bug#31946: 27.0.50; The NSM should warn about more TLS problems

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#31946: 27.0.50; The NSM should warn about more TLS problems

From:	Noam Postavsky
Subject:	bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date:	Tue, 26 Jun 2018 20:45:21 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Lars Ingebrigtsen <larsi@gnus.org>
>> Date: Tue, 26 Jun 2018 11:27:34 +0200
>> Cc: 31946@debbugs.gnu.org, Jimmy Yuen Ho Wong <wyuenho@gmail.com>
>> 
>> We could get in touch with the gnutls maintainer and ask for his input
>> and perhaps ask for API endpoints to allow us to check for these things?
>
> Yes, I think that's the right way for moving forward.

By the way, I've researched this a bit more, it seems like there is no
practical way to detect small subgroups at all, the only solution is to
move to standardized domains (the smallest of which is 2048 bits)
similar to how ECDHE uses standard curves.  This also solves the
composite prime problem, which is likely too expensive to check as well.

https://tools.ietf.org/html/rfc7919:

   Additionally, the DH parameters selected by the server may have a
   known structure that renders them secure against a small subgroup
   attack, but a client receiving an arbitrary p and g has no efficient
   way to verify that the structure of a new group is reasonable for
   use.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/23
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/24
- bug#31946: 27.0.50; The NSM should warn about more TLS problems, Noam Postavsky, 2018/06/25
  - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Jimmy Yuen Ho Wong, 2018/06/26
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Jimmy Yuen Ho Wong, 2018/06/26
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Noam Postavsky, 2018/06/26
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Eli Zaretskii, 2018/06/26
  - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/26
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Eli Zaretskii, 2018/06/26
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Noam Postavsky <=
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Jimmy Yuen Ho Wong, 2018/06/27
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/27
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/27
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Eli Zaretskii, 2018/06/27
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Jimmy Yuen Ho Wong, 2018/06/27
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/28
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Noam Postavsky, 2018/06/27
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Jimmy Yuen Ho Wong, 2018/06/28
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Lars Ingebrigtsen, 2018/06/28
    - bug#31946: 27.0.50; The NSM should warn about more TLS problems, Jimmy Yuen Ho Wong, 2018/06/28

Prev by Date: bug#22311: 25.1.50; package.el misused (read-from-string) will potentially cause "elpa/archives/xxx/archive-contents" file malformed
Next by Date: bug#31986: Crash on large email
Previous by thread: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Next by thread: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Index(es):
- Date
- Thread