Re: [openssl-users] Vulnerability >> logjam << downgrades TLS connections to 512 Bit

Fri, 22 May 2015 03:10:15 -0700 

On 22/05/2015 08:30, Jeffrey Walton wrote:

On Fri, May 22, 2015 at 1:55 AM, Jakob Bohm <jb-open...@wisemo.com> wrote:

On 22/05/2015 07:18, Jeffrey Walton wrote:

On Fri, May 22, 2015 at 12:51 AM, Jakob Bohm <jb-open...@wisemo.com>
wrote:

On 22/05/2015 03:57, Jeffrey Walton wrote:

As an additional change for 1.0.2c or later (no need to
delay the urgent fix), maybe adjust internal operations
to discourage use of hardcoded DH groups for TLS DH (but
NOT for generic DH-like operations such as openssl-based
implementations of SRP).

That's going to be tough because standards groups like the TLS WG are
actively promoting fully specified, named parameters and curves.

See, for example, "Negotiated Finite Field Diffie-Hellman Ephemeral
Parameters for TLS",
https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-09; and
the discussion of magic primes at "Re: [TLS] Another IRINA bug in
TLS", https://www.ietf.org/mail-archive/web/tls/current/msg16417.html.
(The thread is due to the recent attacks on DH).

The latter thread contains posts from respected experts
asking not to use fixed parameters for DH...

Well, I'm not sure how much more respected one can get than Daniel
Kahn Gillmore, Stephen Farrell, Eric Recorla; or have better
credentials than practicing cryptographers.

How high is your bar :)

Whom did I say were not highly respected cryptographers?
...
I saw no posts in that thread arguing why fixed DH groups
would be a good thing.

That's Gillmor's
https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-09. Its a
set of fixed DH groups called out by name for use in TLS.

Or are you talking about server certificates with fixed DH parameters?

I was talking about the current post-logjam discussion
thread, not the pre-logjam draft.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to