IETF Logo Mail Archive

Re: [TLS] TLS1.3

"Lewis, Nick" <nick.lewis@usa.g4s.com> Thu, 07 February 2013 09:30 UTC

Return-Path: <nick.lewis@usa.g4s.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EE9021F85A4 for <tls@ietfa.amsl.com>; Thu, 7 Feb 2013 01:30:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.259
X-Spam-Level:
X-Spam-Status: No, score=-4.259 tagged_above=-999 required=5 tests=[AWL=0.262, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SUBJ_ALL_CAPS=2.077, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xTtXUjRlPfaQ for <tls@ietfa.amsl.com>; Thu, 7 Feb 2013 01:30:05 -0800 (PST)
Received: from mail1.bemta3.messagelabs.com (mail1.bemta3.messagelabs.com [195.245.230.34]) by ietfa.amsl.com (Postfix) with ESMTP id 04E5621F8599 for <tls@ietf.org>; Thu, 7 Feb 2013 01:30:04 -0800 (PST)
Received: from [85.158.137.19:36936] by server-7.bemta-3.messagelabs.com id A1/34-10367-B1473115; Thu, 07 Feb 2013 09:30:03 +0000
X-Env-Sender: nick.lewis@usa.g4s.com
X-Msg-Ref: server-10.tower-39.messagelabs.com!1360229402!11474221!1
X-Originating-IP: [89.206.228.155]
X-StarScan-Received:
X-StarScan-Version: 6.7; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 23794 invoked from network); 7 Feb 2013 09:30:03 -0000
Received: from unallocated.star.net.uk (HELO gbtwk10s038.Technology.local) (89.206.228.155) by server-10.tower-39.messagelabs.com with RC4-SHA encrypted SMTP; 7 Feb 2013 09:30:03 -0000
Received: from GBTWK10E001.Technology.local ([10.234.1.29]) by gbtwk10s038.Technology.local ([10.234.1.40]) with mapi; Thu, 7 Feb 2013 09:30:02 +0000
From: "Lewis, Nick" <nick.lewis@usa.g4s.com>
To: 'Peter Gutmann' <pgut001@cs.auckland.ac.nz>, "tls@ietf.org" <tls@ietf.org>
Date: Thu, 07 Feb 2013 09:30:02 +0000
Thread-Topic: [TLS] TLS1.3
Thread-Index: Ac4FE4Gn8VTUVV70S7y96B4k/17gyQAAFUmw
Message-ID: <AAE0766F5AF36B46BAB7E0EFB9273206194A67DCD1@GBTWK10E001.Technology.local>
References: <AAE0766F5AF36B46BAB7E0EFB9273206194A67DCD0@GBTWK10E001.Technology.local> <E1U3NYO-0008PQ-Jt@login01.fos.auckland.ac.nz>
In-Reply-To: <E1U3NYO-0008PQ-Jt@login01.fos.auckland.ac.nz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] TLS1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2013 09:30:06 -0000

>I already have the necessary draft 90% complete, you don't need a rev of TLS,
>just an extension "would you like to do encrypt-then-MAC" in the client hello,
>and a corresponding "yes, let's do encrypt-then-MAC" in the server hello.
>Works with any version of TLS.  I'll post it in the next day or two.
>Peter.

Is this really ok for all cipher suites?
In those cases that the hash is weak e.g. MD5-HMAC maybe the underlying key could be exposed?
Padding the plain text up to a multiple of the cipher block size (minus the hash size) ahead of doing the MAC is a more modest change that may be more widely applicable to existing cipher suites - with a "pad-then MAC" client hello

Nick




The details of this company are as follows:
G4S Technology Limited, Registered Office: Challenge House, International Drive, Tewkesbury, Gloucestershire GL20 8UQ, Registered in England No. 2382338.

This communication may contain information which is confidential, personal and/or privileged.

It is for the exclusive use of the intended recipient(s).
If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited.

Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them.

Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity.

This e-mail has been scanned for all viruses by MessageLabs.

v2.23.0 | Report a Bug | By Email