[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#31946: 27.0.50; The NSM should warn about more TLS problems

From: Noam Postavsky
Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Tue, 26 Jun 2018 20:45:21 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Eli Zaretskii <address@hidden> writes:

>> From: Lars Ingebrigtsen <address@hidden>
>> Date: Tue, 26 Jun 2018 11:27:34 +0200
>> Cc: address@hidden, Jimmy Yuen Ho Wong <address@hidden>
>> We could get in touch with the gnutls maintainer and ask for his input
>> and perhaps ask for API endpoints to allow us to check for these things?
> Yes, I think that's the right way for moving forward.

By the way, I've researched this a bit more, it seems like there is no
practical way to detect small subgroups at all, the only solution is to
move to standardized domains (the smallest of which is 2048 bits)
similar to how ECDHE uses standard curves.  This also solves the
composite prime problem, which is likely too expensive to check as well.


   Additionally, the DH parameters selected by the server may have a
   known structure that renders them secure against a small subgroup
   attack, but a client receiving an arbitrary p and g has no efficient
   way to verify that the structure of a new group is reasonable for

reply via email to

[Prev in Thread] Current Thread [Next in Thread]