Hi Chris and Christian, I would disagree. The important thing to note is that the selfie attack is not a traditional insider attack where someone with the PSK misbehaves. If you look at the paper (https://eprint.iacr.org/2019/347), you will notice that Eve can fool Alice into opening a connection with herself without knowing the PSK that Alice shares with Bob. If Eve knew the PSK, then certainly it could pretend to be any one of the parties in the group that shares the PSK.
--Mohit On 10/9/19 2:48 AM, Christopher Wood wrote: > On Tue, Oct 8, 2019, at 11:51 AM, Christian Huitema wrote: >> >> On 10/8/2019 9:46 AM, Christopher Wood wrote: >> >>> On Tue, Oct 8, 2019, at 2:55 AM, Mohit Sethi M wrote: >>>> >> Hi Chris, >> >> For the benefit of the list, let me summarize that the selfie attack is >> only relevant where multiple parties share the same PSK and use the >> same PSK for outgoing and incoming connections. These situations are >> rather rare, but I accept that TLS is widely used (and sometimes >> misused) in many places. >> >> >> I may be getting old but the way Mohit writes it, it seems that the >> attack happens when the security of a group relies on a secret shared >> by all members of the group, and can then be compromised when one of >> the group members misbehaves. How is that a new threat? If groups are >> defined by a shared secret, then corruption of a group member reveals >> that shared secret to the attacker and open the path for all kinds of >> exploitation. In what sense is the "selfie" attack different from that >> generic threat? > In my opinion, it's not. > > Best, > Chris > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
