Mohit Sethi M
Date: Friday, 11 October 2019 at 14:32
To: Christopher Wood , Mohit Sethi M
, "TLS@ietf.org"
Subject: Re: [TLS] Selfie attack
Hi,
I created a pull request for the draft to improve the section on
addressing selfie attacks. For the benefit of the list, h
at 21:08
To: Christian Huitema <mailto:huit...@huitema.net>,
Christopher Wood <mailto:c...@heapingbits.net>, Mohit
Sethi M <mailto:mohit.m.se...@ericsson.com>,
"TLS@ietf.org"<mailto:TLS@ietf.org> <mailto:tls@ietf.org>
Subject: Re: [TLS] Selfie attack
Hi Christi
Hi Chris and Christian,
I would disagree. The important thing to note is that the selfie attack
is not a traditional insider attack where someone with the PSK
misbehaves. If you look at the paper (https://eprint.iacr.org/2019/347),
you will notice that Eve can fool Alice into opening a connecti
ntentionally initiate simultaneous ClientHello to each
>> other, even if they only want a single secure connection (I have seen
>> live systems where this happens in practice), an attacker can select
>> which ClientHello to block (e.g. the one with the strongest
>> cryptographic p
to a ClientHello.random that the endpoint
previously sent and has not received a ServerHello.”
Cheers,
John
From: TLS on behalf of Mohit Sethi M
Date: Tuesday, 8 October 2019 at 21:08
To: Christian Huitema , Christopher Wood
, Mohit Sethi M ,
"TLS@ietf.org"
Subject: Re: [T
uot;Downgrade protection: The cryptographic parameters should be the
>> same on both sides and should be the same as if the peers had
>>been
>> communicating in the absence of an attack"
>>
>> (I have not looked at what the definitions in [BBFGKZ16] say).
&g
On Tue, Oct 8, 2019, at 11:51 AM, Christian Huitema wrote:
>
> On 10/8/2019 9:46 AM, Christopher Wood wrote:
>
> > On Tue, Oct 8, 2019, at 2:55 AM, Mohit Sethi M wrote:
> >>
> Hi Chris,
>
> For the benefit of the list, let me summarize that the selfie attack is
> only relevant where multiple
Hi Christian,
It was my poor attempt at explaining the attack. The attack can happen as long
as a node sends outbound connections (as a TLS client) and accepts inbound
connections (as a TLS server) with the same external PSK and identity. This is
likely to happen in some form of group communica
On 10/8/2019 9:46 AM, Christopher Wood wrote:
> On Tue, Oct 8, 2019, at 2:55 AM, Mohit Sethi M wrote:
>>
>> Hi Chris,
>>
>> For the benefit of the list, let me summarize that the selfie attack is
>> only relevant where multiple parties share the same PSK and use the
>> same PSK for outgoing an
gt; no longer hold :
>
> "Downgrade protection: The cryptographic parameters should be the
> same on both sides and should be the same as if the peers had been
> communicating in the absence of an attack"
>
> (I have not looked a
ailto:mohit.m.sethi=40ericsson@dmarc.ietf.org>
Date: Tuesday, 8 October 2019 at 11:57
To: Christopher Wood <mailto:c...@heapingbits.net>,
"TLS@ietf.org"<mailto:TLS@ietf.org> <mailto:tls@ietf.org>
Subject: Re: [TLS] Selfie attack
Hi Chris,
For the benefit of th
ferred
cipher suites, an attacker can affect which of the two nodes'
preferred cipher suites will be used by blocking the other exchange.”
John
From: TLS on behalf of Mohit Sethi M
Date: Tuesday, 8 October 2019 at 11:57
To: Christopher Wood , "TLS@ietf.org"
Subject: Re: [T
Owen Friel (ofriel)" <mailto:ofr...@cisco.com>, Jonathan
Hoyland
<mailto:jonathan.hoyl...@gmail.com>
Cc: "TLS@ietf.org"<mailto:TLS@ietf.org> <mailto:tls@ietf.org>
Subject: Re: [TLS] Selfie attack was Re: Distinguishing between
external/resumption PSKs
ohn
>
> -Original Message-
> From: TLS on behalf of "Hao, Feng"
>
> Date: Tuesday, 24 September 2019 at 16:09
> To: Mohit Sethi M ,
> "Owen Friel (ofriel)" , Jonathan Hoyland
>
> Cc: "TLS@ietf.org
t looked at what the definitions in [BBFGKZ16] say).
Cheers,
John
-Original Message-
From: TLS on behalf of "Hao, Feng"
Date: Tuesday, 24 September 2019 at 16:09
To: Mohit Sethi M , "Owen
Friel (ofriel)" , Jonathan Hoyland
> On Sep 23, 2019, at 1:49 PM, Mohit Sethi M
> wrote:
>
> Hi all,
>
> On the topic of external PSKs in TLS 1.3, I found a publication on the
> Selfie attack: https://eprint.iacr.org/2019/347
If I not missing something, eeels like simple misconfiguration.
How is this different from, say, us
Sethi M , "Owen Friel
(ofriel)" , Jonathan Hoyland
Cc: "TLS@ietf.org"
Subject: Re: [TLS] Selfie attack was Re: Distinguishing between
external/resumption PSKs
On 23/09/2019, 18:50, "TLS on behalf of Mohit Sethi M"
wrote:
Hi all,
On 23/09/2019, 18:50, "TLS on behalf of Mohit Sethi M" wrote:
Hi all,
On the topic of external PSKs in TLS 1.3, I found a publication on the
Selfie attack: https://eprint.iacr.org/2019/347
Perhaps this was already discussed on the list. I thought that sharing
it
Hi all,
On the topic of external PSKs in TLS 1.3, I found a publication on the
Selfie attack: https://eprint.iacr.org/2019/347
Perhaps this was already discussed on the list. I thought that sharing
it again wouldn't hurt while we discuss how servers distinguish between
external and resumption
19 matches
Mail list logo
