IETF Logo Mail Archive

Re: [TLS] Comments on TLS identity protection

<home_pw@msn.com> Sat, 30 December 2006 05:15 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H0WZR-0004Yt-IV; Sat, 30 Dec 2006 00:15:49 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H0WZQ-0004Yk-1M for tls@ietf.org; Sat, 30 Dec 2006 00:15:48 -0500
Received: from bay0-omc1-s27.bay0.hotmail.com ([65.54.246.99]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H0WZO-0003qV-GA for tls@ietf.org; Sat, 30 Dec 2006 00:15:48 -0500
Received: from hotmail.com ([65.54.174.76]) by bay0-omc1-s27.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 29 Dec 2006 21:15:45 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 29 Dec 2006 21:15:45 -0800
Message-ID: <BAY103-DAV4BEA68112CED973F39D9592C50@phx.gbl>
Received: from 69.227.152.254 by BAY103-DAV4.phx.gbl with DAV; Sat, 30 Dec 2006 05:15:43 +0000
X-Originating-IP: [69.227.152.254]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: EKR <ekr@networkresonance.com>
References: <20061229215440.25C961CC37@delta.rtfm.com>
Subject: Re: [TLS] Comments on TLS identity protection
Date: Fri, 29 Dec 2006 21:15:56 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 30 Dec 2006 05:15:45.0913 (UTC) FILETIME=[8F816690:01C72BD1]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: d8ae4fd88fcaf47c1a71c804d04f413d
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

>
>> In SSLv3 one can choose to changeCipherSuite to a null encryption and
>> null mac state, and merely use the fragmentation, sequencing and 
>> reassembly
>> functions of the SSL protocol machine.
>
> The what? SSL offers no capabilities here that are not offered
> by the reliable transport it must ride on top of.

Your missing my point.

Im not putting SSL record layer over TCP.... My SSL application is not 
https, it is
itself an SSL Connection, sending record_layer records data over... 
record_types of
an currently active (underlying) TLS Connection.

Like Ldap and HTTP1.1 update an TCP session to turn TLS Connection's on and 
off
for certain TCP fragments, I do the same with my outer SSL connection. When 
my upper layer
(inner SSL connection) sends a certain custom record_type into the stream, 
this is
recognized by the outer SSL Connection which does a certain class and type 
of handshake...

I'm doing nothing here that TLS Evidence is not suggesting (albeit by 
abusing alerts!)


Hopefully, I can read the 2nd half of your TLS/SSL book tomorrow, focusing 
on the
engineering discussion, rather than the protocol discussion.

>> (Nothing in SSLv3 states how the
>> seq_num is calculated , note. It can be simple or fancy (provided it 
>> starts
>> at zero, when the connection state is initialized or assigned).)
>
> I don't have the v3 spec in front of me, but if that's true, it's
> a bug in the spec, IMO.


Perhaps!

"Each party maintains separate sequence numbers for transmitted and received 
messages for each connection. When a party sends or receives a change cipher 
spec message, the appropriate sequence number is set to zero. Sequence 
numbers are of type uint64 and may not exceed 264-1. "

For TLS1.0, one may assume that increment means uint64++ (which seems 
reasonable, when writing a
conformance/value/state checker)

    "Sequence numbers are of type uint64 and may not
       exceed 2^64-1. A sequence number is incremented after each
       record: specifically, the first record which is transmitted under
       a particular connection state should use sequence number 0."

I think SSLv3 is clearer than TLS, concerning when sequence number is set to 
zero. FOr SSL3,
its changedfor any variant of the change cipher spec message. For TLS, its
the :first: message under "a particular connection state". If TLS Evidence
changes the notion of Connection state (which it seems to do, being an
extension of connection state machine), we now now have alerts setting 
seq_num=0.
They jury is only going to ask what went before .... if the seq_num for
the audited handshake starts at 9225.

Hmm.


> -Ekr
> 

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email