Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS
Yoav Nir <ynir@checkpoint.com> Thu, 21 March 2013 20:26 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E70021F8C04; Thu, 21 Mar 2013 13:26:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.428
X-Spam-Level:
X-Spam-Status: No, score=-10.428 tagged_above=-999 required=5 tests=[AWL=0.171, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Ik3BoivcIYZ; Thu, 21 Mar 2013 13:26:43 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 81E5D21F8C00; Thu, 21 Mar 2013 13:26:39 -0700 (PDT)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r2LKQMrY013187; Thu, 21 Mar 2013 22:26:22 +0200
X-CheckPoint: {514B6BA7-0-1B221DC2-2FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.54]) by DAG-EX10.ad.checkpoint.com ([169.254.3.48]) with mapi id 14.02.0342.003; Thu, 21 Mar 2013 22:26:22 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Adam Langley <agl@google.com>
Thread-Topic: [TLS] [Cfrg] Salsa20 stream cipher in TLS
Thread-Index: Ac4l74bCPkc5tmAbHkmmrTIC4WvxcwALKVEAAABN74AAEQ1ygA==
Date: Thu, 21 Mar 2013 20:26:21 +0000
Message-ID: <FB439679-070A-4861-BC2E-119ABCEC6331@checkpoint.com>
References: <9A043F3CF02CD34C8E74AC1594475C7343D245C7@uxcn10-2.UoA.auckland.ac.nz> <B41639CC-CD95-4188-8843-B0DDAA298A01@checkpoint.com> <CAL9PXLxs82DeXPOAK4SbsEsrKXUi-26p-LyNZB2GkeLNwbqxVg@mail.gmail.com>
In-Reply-To: <CAL9PXLxs82DeXPOAK4SbsEsrKXUi-26p-LyNZB2GkeLNwbqxVg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.20.41]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-ID: <3828286181568D44A23D649A5DADC6EB@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Subject: Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2013 20:26:43 -0000
On Mar 21, 2013, at 8:18 AM, Adam Langley <agl@google.com> wrote: > On Thu, Mar 21, 2013 at 8:09 AM, Yoav Nir <ynir@checkpoint.com> wrote: >> Actually, we turned on TLS 1.2 by default for the speed advantage. iOS begins a TLS handshake with version 1.2, both in ClientHello and in the record layer. Only when the (shocked and flabbergasted) server closes the connection, does the iPhone try with something more sane like 1.0, and then even caches this for a short while. > > But you don't need to switch on TLS 1.2 to fix this, right? The server > just needs to implement version negotiation correctly. We consider the record layer version to be the minimum version supported by the client, and the version in the ClientHello to be the maximum version supported by the client. Since both were 1.2, our code concludes that TLS 1.2 is the only supported version. We tried replying in TLS 1.0, and we got a TCP reset or an alert (I forget which). So without TLS 1.2 support, the first connection would always fail. In practice this wouldn't be a problem, because the phone would get the penalty once, and then cache the information that our server doesn't support 1.2. Still, we preferred to add support for TLS 1.2 (which I wanted to do anyway) > (On the flip side, this /is/ a problem for clients since the > incentives are aligned for clients to stop trying TLS 1.2 since they > can't (directly) fix the server.) > > > Cheers > > AGL > > Email secured by Check Point
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS David McGrew (mcgrew)
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] Salsa20 stream cipher in TLS David McGrew (mcgrew)
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS David McGrew (mcgrew)
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS David McGrew (mcgrew)
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] Salsa20 stream cipher in TLS Jon Callas
- Re: [Cfrg] Salsa20 stream cipher in TLS David McGrew (mcgrew)
- Re: [Cfrg] Salsa20 stream cipher in TLS Jon Callas
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS Peter Gutmann
- Re: [Cfrg] Salsa20 stream cipher in TLS Peter Gutmann
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS Yoav Nir
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS Yoav Nir
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS Yoav Nir