Re: [TLS] questions regarding draft-ietf-tls-rfc2246-bis-13.txt
Sami Lehtinen <sjl@ssh.com> Mon, 13 February 2006 08:03 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8YgD-0003qC-DG; Mon, 13 Feb 2006 03:03:29 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8YgB-0003q2-BB for tls@megatron.ietf.org; Mon, 13 Feb 2006 03:03:27 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA23599 for <tls@ietf.org>; Mon, 13 Feb 2006 03:01:41 -0500 (EST)
Received: from fw.hel.fi.ssh.com ([195.20.116.97]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F8Ytg-0006ZT-Nm for tls@ietf.org; Mon, 13 Feb 2006 03:17:29 -0500
Received: from viikuna.hel.fi.ssh.com (viikuna.hel.fi.ssh.com [10.1.0.46]) by fw.hel.fi.ssh.com (SSH-1.16) with SMTP id k1D83KK6010331 for <tls@ietf.org>; Mon, 13 Feb 2006 10:03:20 +0200 (EET)
Received: (qmail 517 invoked from network); 13 Feb 2006 08:03:20 -0000
Received: from unknown (HELO ?127.0.0.1?) ([10.1.0.48]) (envelope-sender <sjl@ssh.com>) by viikuna.hel.fi.ssh.com (qmail-ldap-1.03) with SMTP for <tls@ietf.org>; 13 Feb 2006 08:03:20 -0000
Message-ID: <43F03D43.5060604@ssh.com>
Date: Mon, 13 Feb 2006 10:03:15 +0200
From: Sami Lehtinen <sjl@ssh.com>
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Subject: Re: [TLS] questions regarding draft-ietf-tls-rfc2246-bis-13.txt
References: <43C5FF00.5040704@ssh.com> <868xsogvgm.fsf@raman.networkresonance.com>
In-Reply-To: <868xsogvgm.fsf@raman.networkresonance.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e8a67952aa972b528dd04570d58ad8fe
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Sender: tls-bounces@lists.ietf.org
Errors-To: tls-bounces@lists.ietf.org
Eric Rescorla wrote: > Sami Lehtinen <sjl@ssh.com> writes: >>In section 6.2.3.2. CBC block cipher: >> >> The encrypted data length (TLSCiphertext.length) is one more than the >> sum of TLSCompressed.length, CipherSpec.hash_size, and >> padding_length. >> >>Should this be: >> >> The encrypted data length (TLSCiphertext.length) is one more than the >> sum of CipherSpec.block_length, TLSCompressed.length, >> ^^^^^^^^^^^^^^^^^^^^^^^^^ >> CipherSpec.hash_size, and padding_length. >> >>to accommondate for the explicit IV? > > > I've reviewed this and I believe this is incorrect. You can form the > explicit IV by encrypting a non-explicit IV, but it's not properly > part of the ciphertext. So, in your opinion the explicit IV length is _not_ added to the TLSCiphertext.length? Record layer implementation thus needs to take into account that we are running TLS1.1, have a block cipher (=> explicit IVs) and add CipherSpec.block_length (size of IV) to received record layer length when reading the record? From draft-ietf-tls-rfc2246-bis-13.txt: struct { ContentType type; ProtocolVersion version; uint16 length; select (CipherSpec.cipher_type) { case stream: GenericStreamCipher; case block: GenericBlockCipher; } fragment; } TLSCiphertext; [...] length The length (in bytes) of the following TLSCiphertext.fragment. The length may not exceed 2^14 + 2048. and fragment is: block-ciphered struct { opaque IV[CipherSpec.block_length]; opaque content[TLSCompressed.length]; opaque MAC[CipherSpec.hash_size]; uint8 padding[GenericBlockCipher.padding_length]; uint8 padding_length; } GenericBlockCipher; To me, `length' specification above reads as "length = sizeof(GenericBlockCipher)", which would include the size of the IV. -- sjl@ssh.com _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] questions regarding draft-ietf-tls-rfc2246-… Sami Lehtinen
- Re: [TLS] questions regarding draft-ietf-tls-rfc2… jimmy
- Re: [TLS] questions regarding draft-ietf-tls-rfc2… Eric Rescorla
- Re: [TLS] questions regarding draft-ietf-tls-rfc2… jimmy
- Re: [TLS] questions regarding draft-ietf-tls-rfc2… Eric Rescorla
- Re: [TLS] questions regarding draft-ietf-tls-rfc2… Sami Lehtinen
- Re: [TLS] questions regarding draft-ietf-tls-rfc2… Eric Rescorla
- Re: [TLS] questions regarding draft-ietf-tls-rfc2… Sami Lehtinen