Re: [TLS] Collisions (Re: Consensus Call: FNV vs SHA1)
Stefan Santesson <stefan@aaa-sec.com> Mon, 10 May 2010 22:52 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B005B3A6A92 for <tls@core3.amsl.com>; Mon, 10 May 2010 15:52:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.52
X-Spam-Level:
X-Spam-Status: No, score=-2.52 tagged_above=-999 required=5 tests=[AWL=0.729, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sOLoKnjqktTJ for <tls@core3.amsl.com>; Mon, 10 May 2010 15:52:20 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.94.112]) by core3.amsl.com (Postfix) with ESMTP id 891EF3A695F for <tls@ietf.org>; Mon, 10 May 2010 15:51:58 -0700 (PDT)
Received: from s42.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id 56BF528CA6F for <tls@ietf.org>; Tue, 11 May 2010 00:51:55 +0200 (CEST)
Received: (qmail 43245 invoked from network); 10 May 2010 22:51:46 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.16]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s42.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <simon@josefsson.org>; 10 May 2010 22:51:46 -0000
User-Agent: Microsoft-Entourage/12.24.0.100205
Date: Tue, 11 May 2010 00:51:44 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: Simon Josefsson <simon@josefsson.org>, Nicolas Williams <Nicolas.Williams@oracle.com>
Message-ID: <C80E5AA0.AB38%stefan@aaa-sec.com>
Thread-Topic: [TLS] Collisions (Re: Consensus Call: FNV vs SHA1)
Thread-Index: Acrwk1y5OlnF4kMyZk6FdjhbkjPMjA==
In-Reply-To: <87bpcn4cy6.fsf@mocca.josefsson.org>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Collisions (Re: Consensus Call: FNV vs SHA1)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2010 22:52:20 -0000
On 10-05-11 12:19 AM, "Simon Josefsson" <simon@josefsson.org> wrote: > (different from what the real server would send), fail the > handshake, and let the client re-try against the real server, and the > client would then use the wrong cached information. And.... ? I don't mean to be rude, I just want you to complete the threat scenario. In what way may this serve the attacker? In what way may this cause serious harm to the victim? If the client is fooled to cache the wrong server certificate, key establishment will fail. If the client is fooled to believe in a false set of acceptable CA names, then the client may fail to find an acceptable client certificate to use. Both will cause the handshake to fail (and cause next attempt to be without caching). /Stefan
- Re: [TLS] Wrapping up cached info Blumenthal, Uri - 0668 - MITLL
- [TLS] Consensus Call: FNV vs SHA1 Joseph Salowey (jsalowey)
- Re: [TLS] Consensus Call: FNV vs SHA1 Simon Josefsson
- Re: [TLS] Consensus Call: FNV vs SHA1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] Consensus Call: FNV vs SHA1 Adam Langley
- Re: [TLS] Consensus Call: FNV vs SHA1 Marsh Ray
- Re: [TLS] Consensus Call: FNV vs SHA1 Robert Dugal
- Re: [TLS] Consensus Call: FNV vs SHA1 Stefan Santesson
- Re: [TLS] Consensus Call: FNV vs SHA1 Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Stefan Santesson
- Re: [TLS] Consensus Call: FNV vs SHA1 Martin Rex
- Re: [TLS] Consensus Call: FNV vs SHA1 Jeffrey A. Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Paul Hoffman
- [TLS] Collisions (Re: Consensus Call: FNV vs SHA1) Nicolas Williams
- [TLS] Nico's suggestions - Re: Consensus Call: FN… Stefan Santesson
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Blumenthal, Uri - 0668 - MITLL
- [TLS] Collisions (Re: Nico's suggestions - Re: Co… Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Simon Josefsson
- [TLS] Collisions (Re: Consensus Call: FNV vs SHA1) Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Simon Josefsson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Stefan Santesson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Consensus Call: FNV vs SHA1 Hovav Shacham
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Simon Josefsson
- Re: [TLS] Consensus Call: FNV vs SHA1 Yoav Nir
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Martin Rex
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Consensus Call: FNV vs SHA1 Simon Josefsson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Michael D'Errico
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Martin Rex
- Re: [TLS] Consensus Call: FNV vs SHA1 Kemp, David P.
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Nicolas Williams
- Re: [TLS] Consensus Call: FNV vs SHA1 Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] Consensus Call: FNV vs SHA1 Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Martin Rex
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Kemp, David P.
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Kemp, David P.
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Marsh Ray
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Nicolas Williams
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- Re: [TLS] [POSSIBLE SPAM] Re: Collisions (Re: Nic… Kemp, David P.
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Nicolas Williams
- Re: [TLS] [POSSIBLE SPAM] Re: Collisions (Re: Nic… Marsh Ray
- Re: [TLS] [POSSIBLE SPAM] Re: Collisions (Re: Con… Kemp, David P.
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Stefan Santesson
- Re: [TLS] [POSSIBLE SPAM] Re: Collisions (Re: Con… Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Marsh Ray
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Stefan Santesson
- Re: [TLS] Collisions (Re: Consensus Call: FNV vs … Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Simon Josefsson
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Brian Smith
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Simon Josefsson
- Re: [TLS] Justification Adam Langley
- Re: [TLS] Justification Brian Smith
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Adam Langley
- Re: [TLS] Justification Marsh Ray
- Re: [TLS] Justification Brian Smith
- Re: [TLS] [POSSIBLE SPAM] Re: Collisions (Re: Con… Kemp, David P.
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Adam Langley
- [TLS] Use HTTP (Re: Justification) Nicolas Williams
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Justification Yoav Nir
- Re: [TLS] Justification Michael D'Errico
- Re: [TLS] Justification Martin Rex
- Re: [TLS] Justification Marsh Ray
- Re: [TLS] Justification Stefan Santesson
- Re: [TLS] Justification Martin Rex
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Yoav Nir
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Stefan Santesson
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Collisions (Re: Nico's suggestions - Re… Marsh Ray
- Re: [TLS] Justification Dean Anderson
- [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Simon Josefsson
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Justification Stefan Santesson
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Justification Nicolas Williams
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Joseph Salowey (jsalowey)
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Ben Laurie
- Re: [TLS] Wrapping up cached info Yoav Nir
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Ben Laurie
- Re: [TLS] Wrapping up cached info Martin Rex
- [TLS] Possible alternative to current cached info… Michael D'Errico
- Re: [TLS] Wrapping up cached info (and PRF WTF) Kemp, David P.
- Re: [TLS] Wrapping up cached info (and PRF WTF) Martin Rex
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info (and PRF WTF) Nicolas Williams
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Joseph Salowey (jsalowey)
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Michael D'Errico
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Joseph Salowey (jsalowey)
- Re: [TLS] Wrapping up cached info Joseph Salowey (jsalowey)
- Re: [TLS] Wrapping up cached info Marsh Ray
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Michael D'Errico
- Re: [TLS] Wrapping up cached info Michael D'Errico
- Re: [TLS] Wrapping up cached info Kemp, David P.
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Ben Laurie
- Re: [TLS] Wrapping up cached info Brian Smith
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Martin Rex
- Re: [TLS] Wrapping up cached info Brian Smith
- Re: [TLS] Wrapping up cached info Nicolas Williams
- Re: [TLS] Wrapping up cached info Stefan Santesson
- Re: [TLS] Wrapping up cached info Brian Smith
- Re: [TLS] Wrapping up cached info Brian Smith
- Re: [TLS] Wrapping up cached info Nicolas Williams