Re: [TLS] Truncated HMAC: what to do with the MAC key?

Dave Garrett <davemgarrett@gmail.com> Sat, 08 July 2017 05:15 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23B32128D64 for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 22:15:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VRqBx2sOhFnx for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 22:15:20 -0700 (PDT)
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8FB7128768 for <tls@ietf.org>; Fri, 7 Jul 2017 22:15:20 -0700 (PDT)
Received: by mail-qt0-x22e.google.com with SMTP id b40so41578482qtb.2 for <tls@ietf.org>; Fri, 07 Jul 2017 22:15:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-transfer-encoding:message-id; bh=kPBoxUxgeCl8xQ0CKM/7ndPinU4CMGf+9L1q6do+PvY=; b=FZhEDVGcDMhHhlcsWmJNMCopZXefv9x16Ou/q7GCCkMFq5BiI2Z9II04WtkrCqw7bn 8fqrSMmf/3JyhijngycvTmTwy3eAcNZQfboZH4x3E8aFq7WktvDfxl0v58JHNe/jCnbf tQv2vS7Mienx713tp7tdYAAtJsQ3/ChFeUy2mevEcRNVdWiS9LhD412bWwrSaVBlrfhD /hAqZhLaXwOgCFWgxe4HadCKfknJM/osLuBpDE6iBatDXRWxosIN04tGH3ogPrgMdGGh IoM4bK2TLzXUb/Y0mHBC0lyz610b1LFKM6XXTADG8YfZTDy5lgjOslSWqiMRrEFAeq2A Esng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-transfer-encoding:message-id; bh=kPBoxUxgeCl8xQ0CKM/7ndPinU4CMGf+9L1q6do+PvY=; b=SXw0tfjY6Es5eje7JJp727ZcLnHpyd2CR/k9LUSoAsYyA5m9mHiyuRiaq4oi3jvlkt 1oSkDKEWZTatW5rLPDQouK7q+X2k80klrFmhUMiMuTa4TalyFSQPE/y3qF3Am7ifeMMj kf05QK1YqRsVojUosyQ+qXFkz9z34vvkVP83OMD2VQAa5xJ/BD+fMXQy5lOzLb7NdfSu wi11EaJQXrq9/CC0XGNjoYnhU3KMnWlClu6xxBmuLEPaCTgKUh2ANBzGkWVFUKc8bGfV UUGDfIoUhHntUDxCuMQHi8wodOHbZG0LVte0XUU9Qugy9xWjefLPxsXrC3q/pPCcYSko 7nrw==
X-Gm-Message-State: AKS2vOzrigNPeWcLnnbaz7wXwIJNdc69/7fujE9E+w1674oFdSes63Pw e7QPeUBSOErMCgro
X-Received: by 10.200.2.75 with SMTP id o11mr56008502qtg.26.1499490919765; Fri, 07 Jul 2017 22:15:19 -0700 (PDT)
Received: from dave-laptop.localnet (pool-71-175-70-41.phlapa.fios.verizon.net. [71.175.70.41]) by smtp.gmail.com with ESMTPSA id b13sm4212443qta.25.2017.07.07.22.15.18 (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 07 Jul 2017 22:15:19 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Sat, 8 Jul 2017 01:15:17 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <595F99DA020000AC00136830@gwia2.rz.hs-offenburg.de> <1499488687918.75643@cs.auckland.ac.nz>
In-Reply-To: <1499488687918.75643@cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201707080115.17663.davemgarrett@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6ZjVtAoJWto10qLBIbX974XnUwg>
Subject: Re: [TLS] Truncated HMAC: what to do with the MAC key?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2017 05:15:22 -0000

On Saturday, July 08, 2017 12:38:18 am Peter Gutmann wrote:
> Andreas Walz <andreas.walz@hs-offenburg.de>; writes:
> >different TLS implementations do not seem to agree on how to implement
> >truncated HMAC
> 
> It also says something about the status of this capability if three of the
> four known implementations can't interoperate.  If it's taken fourteen years
> (RFC 3546 was 2003) for someone to notice that the implementations don't
> work/interoperate then maybe the capability should be marked as deprecated or
> obsolete or unused or something.

In progress; the Truncated HMAC TLS extension is prohibited in implementations that support TLS 1.3+ as of the current draft.

https://tools.ietf.org/html/draft-ietf-tls-tls13-21#page-127


Dave