IETF Logo Mail Archive

Re: [TLS] TLS1.3

Eric Rescorla <ekr@rtfm.com> Thu, 07 February 2013 12:57 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D340721F846C for <tls@ietfa.amsl.com>; Thu, 7 Feb 2013 04:57:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.976
X-Spam-Level:
X-Spam-Status: No, score=-102.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OYkedV-U7Y3s for <tls@ietfa.amsl.com>; Thu, 7 Feb 2013 04:57:07 -0800 (PST)
Received: from mail-qe0-f45.google.com (mail-qe0-f45.google.com [209.85.128.45]) by ietfa.amsl.com (Postfix) with ESMTP id 0FFAF21F8447 for <tls@ietf.org>; Thu, 7 Feb 2013 04:57:06 -0800 (PST)
Received: by mail-qe0-f45.google.com with SMTP id b4so1148595qen.18 for <tls@ietf.org>; Thu, 07 Feb 2013 04:57:06 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:x-originating-ip:in-reply-to:references :from:date:message-id:subject:to:cc:content-type:x-gm-message-state; bh=DO5gp8JXQ3tGQmJgAr2lD4ouq1Q3bEzCzW1BpBjl5cw=; b=blJvOn/nCQUzpxKEJx1SeMB4vWMw4OxYVs43qcQ+H/Ek/mkp4x394HWpanzCrupW4l UD7853UtG6e+7jhjiOiFH/cLTv/BiblGNatBPfbDHnh2oMKHghRJapJ35py3lhxK8L5F tM5Z71i0Lx0OGBeyDzK8Lr6McD88dSfjj2zSyd9Gj2DQZPPf+ngK5aE3i7NFjVybYreA KWoEcz/RHOUPxUMhBT/14fFZFAePb9bgA+vGUNmGpm5jLaLaPGH6W75DMovBOHa2Cedk Cs2z5/6YiViYZzgD0MnIymZL4zqzoWvK1/lYtYiGCg84ENXum4Wd1hapfpJRAAfxSSXX Q6uA==
X-Received: by 10.224.53.7 with SMTP id k7mr632184qag.96.1360241826598; Thu, 07 Feb 2013 04:57:06 -0800 (PST)
MIME-Version: 1.0
Received: by 10.49.82.130 with HTTP; Thu, 7 Feb 2013 04:56:26 -0800 (PST)
X-Originating-IP: [216.206.165.162]
In-Reply-To: <CAJU7zaJzLdf9Ty21uKQ8-GYOoHUFafVDFz7j49jzg5PpZThFcg@mail.gmail.com>
References: <AAE0766F5AF36B46BAB7E0EFB9273206194A67DCD0@GBTWK10E001.Technology.local> <CAJU7zaJzLdf9Ty21uKQ8-GYOoHUFafVDFz7j49jzg5PpZThFcg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 07 Feb 2013 04:56:26 -0800
Message-ID: <CABcZeBMq2Q63qjZX2sSPO2f79khrKaSmXoEy691D2YTB3xCbCw@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Content-Type: multipart/alternative; boundary="20cf3074d9d8e20d9704d521fa44"
X-Gm-Message-State: ALoCoQnXoYV8+8TJ8QW/LSfTMo1eot4pjHZOZT3t1qbudsLs65GCqgDUyfYXNy5C3KZiaipjHw4K
Cc: "Lewis, Nick" <nick.lewis@usa.g4s.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2013 12:57:07 -0000

There's not really any need to do a TLS 1.3 for this. TLS 1.2 includes
support for AEAD ciphers, so all that would be needed is to define
an Enrypt-Then-Mac AEAD cipher and it will drop into TLS 1.2.

Best,
-Ekr


On Thu, Feb 7, 2013 at 1:47 AM, Nikos Mavrogiannopoulos <nmav@gnutls.org>wrote:

> On Thu, Feb 7, 2013 at 9:43 AM, Lewis, Nick <nick.lewis@usa.g4s.com>
> wrote:
> > With confidence in the TLS being undermined once again as a result of
> > problems with its MAC-Pad-Encrypt mechanism are there any plans to adopt
> an
> > alternative mechanism such as Pad-MAC-Encrypt in TLS1.3?
>
> Indeed that would be useful. The current padding mechanism required
> 1-2 pages of code to solve the known issues and that may not even be
> sufficient, and have yet another attack next year.
>
> For that, in gnutls we have already implemented an extension to
> include the pad into the MAC'd data and avoid any padding oracle
> attacks. The extension defines a new padding mechanism for all
> ciphersuites (with the purpose of length hiding - Alfredo may add more
> information on that), that has the side effect of fixing the known TLS
> padding issues.
>
> The extension is described at:
> http://tools.ietf.org/html/draft-pironti-tls-length-hiding-00
>
> regards,
> Nikos
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email