Re: [TLS] padding bug (was: Re: Requesting feedback on TACK draft)
Bodo Moeller <bmoeller@acm.org> Tue, 24 September 2013 14:30 UTC
Return-Path: <SRS0=2RbL=TE=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 2C1BF11E813A for <tls@ietfa.amsl.com>;
Tue, 24 Sep 2013 07:30:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.266
X-Spam-Level:
X-Spam-Status: No, score=-1.266 tagged_above=-999 required=5 tests=[AWL=0.360,
BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WVT3qKQNMen2 for
<tls@ietfa.amsl.com>; Tue, 24 Sep 2013 07:30:16 -0700 (PDT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
[212.227.126.171]) by ietfa.amsl.com (Postfix) with ESMTP id 71A1911E811E for
<tls@ietf.org>; Tue, 24 Sep 2013 07:30:16 -0700 (PDT)
Received: from mail-ob0-f181.google.com (mail-ob0-f181.google.com
[209.85.214.181]) by mrelayeu.kundenserver.de (node=mrbap0) with ESMTP
(Nemesis) id 0MfjDI-1VCT350fVk-00NPzB; Tue, 24 Sep 2013 16:30:15 +0200
Received: by mail-ob0-f181.google.com with SMTP id gq1so4888629obb.26 for
<tls@ietf.org>; Tue, 24 Sep 2013 07:30:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net;
s=20130820;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type; bh=k6nr7MacHSef9MzLzfiXlC2gzYzxtqJTnCK9K3+3V3w=;
b=XDuNJfw1KR5Ce9R9CEmJbModcP6cEbbrXKvAPE6EX5ft/HpwYnElSFhCH1w4f8S0Co
8ZgU3Q//W5xZD8LUAVFXSPjE0UTm1e/xyRjqklqYWEn9/dcMyPr7T/wImRnPpLm/PVd1
Xldo2N3qovz+lsyfKRwuiwTy1/C88Jx0byDeCH+eXfzygzPHrhojrNvvlUJrW8shVQ3R
r+2Akwt96IPG9spAnEUt2duRVMeyodGg4qTPd0i1jewK75TLACbthiknbyzUIuGo2PTi
XzzP9d9nRaZfiWJQWTjjJRzardjQ+lAC3WEPjeV/rYxe3fFEjLeEVuYQmJfiAWnSw1gb YWhQ==
MIME-Version: 1.0
X-Received: by 10.182.49.166 with SMTP id v6mr25459783obn.13.1380033013752;
Tue, 24 Sep 2013 07:30:13 -0700 (PDT)
Received: by 10.60.115.72 with HTTP; Tue, 24 Sep 2013 07:30:13 -0700 (PDT)
In-Reply-To: <CE538FA7.A524%kenny.paterson@rhul.ac.uk>
References: <CALR0uiKTySMMRBKC8pDAvg_Fy8m8SA+Gj-te6WnQvB9w=MLcfw@mail.gmail.com>
<CE538FA7.A524%kenny.paterson@rhul.ac.uk>
Date: Tue, 24 Sep 2013 16:30:13 +0200
Message-ID: <CADMpkc+fErXMzB_g8M-PiR+s-94p1=kN=Zi8+1Oftppqe8Zv8g@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
Content-Type: multipart/alternative; boundary=047d7b5d2ea4902fbf04e721f9c7
X-Provags-ID: V02:K0:eFhKJaAWwb+/QzvjhibW3fiI6RtTbupubC5g0LwapxK
FXIO7WXhBRZXSMzTcuIZfvJowIs7LI4LFDNQg4APZdbNvhnPpb
ECOUSNW39ny4V6WQvnXOpSF+WdCZUGt5GxXkhNpg7hwFcAo3IY
IpOnwo+niY/WfUyvaxFLJYdrxtR6DgcL6ScKj/yujwJQgBwfUx
0yeJMYBnR9flboQ3GQJjcDr/7mwk/Uon/xxdOFqbjMPJTosPBY
dof5mIENZE4qYIY/WE8f9lGR7KTOC3Uh02Mvsg0bSBNgUqFELb
FkQYI78yS2kh0Jb/llvD0xG3bb59Z2a0khs3vs8tU13K6/S1JA
W9J+ImUVYyR5z2muwNfmpLc/heAOMhjn1IxsisuCjkbk6mEQ/u
TkIb4qUHX4+O0NIc+8KkIpWI4DpwCpSco/6rB0EIpaxNBHeFrK bMqSu
Cc: Alfredo Pironti <alfredo@pironti.eu>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] padding bug (was: Re: Requesting feedback on TACK draft)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 14:33:30 -0000
> > > > 1. There is some formal support for the "Pad-then-encrypt-then-MAC" > approach being used in the above Approach #1 in the following paper: > I think here you meant "Pad-then-MAC-then-encrypt". > > Kenneth G. Paterson and Gaven J. Watson > > Authenticated-Encryption with Padding: A Formal Security Treatment > Cryptography and Security: From Theory to Applications > > Lecture Notes in Computer Science Volume 6805, 2012, pp 83-107. > > http://link.springer.com/book/10.1007/978-3-642-28368-0 > > > > See in particular, Theorem 8 in the paper. > > Unfortunately, this paper is behind Springer's paywall. For those on the > list without access, you can access the same content in Chapter 5 (Theorem > 5.6, page 96) of Gaven Watson's Ph.D. Thesis, available here: > > http://www.isg.rhul.ac.uk/~kp/theses/GWthesis.pdf
- [TLS] Requesting feedback on TACK draft Trevor Perrin
- Re: [TLS] Requesting feedback on TACK draft Peter Gutmann
- Re: [TLS] Requesting feedback on TACK draft Lewis, Nick
- [TLS] padding bug (was: Re: Requesting feedback o… Peter Saint-Andre
- Re: [TLS] padding bug Dr Stephen Henson
- Re: [TLS] padding bug Dr Stephen Henson
- Re: [TLS] padding bug Nikos Mavrogiannopoulos
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Eric Rescorla
- Re: [TLS] padding bug (was: Re: Requesting feedba… Alfredo Pironti
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Yaron Sheffer
- Re: [TLS] padding bug (was: Re: Requesting feedba… Paterson, Kenny
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Adam Langley
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Dr Stephen Henson
- Re: [TLS] padding bug Nico Williams
- Re: [TLS] padding bug Nikos Mavrogiannopoulos
- Re: [TLS] padding bug Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] padding bug (was: Re: Requesting feedba… Bodo Moeller
- Re: [TLS] padding bug (was: Re: Requesting feedba… Paterson, Kenny
- Re: [TLS] padding bug Brian Smith
- Re: [TLS] padding bug Martin Rex
- [TLS] Encrypt-then-MAC again (was Re: padding bug) Michael D'Errico
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Watson Ladd
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Paterson, Kenny
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Michael D'Errico
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ben Laurie
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Bryan C. Geraghty
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- [TLS] Would this fix RC4 again? (was Re: Encrypt-… Michael D'Errico
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Watson Ladd
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Paterson, Kenny
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Nikos Mavrogiannopoulos
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Jacob Appelbaum
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Alex Elsayed
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Paterson, Kenny
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- [TLS] draft-mavrogiannopoulos-new-tls-padding-00 Martin Rex
- Re: [TLS] draft-mavrogiannopoulos-new-tls-padding… Nikos Mavrogiannopoulos