400 Original-Received: by mail-it0-f44.google.com with SMTP id k17-v6so16893824ita.0 for <31946@debbugs.gnu.org>; Tue, 26 Jun 2018 17:45:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=M+qG7YU5YrriUJWI/68lg+eFW6JFtrPmW1KKblOGa+k=; b=ZLyyueaLi94lNIxVHODSsgEnggkFOIWsVebmSeiJk/R0xYpUoFIud9bDuEI+VqJAHc FtyDtkStNZxbDx/a+4dDK3EOsKtSHSHMxyioDXUT7PqHqbjKM67Ku3TyX4lq2+2oeSfH 5A2YgplbZd11Erc/ecWh2sa7/vR2XP6uo0SMnoOxzJYxdLAu4y8aOb51DDrGKGMCAah4 6w3SCVes9T6gPc+7eyrXlpeyLh5QymSH9lnFPRXWR1/OXWVVr8EFT5ilC7wJ/eHdwK6E a3Gd8IFVvXgWfdXVFUK8uOZcjAqEdYGWr8Q8UJ86ZYdkE/M4IlvFYmkVYgvjULk1FfRu i/Kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=M+qG7YU5YrriUJWI/68lg+eFW6JFtrPmW1KKblOGa+k=; b=otiF1mEJr63KMXPES03zKobozw5bT/0P2zH0caDgEdgwvjjm2+5ac7k33gNxq58ZG7 4FIh7IxFmq/IaeCM4LIkHBVRPLtln+T5xEkO97SaVvTD2w69+WpCHCSzTRvq1leybwLa ta0jzY+yaXDipPpoRAfLoZG5DwpXhp0WfsEV4mK92V0n/chobHplRhrwxr/5/Gu//J7y lTelNWXIj1YsQG3htkDkSX9/qf4Dh0ripOAlUmV2nQOJcduq4Yvx0kES/esA1NbZuTag KpnZ6OnV7W+mQgctEMDcTRYQDBz3V+HDbJw4vxH2qb2gYMskPhNHztU/AYAFbMJdOCRE c6BA== X-Gm-Message-State: APt69E3P5CVzytcQvTQcp5fHRXan6jSg0+t3PUNAPQ72pZc6yaxTjs2p vUx6bupumNNipc+K3hifZh4= X-Google-Smtp-Source: AAOMgpewv+YCv+6bYH3u1MhrDkKB5gGegM+jhwmgrK3QMgWxqInKZrAlvHTwpjWowJbf3YaK6oOkvg== X-Received: by 2002:a24:798f:: with SMTP id z137-v6mr3118717itc.19.1530060323397; Tue, 26 Jun 2018 17:45:23 -0700 (PDT) Original-Received: from zebian (cbl-45-2-119-34.yyz.frontiernetworks.ca. [45.2.119.34]) by smtp.googlemail.com with ESMTPSA id g2-v6sm1382981ioa.47.2018.06.26.17.45.22 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 26 Jun 2018 17:45:22 -0700 (PDT) In-Reply-To: <83in65r4n9.fsf@gnu.org> (Eli Zaretskii's message of "Tue, 26 Jun 2018 17:42:02 +0300") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:147846 Archived-At: Eli Zaretskii writes: >> From: Lars Ingebrigtsen >> Date: Tue, 26 Jun 2018 11:27:34 +0200 >> Cc: 31946@debbugs.gnu.org, Jimmy Yuen Ho Wong >> >> We could get in touch with the gnutls maintainer and ask for his input >> and perhaps ask for API endpoints to allow us to check for these things? > > Yes, I think that's the right way for moving forward. By the way, I've researched this a bit more, it seems like there is no practical way to detect small subgroups at all, the only solution is to move to standardized domains (the smallest of which is 2048 bits) similar to how ECDHE uses standard curves. This also solves the composite prime problem, which is likely too expensive to check as well. https://tools.ietf.org/html/rfc7919: Additionally, the DH parameters selected by the server may have a known structure that renders them secure against a small subgroup attack, but a client receiving an arbitrary p and g has no efficient way to verify that the structure of a new group is reasonable for use.