Re: [TLS] Truncated HMAC: what to do with the MAC key?

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 08 July 2017 04:38 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDBB9128854 for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 21:38:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AnDkbxitD8T4 for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 21:38:25 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0ADEB126B72 for <tls@ietf.org>; Fri, 7 Jul 2017 21:38:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1499488705; x=1531024705; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=mvHpeE+aF8CWLBWp31vOFd0ZWrLhLTjoEjrULSmsDw0=; b=zY0MYDmTzyxgVgS9zuJl5A3rudtQ0uYF4YpgqNaLtZGtVPzMaQYk+3FL XhJWvvegaPifnuaQLKpp1E7UGB0GzMhWlTXToPWtnsdhq7xgebduHijXw TuriM3pHYajnqyN7Y82jhmpKDCoE1kemGVf7zBmhBnDPmXf1J49CKsAaK AhIKv34QOjG7uE7Yb4G+lt47QDhLzPBJJnomqSD4EzR1l0eT7W2SpwdO/ z+NE3djMX1ulXz9pr4CA589BMJvl7FEYC/0abl5gPX+zlbNU9AU6PN2Hd ecxvrZ3O6x75V1mBBkK0Lhd6h8CfQJw2QdZrD0SLwEt76Sdqz913NFmBT A==;
X-IronPort-AV: E=Sophos;i="5.40,326,1496059200"; d="scan'208";a="163881733"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.4 - Outgoing - Outgoing
Received: from uxcn13-tdc-c.uoa.auckland.ac.nz ([10.6.3.4]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 08 Jul 2017 16:38:18 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-c.UoA.auckland.ac.nz (10.6.3.24) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sat, 8 Jul 2017 16:38:18 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Sat, 8 Jul 2017 16:38:18 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Andreas Walz <andreas.walz@hs-offenburg.de>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Truncated HMAC: what to do with the MAC key?
Thread-Index: AQHS9yzumysdIWt+ckS1NsP2viyIy6JJWS1y
Date: Sat, 8 Jul 2017 04:38:18 +0000
Message-ID: <1499488687918.75643@cs.auckland.ac.nz>
References: <595F99DA020000AC00136830@gwia2.rz.hs-offenburg.de>, <595F99DA020000AC00136830@gwia2.rz.hs-offenburg.de>
In-Reply-To: <595F99DA020000AC00136830@gwia2.rz.hs-offenburg.de>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4IwlDk-Y4HJ5jaHCsVPfYQ6n9-A>
Subject: Re: [TLS] Truncated HMAC: what to do with the MAC key?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2017 04:38:27 -0000

Andreas Walz <andreas.walz@hs-offenburg.de>; writes:

>different TLS implementations do not seem to agree on how to implement
>truncated HMAC

It also says something about the status of this capability if three of the
four known implementations can't interoperate.  If it's taken fourteen years
(RFC 3546 was 2003) for someone to notice that the implementations don't
work/interoperate then maybe the capability should be marked as deprecated or
obsolete or unused or something.

Just out of interest Andreas, why were you checking this?  In other words how
did it get noticed?

Peter.