IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

John Mattsson <john.mattsson@ericsson.com> Wed, 23 November 2016 10:22 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A2E7129868 for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 02:22:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3jQkT611L9BH for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 02:22:44 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 656E812965A for <tls@ietf.org>; Wed, 23 Nov 2016 02:22:43 -0800 (PST)
X-AuditID: c1b4fb3a-97bff70000007918-d8-58356defc75a
Received: from ESESSHC006.ericsson.se (Unknown_Domain [153.88.183.36]) by (Symantec Mail Security) with SMTP id 61.3C.31000.FED65385; Wed, 23 Nov 2016 11:22:42 +0100 (CET)
Received: from ESESSMB307.ericsson.se ([169.254.7.62]) by ESESSHC006.ericsson.se ([153.88.183.36]) with mapi id 14.03.0319.002; Wed, 23 Nov 2016 11:22:39 +0100
From: John Mattsson <john.mattsson@ericsson.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, "Salz, Rich" <rsalz@akamai.com>, Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] WGLC for draft-ietf-tls-rfc4492bis
Thread-Index: AQHSQh6ZBtLjySIXQkGGsA9kkiXhRqDhNgaAgACkbYCAABeGgIAA2SuAgAOXuQA=
Date: Wed, 23 Nov 2016 10:22:38 +0000
Message-ID: <D45B2AE4.55950%john.mattsson@ericsson.com>
References: <62B88142-2DBE-439F-AD4A-309053925794@sn3rd.com> <7462904085cc4a94914298af81157031@usma1ex-dag1mb1.msg.corp.akamai.com> <7de8f9da-8ab1-cfc2-00ad-9c91c7694174@gmail.com> <8394bafcd99344838d878b5e8cf5b524@usma1ex-dag1mb1.msg.corp.akamai.com> <8262a7bf-6c19-0a23-9d0b-8f59344444aa@gmail.com>
In-Reply-To: <8262a7bf-6c19-0a23-9d0b-8f59344444aa@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.9.160926
x-originating-ip: [153.88.183.20]
Content-Type: text/plain; charset="utf-8"
Content-ID: <C2D974BA0CD277459F84A5360EC055AE@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrOIsWRmVeSWpSXmKPExsUyM2K7iu6nXNMIgzPzFSz+b+lksbiyqpHZ 4tP5LkaLVfdnsDuweEw+soDZY+esu+weS5b8ZPI4eJAxgCWKyyYlNSezLLVI3y6BK+Prn3Vs BUf4Kna0LWdpYJzC18XIySEhYCLxv+8PcxcjF4eQwDpGid6OK2wQzmJGiUmzl7GBVLEJGEjM 3dMAlhAR6GaUWLqplwUkISxgKvHpVR8riC0iYCaxaetcdgjbT6K36SyYzSKgKnHy2QuwQbwC 5hJX5/9kh9iwhUni0bcJYIM4BWwlZqz7zARiMwqISXw/tQbMZhYQl7j1ZD4TxK0CEkv2nGeG sEUlXj7+B7SYg0NUQE9izf0wiLCixNXpy5lAwswCmhLrd+lDTLGWmNh8kQXCVpSY0v2QHeIc QYmTM5+wTGAUm4Vk2SyE7llIumch6Z6FpHsBI+sqRtHi1OLi3HQjI73Uoszk4uL8PL281JJN jMDoO7jlt9UOxoPPHQ8xCnAwKvHwFsSaRAixJpYVV+YeYpTgYFYS4VUGxq4Qb0piZVVqUX58 UWlOavEhRmkOFiVxXrOV98OFBNITS1KzU1MLUotgskwcnFINjApH139mqhDuv64+STE/rDB8 +4FUy//qW1si1obsmvzxz9WPq5RZf9b89Cu8sN3w7DnNL1pXv9WtfPFqTqHAgpNP3erVDc5V 1PAsUlgdHNoU6rNZeV7ummbxO4GeYkqf3jVYbyvhNJKYG1s/03PCmg/cwRESH3bFJcd+/rzI bTmrquaF9wf1wpVYijMSDbWYi4oTAXPLYc+6AgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/DnaK1bZlkGGXz-a-OlaQcSkvGDQ>
Subject: Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2016 10:22:46 -0000

On 2016-11-21, 06:31, "TLS on behalf of Yaron Sheffer"
<tls-bounces@ietf.org on behalf of yaronf.ietf@gmail.com> wrote:

>So the key schedule changed and therefore we think cross-version attacks
>are impossible. Have we also analyzed other protocols to ensure that
>cross protocol attacks, e.g. with SSH or IPsec, are out of the question?
>
>Put differently, algorithm designers gave us a cheap, easy to use tool
>to avoid a class of potential attacks. Why are we insisting on not using
>it?

Unless someone points out any major disadvantages with using a context, I
agree with Yaron.


>
>Thanks,
>	Yaron
>
>On 20/11/16 17:33, Salz, Rich wrote:
>>> For those who missed CURDLE, could you please briefly explain why we
>>>don't
>>> need signature context in non-TLS areas.
>>
>> The one place we were concerned about attacks was in pre-hash
>>signatures, and we made those a MUST NOT.  And yes, your'e right, it's
>>not relevant to TLS.
>>
>>> So why are we now saying that contexts are not needed even for TLS?
>>
>> I think because the key schedule changed.
>>
>> --
>> Senior Architect, Akamai Technologies
>> Member, OpenSSL Dev Team
>> IM: richsalz@jabber.at Twitter: RichSalz
>>
>>
>
>_______________________________________________
>TLS mailing list
>TLS@ietf.org
>https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email