Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx

[Alyssa Rowan <akr%akr.io@localhost>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 13 March 2014 04:50:32 GMT+00:00, Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost> wrote:

>The alternative that's currently used on way too many
>devices
>is for them to have a pre-generated generic cert with incorrect ID
>information
>with the private key shared across all devices.

Can we perhaps make that a SHOULD NOT (or even a MUST NOT), if it somehow isn't already? It's way too common in the wild, and it really is next to useless practice from the same kind of wilful carelessness that brought the world so many default/engineering/field service passwords/backdoors.

The related, but more unwitting, case of devices (often embedded) with bad RNGs which don't collect enough entropy on warmup generating keys on startup which turn out to be one of a globally limited set  of practically-enumerable keys is also one for implementers and testers to watch out for, and is also actively seen and exploited in the wild: I think we should have strong advice about that as it's a depressingly common pitfall.

- --
/akr
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.9

iQI3BAEBCgAhBQJTIbEGGhxBbHlzc2EgUm93YW4gPGFrckBha3IuaW8+AAoJEOyE
jtkWi2t6QosP/i0xem6cxWoaPbO0OWmsKa05Y9VudKvl8nBW8+xLxNo6SPq1rLaI
+y+A/PpYHWBDKUoQHp0KRr23mAcjq175zYSKE4DBciRSjmZ/HGgedoElKYcvF8mr
erB8ruUKqdeFn5Y0niUTdyu7I0btxsjnGEkiqjxUp3Nvj+6Z66dQ45hNU86QUP5h
P8TgHfY1KlOU20FnVnHgiZD97upaBG9uWTwVYnw6mQFu/AEXwASR6U0BT0VrF+j6
wHKPxZhKHa5IhPwRIka0CDXGKLFdxDdF0uLUQ6leEazznWx164itBRwWJOKr3FB4
xQEqtMVJeQen+nAYQwA4qHsKoG/p+s13SKCWcYiLd6FDzasRY215b0ArtmrDi5Kh
nPu6WeZaadi6bLw31b8KXChennTYe+B+1mLatjAyFVeQ5hZI3dcXkZlX1gB35KrO
Q6zIsoVRQqovmyfuhIOg7XDUc7FENWyCyCRBEPNI7Vzyw24oMNA6lmBBodbAPg9Q
9IqiVEjXdvreWT6f7ppy5Ns3F+2Vb/RLPhyl79u3NgfRIDQVZYz7DTqLmsTADubs
LJop+2iVMDUD6o+14GKqmYgw/Sf/t2uWBsiIEib2LPZ5ebeso0BldcsCmTt0Fbja
CmPGgWgKIjfQzJlA9ijq5rC0+xji9iYDg2d1+uSGdRX2RbPr0qmgmUcP
=/9kY
-----END PGP SIGNATURE-----