Your message dated Sun, 09 Oct 2016 16:39:33 +0000
with message-id <[email protected]>
and subject line Bug#839978: fixed in exim4 4.88~RC2-1
has caused the Debian Bug report #839978,
regarding exim4: Potential backdoor'ed D-H groups in use by Exim4?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
839978: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839978
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: exim4
Severity: important
>From a recent discussion on IETF's Security Area Advisory Group:
Date: Thu, 6 Oct 2016 08:56:45 -0700
From: Watson Ladd <[email protected]>
To: "[email protected]" <[email protected]>
Subject: [saag] Possible backdoor in RFC 5114
https://tools.ietf.org/html/rfc5114
Let's review some publicly known facts:
1) BBN is a defense contractor
2) The NSA subverts crypto standards
3) It is possible to design primes so the discrete log problem is easy
4) The primes in RFC 5114 are not generated in verifiable manner: it
is possible they are hidden SNFS primes.
At minimum we should obsolete RFC 5114 in favor of primes generated in
a verifiable manner. The fact that there already were primes for IKE
use makes me wonder why this was even needed in the first place.
-------------------------------------
Date: Thu, 6 Oct 2016 17:15:29 +0000
From: Viktor Dukhovni <[email protected]>
To: [email protected]
Subject: Re: [saag] Possible backdoor in RFC 5114
On Thu, Oct 06, 2016 at 07:28:57PM +0300, Yoav Nir wrote:
> > At minimum we should obsolete RFC 5114 in favor of primes generated in
> > a verifiable manner. The fact that there already were primes for IKE
> > use makes me wonder why this was even needed in the first place.
> >
>
> RFC 5114 is an Informational document published by two employees (at the
> time) of BBN as individuals. As the boilerplate says, �it does not specify
> an Internet standard of any kind�.
>
> IANA numbers have been assigned to them for IKE, but they have not seen
> widespread use. In TLS they are all but unknown, and recent work is
> deprecating the use of DHE with explicit parameters anyway.
Sadly, their use was facilitated by support for these groups being
added in OpenSSL 1.0.2, making it easier for users to stumble into
using them. Thus, for example, these are in use in Exim, likely
because it seemed more convenient to use "standard" groups, than
to ask users to generate their own DH parameters, and "they're in
an RFC, so they must be better than just random...".
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-main_configuration.html#SECTalomo
[ scroll down to the entry for tls_dhparams ]
If Exim is using OpenSSL and this option is empty or unset,
then Exim will load a default DH prime; the default is the 2048
bit prime described in section 2.2 of RFC 5114, "2048-bit MODP
Group with 224-bit Prime Order Subgroup", which in IKE is
assigned number 23.
Otherwise, the option must expand to the name used by Exim for
any of a number of DH primes specified in RFC 2409, RFC 3526
and RFC 5114. As names, Exim uses "ike" followed by the number
used by IKE, of "default" which corresponds to "ike23".
The available primes are: ike1, ike2, ike5, ike14, ike15, ike16,
ike17, ike18, ike22, ike23 (aka default) and ike24.
Fortunately for some, the Postfix compiled-in default DHE parameters
use SG primes (that I generated in the usual way), but users are
encouraged to use their own.
http://www.postfix.org/FORWARD_SECRECY_README.html
----------------------------
Please consider disabling the Diffie-Hellman primes specified in RFC
5114 in Exim.
Thanks!!
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (650, 'testing'), (600, 'unstable'), (500, 'unstable-debug'),
(500, 'testing-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.8.0-00041-gecd2f69 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: exim4
Source-Version: 4.88~RC2-1
We believe that the bug you reported is fixed in the latest version of
exim4, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated exim4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 09 Oct 2016 17:37:08 +0200
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy
eximon4 exim4-dbg exim4-daemon-light-dbg exim4-daemon-heavy-dbg exim4-dev
Architecture: source
Version: 4.88~RC2-1
Distribution: experimental
Urgency: low
Maintainer: Exim4 Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 839978
Description:
exim4-base - support files for all Exim MTA (v4) packages
exim4-config - configuration for the Exim MTA (v4)
exim4-daemon-heavy-dbg - debugging symbols for the Exim MTA "heavy" daemon
exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including
exiscan-ac
exim4-daemon-light-dbg - debugging symbols for the Exim MTA "light" daemon
exim4-daemon-light - lightweight Exim MTA (v4) daemon
exim4-dbg - debugging symbols for the Exim MTA (utilities)
exim4-dev - header files for the Exim MTA (v4) packages
exim4 - metapackage to ease Exim MTA (v4) installation
eximon4 - monitor application for the Exim MTA (v4) (X11 interface)
Changes:
exim4 (4.88~RC2-1) experimental; urgency=low
.
* New upstream version.
+ Changed default Diffie-Hellman parameters to be Exim-specific, created
by Phil Pennock. Added RFC7919 DH primes as an alternative.
Closes: #839978
* Set tls_dhparam = historic to use site-specific DH parameters.
* Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in
-daemon postinst.
* Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either
by running certtool or by installing
/usr/share/exim4/gnutls-params-2048. Do not try to use
openssl dhparam, it takes too long.
Checksums-Sha1:
2f7099ed932b5305366406bd2c03148220da597d 3039 exim4_4.88~RC2-1.dsc
c5c4b85dda8d159d412ef3c93feea8021e9e8fb2 1816244 exim4_4.88~RC2.orig.tar.bz2
03cf4891b7a8ee9ef7c7be5c1f8675fd53c0525f 455 exim4_4.88~RC2.orig.tar.bz2.asc
b8ce09726069f1b5beac043a7b5a951eeda2f2c4 443904 exim4_4.88~RC2-1.debian.tar.xz
Checksums-Sha256:
959563b297ff83e8ed4b6d35cac2c97d0fa8dd8cfab898331e9c47251fe8470b 3039
exim4_4.88~RC2-1.dsc
29cfc4beaf479db37dd412730e8d1914d046c349d915e2248d8bf5b6d2855ee6 1816244
exim4_4.88~RC2.orig.tar.bz2
72517556a8611089e1f6a09e024114e16f41b10224d1bd436e4c69663880cdbd 455
exim4_4.88~RC2.orig.tar.bz2.asc
3235b1c65a5d35102b7dd3258934c674944b01069259af73562a20156ea33857 443904
exim4_4.88~RC2-1.debian.tar.xz
Files:
4533e7318e79093305a2daa734b77dfa 3039 mail standard exim4_4.88~RC2-1.dsc
c232297921a2011bd14f1d1380b22ae3 1816244 mail standard
exim4_4.88~RC2.orig.tar.bz2
b4cd83f61b5cfcd6b920e1acd058d8b1 455 mail standard
exim4_4.88~RC2.orig.tar.bz2.asc
5e933ba3e9d999904c1c4100d99ef38f 443904 mail standard
exim4_4.88~RC2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX+mZ8AAoJEKVPAYVDghSEANMP/jqyPmXOA9ZbAM34hlTq+E/c
n5YKY+YluCJqamDTczM2MupHoD6I3btDaNaGPjlkfaUxc4ZBKnYjiWSGKvzFnU/a
H33TML+mc/CZ0nsoY20eeaZ7YJjtV7QdTIq3W/JTAusaY9SoE8FJOQyHcgcPPfk2
RTGuavY5y1A4dkupCckCnG7KZ+/YPtcArkw/rq5cRp1Eiye7A08qTPdkSrc8PCnw
PprMCt1mt7c8M21Hy8/yNOZLlO3PdlzchKO2/1Cq7PGSvsKvozdhUCtedOuHXqKU
GbFMvodzd7cFUjPtq1eogJsuiECblvgt2kGY3w6EDNRE+kPzdn0JqdWBuFuf4qQn
+HZ9f/U8Rj6cpaSm33qfX40phErazUkUe1llnlg1cH/kprbGKPI6thli8nBT7YkA
r32pVpn3fJ1MK6ZSuUeRE3hQy7j4E8iAh0bZ+cPyFdOtTtOTIvKdCLnVkked7Gwc
997sz6uuWkivpoE/AF1qReDZIoqSu806t16puqVUvkCKrDGSLa8zwjSVbca2ggZB
+AKdDjtfkDmyzsoonstSMhtdLtIy0GqnemYE4oSj3YnpXrM+7pWEeY+Fd3Qb7Zso
a181HWgzFVoWwAEgWxeL1YT5OkOul62RDYFcaiLgs4uSA2hcXLGGwJRk4DgIhGtj
XfPnUxLCVxMVyIDEOYTX
=SWLZ
-----END PGP SIGNATURE-----
--- End Message ---
