Hi Christian, It was my poor attempt at explaining the attack. The attack can happen as long as a node sends outbound connections (as a TLS client) and accepts inbound connections (as a TLS server) with the same external PSK and identity. This is likely to happen in some form of group communication but not necessarily.
In such a scenario, a malicious node Eve can fool Alice to open a connection to herself (hence the name Selfie). Admittedly, UKS/misbinding/selfie are somewhat hard to comprehend sometimes (at least for me). --Mohit On 10/8/19 9:51 PM, Christian Huitema wrote: On 10/8/2019 9:46 AM, Christopher Wood wrote: On Tue, Oct 8, 2019, at 2:55 AM, Mohit Sethi M wrote: Hi Chris, For the benefit of the list, let me summarize that the selfie attack is only relevant where multiple parties share the same PSK and use the same PSK for outgoing and incoming connections. These situations are rather rare, but I accept that TLS is widely used (and sometimes misused) in many places. I may be getting old but the way Mohit writes it, it seems that the attack happens when the security of a group relies on a secret shared by all members of the group, and can then be compromised when one of the group members misbehaves. How is that a new threat? If groups are defined by a shared secret, then corruption of a group member reveals that shared secret to the attacker and open the path for all kinds of exploitation. In what sense is the "selfie" attack different from that generic threat? -- Christian Huitema _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
