IETF Logo Mail Archive

Re: [TLS] rfc7366: is encrypt-then-mac implemented?

"Christian Kahlo" <christian.kahlo@ageto.net> Thu, 30 October 2014 12:25 UTC

Return-Path: <christian.kahlo@ageto.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 950601A0040 for <tls@ietfa.amsl.com>; Thu, 30 Oct 2014 05:25:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DGuF0sjJfoX7 for <tls@ietfa.amsl.com>; Thu, 30 Oct 2014 05:25:14 -0700 (PDT)
Received: from mail-lb0-f180.google.com (mail-lb0-f180.google.com [209.85.217.180]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02AAF1A0029 for <tls@ietf.org>; Thu, 30 Oct 2014 05:25:13 -0700 (PDT)
Received: by mail-lb0-f180.google.com with SMTP id z12so4256083lbi.11 for <tls@ietf.org>; Thu, 30 Oct 2014 05:25:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:reply-to:from:to:cc:references :in-reply-to:subject:date:organization:mime-version:content-type :content-transfer-encoding:thread-index:content-language; bh=+tYDv8r1WocQYB6ad44vGhQu/wyz1E+xiR5MRQm3YAc=; b=GvH+YzB0FW2tUO+9pMyhZMdZoVGH1h/ech2LrV34yUn3IIEYlsdoSB/axwoUbIIusF FS20vCZTrWTuyAYNvqQCVFWE5qoSCAPU7i++xy9VmDpAYzpEKBPgF78eHqspk15ZGfed mhRpbX89huPhZc63c8J/cm1IyObzSwEFOhSxSmDjSDlsRVASPlfw/aAO9zWe7M/q8AHa OALN7yV54PFp1a7qFl1oENWNWo+z7QseNMBmQKdp6j6K4vATTbJMj0Ibv11UFNdEscbf T4lHfMvEJJfRlx/5vCqKauwZsOMlCXNldC4eEZG0RCj8wkxBLduzTCl5V576eNxtDjno DKJA==
X-Gm-Message-State: ALoCoQleq9cJbScToLgvjoJya1rPPq14d93R+ASXsb1Voz9zsMTiWmaTnvkPMYy6I9SYFn9Qq7U3
X-Received: by 10.152.228.140 with SMTP id si12mr18508416lac.66.1414671912157; Thu, 30 Oct 2014 05:25:12 -0700 (PDT)
Received: from THINK2 ([82.119.170.75]) by mx.google.com with ESMTPSA id m1sm3139721lbt.22.2014.10.30.05.25.10 for <multiple recipients> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 30 Oct 2014 05:25:11 -0700 (PDT)
Message-ID: <54522e27.6143700a.22d4.ffffad31@mx.google.com>
X-Google-Original-Message-ID: <000001cff43c$8cb3c340$a61b49c0$@kahlo@ageto.net>
From: Christian Kahlo <christian.kahlo@ageto.net>
To: 'Peter Gutmann' <pgut001@cs.auckland.ac.nz>, tls@ietf.org, 'Manuel Pégourié-Gonnard' <mpg@polarssl.org>
References: <9A043F3CF02CD34C8E74AC1594475C739B9DB261@uxcn10-5.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C739B9DB261@uxcn10-5.UoA.auckland.ac.nz>
Date: Thu, 30 Oct 2014 13:25:09 +0100
Organization: AGETO Innovation GmbH
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac/zezXuWeYDktXrQwW4s6eeqLonSgAwMqig
Content-Language: de
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Bag07kcjgcqAiVDNf5eTP0qcG6s
Cc: npa@ageto.net
Subject: Re: [TLS] rfc7366: is encrypt-then-mac implemented?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: c.kahlo@ageto.net
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Oct 2014 12:25:22 -0000

Hi there,

I didn't change anything in the record structure or the handshake
behaviour. The only change is the new code point assignment for
the extension.

But as stated before I'll have a look in the final RFC and compare
it to the currently deployed implementation.

It would help to get handshake logs to see what happened on the
other end.

It is also possible to activate full debug mode and check for
interop issues.

Sorry, this didn't came to my attention until now. But it's
high prio now.

Best regards,
Christian

> -----Ursprüngliche Nachricht-----
> Von: Peter Gutmann [mailto:pgut001@cs.auckland.ac.nz]
> Gesendet: Mittwoch, 29. Oktober 2014 14:21
> An: <tls@ietf.org>; Manuel Pégourié-Gonnard; Christian Kahlo
> Betreff: Re: [TLS] rfc7366: is encrypt-then-mac implemented?
> 
> Manuel Pégourié-Gonnard <mpg@polarssl.org> writes:
> 
> >My implementation does not interoperate with the one at eid.wx4.net
> >either, when I enable EtM (fails with a bad_record_mac alert).
> 
> So what are people doing to get this?  Ages ago when the draft was
> first published a bunch of implementations interop'd with this, so I
> wonder what's changed?
> 
> Peter.

v2.23.0 | Report a Bug | By Email