IETF Logo Mail Archive

[TLS] AD review of draft-ietf-tls-encrypt-then-mac

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 04 June 2014 12:09 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B97B71A01C6 for <tls@ietfa.amsl.com>; Wed, 4 Jun 2014 05:09:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tGzFvDJnfx2f for <tls@ietfa.amsl.com>; Wed, 4 Jun 2014 05:09:50 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 54BA81A016D for <tls@ietf.org>; Wed, 4 Jun 2014 05:09:50 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 24E71BF36; Wed, 4 Jun 2014 13:09:44 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cMLn6PO_EgWV; Wed, 4 Jun 2014 13:09:43 +0100 (IST)
Received: from [10.43.50.173] (unknown [193.190.253.145]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D8679BF31; Wed, 4 Jun 2014 13:09:42 +0100 (IST)
Message-ID: <538F0C88.7030107@cs.tcd.ie>
Date: Wed, 04 Jun 2014 13:09:44 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Sean Turner <TurnerS@ieca.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <F4D41247-9B3F-43A2-9E19-E1A547A6930B@ieca.com>
In-Reply-To: <F4D41247-9B3F-43A2-9E19-E1A547A6930B@ieca.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/9gFn_WQt-NbNST4ZMmLuTTcQKeI
Subject: [TLS] AD review of draft-ietf-tls-encrypt-then-mac
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jun 2014 12:09:51 -0000

Hiya,

I got to this today in the end. I have one question only and
a couple of nits. Not sure if the answer to the question will
mean a change or not...

On 04/06/14 01:49, Sean Turner wrote:
> draft-ietf-tls-encrypt-then-mac has completed WGLC, the latest
> version addresses all outstanding issues.  I’ve entered a Shepherd
> write-up, and am passing the buck to our AD.  Stay tuned for an AD
> review.

section 3: "Once the use of encrypt-then-MAC has been
negotiated..." do you need to be more explicit about this?
The client clearly has to start by sending the extension, but
MUST the server also include the response extension as well,
or can a server just start using e-t-m if a client has sent
it the extension?  (You do say that if the server is using a
stream cipher or AEAD then the server MUST NOT send the
response extension.) This might be determined in 5246
already, but even so might be worth repeating here.

nits

- why the ' quotes in the abstract?

- intro: better to say "RFC 5246 [2] and..." rather than "[2]
and..."

Cheers,
S.

v2.23.0 | Report a Bug | By Email