IETF Logo Mail Archive

Re: [hybi] Insight you need to know: Browsers are at fault when servers crash

Maciej Stachowiak <mjs@apple.com> Mon, 26 July 2010 05:14 UTC

Return-Path: <mjs@apple.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B18903A69C2 for <hybi@core3.amsl.com>; Sun, 25 Jul 2010 22:14:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.382
X-Spam-Level:
X-Spam-Status: No, score=-106.382 tagged_above=-999 required=5 tests=[AWL=0.216, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id COr7kIb1-5pB for <hybi@core3.amsl.com>; Sun, 25 Jul 2010 22:14:53 -0700 (PDT)
Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) by core3.amsl.com (Postfix) with ESMTP id 61ECF3A69B2 for <hybi@ietf.org>; Sun, 25 Jul 2010 22:14:53 -0700 (PDT)
Received: from relay16.apple.com (relay16.apple.com [17.128.113.55]) by mail-out4.apple.com (Postfix) with ESMTP id 67E38A54D551 for <hybi@ietf.org>; Sun, 25 Jul 2010 22:15:14 -0700 (PDT)
X-AuditID: 11807137-b7c08ae00000377a-40-4c4d19e29c41
Received: from et.apple.com (et.apple.com [17.151.62.12]) by relay16.apple.com (Apple SCV relay) with SMTP id 84.B9.14202.2E91D4C4; Sun, 25 Jul 2010 22:15:14 -0700 (PDT)
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_SsgkC6/9+mesxWQ1aGBlJA)"
Received: from [10.0.1.5] (c-69-181-42-237.hsd1.ca.comcast.net [69.181.42.237]) by et.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0L6500GJ0FXDCJ20@et.apple.com> for hybi@ietf.org; Sun, 25 Jul 2010 22:15:13 -0700 (PDT)
From: Maciej Stachowiak <mjs@apple.com>
In-reply-to: <AANLkTimRo_ubic96z3VgwexiOw0KJg10HQedmcuBs6jp@mail.gmail.com>
Date: Sun, 25 Jul 2010 22:15:12 -0700
Message-id: <FA3856A4-FF29-430E-8BE4-3049F1E33A03@apple.com>
References: <AANLkTilfxps1wWjFrwrH_3Js6Q9E331AMKFRNHfeHcdL@mail.gmail.com> <AANLkTi=vPAnnK0=gE=YN10vt9b-f6sWXXcwK+La5SriO@mail.gmail.com> <623C6D70-B4AF-49EC-BA07-6F90BD0FFFBF@apple.com> <AANLkTi=Q-PVrdaWuOu3H=wUiphe6JB4C+LauSOXKozoY@mail.gmail.com> <AANLkTi=Z-Zw3gJAdwQMAqG5UUVnV_kgsGm3M_qQ2Bwt7@mail.gmail.com> <8B47440C-7CFD-442F-94E3-96A8EBE7D25D@apple.com> <AANLkTimRo_ubic96z3VgwexiOw0KJg10HQedmcuBs6jp@mail.gmail.com>
To: John Tamplin <jat@google.com>
X-Mailer: Apple Mail (2.1081)
X-Brightmail-Tracker: AAAAAQAAAZE=
Cc: hybi@ietf.org
Subject: Re: [hybi] Insight you need to know: Browsers are at fault when servers crash
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2010 05:14:57 -0000

On Jul 25, 2010, at 10:12 PM, John Tamplin wrote:

> On Mon, Jul 26, 2010 at 1:03 AM, Maciej Stachowiak <mjs@apple.com> wrote:
> I think the idea here would be to use encryption solely to prevent the attacker from predicting either input or output bytes - in effect to scramble the bits, rather than to provide confidentiality.
> 
> Ineffective encryption doesn't really pose a barrier to producing plain text to produce a desired cipher text.  Maybe if the key can't be controlled by the attacker and varies on each packet, but it still seems like you are playing with fire to say you don't have to use a secure encryption method to prevent this.

Let's see the details of Adam's idea before we discuss further.

Regards,
Maciej

v2.23.0 | Report a Bug | By Email