Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS

Watson Ladd <watsonbladd@gmail.com> Thu, 14 December 2017 22:59 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A877127005 for <tls@ietfa.amsl.com>; Thu, 14 Dec 2017 14:59:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHPr0uDSEC_N for <tls@ietfa.amsl.com>; Thu, 14 Dec 2017 14:59:01 -0800 (PST)
Received: from mail-vk0-x243.google.com (mail-vk0-x243.google.com [IPv6:2607:f8b0:400c:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 875971205F0 for <tls@ietf.org>; Thu, 14 Dec 2017 14:59:01 -0800 (PST)
Received: by mail-vk0-x243.google.com with SMTP id g69so1266454vkg.0 for <tls@ietf.org>; Thu, 14 Dec 2017 14:59:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eB3dXO3QEDvUH2apXtpbNpvjEY81MonOUFkV0WhkVps=; b=jeLhMhFI949xQMBuKdewRTjJL7d8q6ANM6vk4h5v7dYMumqH9P2q6sH7IZTXKMBl6G vusXGjKVF7dH2/tDhWkV4xBNzI1yBAmoCtOZu9nXHpqVTucbgp8NclXD4tmJ/WFxEBU4 O7feasFtjuqeAQ+cCl5Bqatalt8BGiDKutqxwCEjfTTqrsvaQdMFL50uQ7dBGPTkr38g RbIPy435Uo6LPBIKbN6YgXo2ZDnMdkG4lonGZiAqP5CSBJNJLdDZeFiukb7Q6eWKxsIF XvHfY+wuuZWJWpDETDG38GT1RBH4fK+KIbhevZYvX9TQYsD1uaE+Uhp+DhEldXmK8Wp9 nPBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eB3dXO3QEDvUH2apXtpbNpvjEY81MonOUFkV0WhkVps=; b=rWhoYZZ7WEs5L8arPJOW3R+uFKmAtt7K/GWd28a0+BO4tz2HdVOcpTulw3DN1uFYIZ A5U/Bei+h4h2rImv56SPv/88oj8IxCWJjnE549yORl2Fsgp9jvWCMJIF8LIPs+9rOvqQ 6qriIvZsEzMZnKblrREsASNUwU0NH5rmLk/tzbCPZgAH//Kd19HMUKHP73AnN43IOaqp 6AagE0YX6y3j6T+TVCRokCEx5Mu0FjlJD07rMtl75u3FQ0yzuN00r1xDDEEisBBOYz9I o4mUusYUYOQFgjcwXMF3OxfGOYwpHYi6Bjyj0NWel6D3k9e4DLTw1MWQ3pHVLtaZMqoW BfeQ==
X-Gm-Message-State: AKGB3mIQ9EkNZM4uF12MTFHjpJnE02D/qsKsfArsWRQRrdaRz4er3Nua 57q1gdBE0n7q13bK4Gp++EFa1Ir882h5bv08rTyh2g==
X-Google-Smtp-Source: ACJfBotV9jW+NcyZNZr1OjauhCbRJwxWt3XSoWpd7RlayITmcAjp8SSz+xZhkknoAwel/R2U49PehgYtBDiIh67bNUs=
X-Received: by 10.31.135.197 with SMTP id j188mr12194296vkd.34.1513292340395; Thu, 14 Dec 2017 14:59:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.41.164 with HTTP; Thu, 14 Dec 2017 14:58:59 -0800 (PST)
In-Reply-To: <CAAF6GDeeo2xjv1Xu7SFXVZ_zM=XUVJHT=eqH4_-G3+4UHsfvgg@mail.gmail.com>
References: <CAAF6GDeeo2xjv1Xu7SFXVZ_zM=XUVJHT=eqH4_-G3+4UHsfvgg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Thu, 14 Dec 2017 14:58:59 -0800
Message-ID: <CACsn0cmMbbT1iAfmxnXHe00dNiqBMyoNkk7e2CyTKWrcdRTtcQ@mail.gmail.com>
To: =?UTF-8?Q?Colm_MacC=C3=A1rthaigh?= <colm@allcosts.net>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0MKXILKDdkmukQxk_qQl2EDhyRI>
Subject: Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2017 22:59:11 -0000

Let's not forget defense 0: migrating away from broken algorithms
(which means turning them off). The fact that we didn't switch MTI
away from RSA encryption in TLS 1.1 after these attacks were
disclosed, or even in TLS 1.2, means that we've got a very long time
before some sites can turn off these algorithms. Given that some
places can't turn off SSL v3, it's not clear we can ever turn off a
widely implemented protocol.

Sincerely,
Watson Ladd