Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS
Yoav Nir <ynir@checkpoint.com> Fri, 22 March 2013 06:06 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7BDE21F8AB2; Thu, 21 Mar 2013 23:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.438
X-Spam-Level:
X-Spam-Status: No, score=-10.438 tagged_above=-999 required=5 tests=[AWL=0.161, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DTey7ZyY3NTY; Thu, 21 Mar 2013 23:06:50 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 8201221F8AA8; Thu, 21 Mar 2013 23:06:49 -0700 (PDT)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r2M66j7a021418; Fri, 22 Mar 2013 08:06:45 +0200
X-CheckPoint: {514BF3A9-0-1B221DC2-2FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.54]) by DAG-EX10.ad.checkpoint.com ([169.254.3.48]) with mapi id 14.02.0342.003; Fri, 22 Mar 2013 08:06:45 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: "<mrex@sap.com>" <mrex@sap.com>
Thread-Topic: [TLS] [Cfrg] Salsa20 stream cipher in TLS
Thread-Index: Ac4l74bCPkc5tmAbHkmmrTIC4WvxcwALKVEAAABN74AAI8xdAAABhmkA
Date: Fri, 22 Mar 2013 06:06:44 +0000
Message-ID: <D773D844-B169-4A10-A9C2-A038EA74FEDF@checkpoint.com>
References: <20130322052312.1ADD51A65B@ld9781.wdf.sap.corp>
In-Reply-To: <20130322052312.1ADD51A65B@ld9781.wdf.sap.corp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.21.114]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-ID: <08E8563364190C43B399CE274F5E21E5@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "tls@ietf.org" <tls@ietf.org>, Adam Langley <agl@google.com>
Subject: Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2013 06:06:50 -0000
On Mar 22, 2013, at 1:23 AM, Martin Rex <mrex@sap.com> wrote: > Adam Langley wrote: >> On Thu, Mar 21, 2013 at 8:09 AM, Yoav Nir <ynir@checkpoint.com> wrote: >>> >>> Actually, we turned on TLS 1.2 by default for the speed advantage. >>> iOS begins a TLS handshake with version 1.2, both in ClientHello >>> and in the record layer. Only when the (shocked and flabbergasted) >>> server closes the connection, does the iPhone try with something >>> more sane like 1.0, and then even caches this for a short while. > > Are you sure? > > It would clearly be stupid behaviour on part of iPhone to send an > initial ClientHello with { 0x03, 0x03 } at the record layer. It would be, and it was. This was long ago, so it may have been fixed in iOS 6. > > It should be sending this version in ClientHello.client_version alone. > >> >> But you don't need to switch on TLS 1.2 to fix this, right? The server >> just needs to implement version negotiation correctly. > > The servers typically implement it correctly. If iPhone is willing > to talk a protocol version < TLSv1.2, then using TLSv1.2 on the > Record Layer on the first ClientHello is a stupid bug. > > Only(!!) TLSv1.2 servers will ignore the record layer PDU version > on the initial ClientHello (but for them this is currently entirely > irrelevant, since there is no TLSv1.3 and no borked TLSv1.3 clients > that tag PDUs incorrectly). > > > -Martin > > Email secured by Check Point
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS David McGrew (mcgrew)
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] Salsa20 stream cipher in TLS David McGrew (mcgrew)
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS David McGrew (mcgrew)
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS David McGrew (mcgrew)
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] Salsa20 stream cipher in TLS Jon Callas
- Re: [Cfrg] Salsa20 stream cipher in TLS David McGrew (mcgrew)
- Re: [Cfrg] Salsa20 stream cipher in TLS Jon Callas
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS Peter Gutmann
- Re: [Cfrg] Salsa20 stream cipher in TLS Peter Gutmann
- Re: [Cfrg] Salsa20 stream cipher in TLS Simon Josefsson
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS Yoav Nir
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS Yoav Nir
- Re: [Cfrg] [TLS] Salsa20 stream cipher in TLS Yoav Nir