Re: [TLS] Issue 49: Finished.verify length
Eric Rescorla <ekr@networkresonance.com> Fri, 14 September 2007 14:20 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWC2G-000660-9K; Fri, 14 Sep 2007 10:20:44 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWC2E-00065r-L2 for tls@ietf.org; Fri, 14 Sep 2007 10:20:42 -0400
Received: from [74.95.2.169] (helo=delta.rtfm.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IWC2E-0008OQ-8z for tls@ietf.org; Fri, 14 Sep 2007 10:20:42 -0400
Received: from delta.rtfm.com (localhost.rtfm.com [127.0.0.1]) by delta.rtfm.com (Postfix) with ESMTP id D7C2A33C21; Fri, 14 Sep 2007 07:17:04 -0700 (PDT)
Date: Fri, 14 Sep 2007 07:17:04 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Bodo Moeller <bmoeller@acm.org>
Subject: Re: [TLS] Issue 49: Finished.verify length
In-Reply-To: <20070914090853.GA20702@tau.invalid>
References: <20070913183453.D32DD33C21@delta.rtfm.com> <46E9D35F.60904@pobox.com> <20070914040741.3473733C3A@delta.rtfm.com> <20070914090853.GA20702@tau.invalid>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20070914141704.D7C2A33C21@delta.rtfm.com>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: cf4fa59384e76e63313391b70cd0dd25
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
At Fri, 14 Sep 2007 11:08:53 +0200, Bodo Moeller wrote: > > As I recall, the truncation was intended to *increase* security, > > because it leaked less information about the MS to an active > > attacker. > > I am not convinced that this is a good reason. Assume that the > adversary tricks the parties into using weak encryption with some > non-ephemeral key exchange, say. Then not only the verify_data will > be potentially visible to the adversary, but also the record-layer MAC > will be exposed, which can be a lot of additional data (both depending > on the master secret). Me neither, BTW. I just seem to recall that that was the reason :) -Ekr _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Mike
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Mike
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Russ Housley