[Cryptography] Other obvious issues being ignored?
Jerry Leichter
leichter at lrw.com
Tue Oct 20 05:40:59 EDT 2015
> - Because TLS sends the PKCS #3 form of the DH keys rather than the FIPS 186
> form, you can't verify the parameters you're being sent. Using the RFC
> 2409/3526 values makes parameter validation (via a memcmp()) functional, if
> not exactly elegant. When you generate your own parameters, you're breaking
> the ability of the other side to verify your DH params.
If you step back a moment, all of these "verify the parameters the other guy gave you" issues require a rather funny threat analysis. After all, even if all the parameters and everything in the protocol and the algorithms is perfect ... the whole point of the mechanism is to give the other guy access to the cleartext. He can then promptly publish it to the world - because his machine has been infected with a virus that forwards all decrypted material, for example. Nothing at all can protect you from that.
The only purpose I can see in checking the parameters handed to you is to help catch errors. Of course, it would be much, much better if the *sending* code mode those (self-)checks, as it can avoid exposing information: By the time you've received the message, it's too late!
-- Jerry
More information about the cryptography
mailing list