Re: [TLS] padding bug (was: Re: Requesting feedback on TACK draft)
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Tue, 24 September 2013 14:43 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64FA221F9A16 for <tls@ietfa.amsl.com>; Tue, 24 Sep 2013 07:43:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level:
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[AWL=-0.312, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q8y7uRworXoA for <tls@ietfa.amsl.com>; Tue, 24 Sep 2013 07:43:13 -0700 (PDT)
Received: from db9outboundpool.messaging.microsoft.com (mail-db9lp0249.outbound.messaging.microsoft.com [213.199.154.249]) by ietfa.amsl.com (Postfix) with ESMTP id 0336311E8139 for <tls@ietf.org>; Tue, 24 Sep 2013 07:43:07 -0700 (PDT)
Received: from mail41-db9-R.bigfish.com (10.174.16.251) by DB9EHSOBE018.bigfish.com (10.174.14.81) with Microsoft SMTP Server id 14.1.225.22; Tue, 24 Sep 2013 14:43:06 +0000
Received: from mail41-db9 (localhost [127.0.0.1]) by mail41-db9-R.bigfish.com (Postfix) with ESMTP id 4946AC001DC; Tue, 24 Sep 2013 14:43:06 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.249.149; KIP:(null); UIP:(null); IPV:NLI; H:AM2PRD0311HT001.eurprd03.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -7
X-BigFish: PS-7(zzbb2dI98dI1432I1447Izz1f42h208ch1ee6h1de0h1d18h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1de098h17326ah1de097h186068h5eeeK8275bh8275dhz2dh2a8h839h944he5bhf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah1d0ch1d2eh1d3fh1dc1h1dfeh1dffh1fe8h1ff5h209eh1155h)
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(189002)(51704005)(199002)(243025003)(51914003)(479174003)(24454002)(66066001)(80022001)(81542001)(83506001)(79102001)(69226001)(63696002)(59766001)(81342001)(77982001)(54356001)(53806001)(65816001)(74706001)(56776001)(54316002)(76482001)(74366001)(76786001)(74482001)(74876001)(51856001)(76796001)(47446002)(74502001)(80976001)(81816001)(76176001)(81686001)(83072001)(74662001)(83322001)(36756003)(56816003)(4396001)(47976001)(47736001)(49866001)(50986001)(31966008)(46102001)(19580405001)(19580395003); DIR:OUT; SFP:; SCL:1; SRVR:AMXPR03MB280; H:AMXPR03MB277.eurprd03.prod.outlook.com; CLIP:134.219.227.30; FPR:; RD:InfoNoRecords; MX:1; A:1; LANG:en;
Received: from mail41-db9 (localhost.localdomain [127.0.0.1]) by mail41-db9 (MessageSwitch) id 1380033784201212_6641; Tue, 24 Sep 2013 14:43:04 +0000 (UTC)
Received: from DB9EHSMHS029.bigfish.com (unknown [10.174.16.250]) by mail41-db9.bigfish.com (Postfix) with ESMTP id 226BAC40046; Tue, 24 Sep 2013 14:43:04 +0000 (UTC)
Received: from AM2PRD0311HT001.eurprd03.prod.outlook.com (157.56.249.149) by DB9EHSMHS029.bigfish.com (10.174.14.39) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 24 Sep 2013 14:43:03 +0000
Received: from AMXPR03MB280.eurprd03.prod.outlook.com (10.242.69.154) by AM2PRD0311HT001.eurprd03.prod.outlook.com (10.255.162.36) with Microsoft SMTP Server (TLS) id 14.16.359.1; Tue, 24 Sep 2013 14:43:02 +0000
Received: from AMXPR03MB277.eurprd03.prod.outlook.com (10.242.69.140) by AMXPR03MB280.eurprd03.prod.outlook.com (10.242.69.154) with Microsoft SMTP Server (TLS) id 15.0.775.9; Tue, 24 Sep 2013 14:43:02 +0000
Received: from AMXPR03MB277.eurprd03.prod.outlook.com ([10.242.69.140]) by AMXPR03MB277.eurprd03.prod.outlook.com ([169.254.16.89]) with mapi id 15.00.0775.005; Tue, 24 Sep 2013 14:43:02 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Bodo Moeller <bmoeller@acm.org>
Thread-Topic: [TLS] padding bug (was: Re: Requesting feedback on TACK draft)
Thread-Index: AQHOrV7JqCYZI8YfRkeamC+FHpvRkpm9gp+AgBeHzICAACUTgA==
Date: Tue, 24 Sep 2013 14:43:01 +0000
Message-ID: <CE676331.B780%kenny.paterson@rhul.ac.uk>
In-Reply-To: <CADMpkc+fErXMzB_g8M-PiR+s-94p1=kN=Zi8+1Oftppqe8Zv8g@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.6.130613
x-originating-ip: [134.219.227.30]
x-forefront-prvs: 09796A1B83
Content-Type: text/plain; charset="us-ascii"
Content-ID: <B36615800DEF1F41813F3F801071ED7E@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Cc: Alfredo Pironti <alfredo@pironti.eu>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] padding bug (was: Re: Requesting feedback on TACK draft)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 14:43:18 -0000
On 24/09/2013 15:30, "Bodo Moeller" <bmoeller@acm.org> wrote: > > >1. There is some formal support for the "Pad-then-encrypt-then-MAC" >approach being used in the above Approach #1 in the following paper: > > >I think here you meant "Pad-then-MAC-then-encrypt". > > Yes, thanks for the correction. > >Kenneth G. Paterson and Gaven J. Watson > >Authenticated-Encryption with Padding: A Formal Security Treatment >Cryptography and Security: From Theory to Applications > >Lecture Notes in Computer Science Volume 6805, 2012, pp 83-107. > >http://link.springer.com/book/10.1007/978-3-642-28368-0 > > > >See in particular, Theorem 8 in the paper. > >Unfortunately, this paper is behind Springer's paywall. For those on the >list without access, you can access the same content in Chapter 5 (Theorem >5.6, page 96) of Gaven Watson's Ph.D. Thesis, available here: > >http://www.isg.rhul.ac.uk/~kp/theses/GWthesis.pdf > > > > > > > >
- [TLS] Requesting feedback on TACK draft Trevor Perrin
- Re: [TLS] Requesting feedback on TACK draft Peter Gutmann
- Re: [TLS] Requesting feedback on TACK draft Lewis, Nick
- [TLS] padding bug (was: Re: Requesting feedback o… Peter Saint-Andre
- Re: [TLS] padding bug Dr Stephen Henson
- Re: [TLS] padding bug Dr Stephen Henson
- Re: [TLS] padding bug Nikos Mavrogiannopoulos
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Eric Rescorla
- Re: [TLS] padding bug (was: Re: Requesting feedba… Alfredo Pironti
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Yaron Sheffer
- Re: [TLS] padding bug (was: Re: Requesting feedba… Paterson, Kenny
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Adam Langley
- Re: [TLS] padding bug Ben Laurie
- Re: [TLS] padding bug Dr Stephen Henson
- Re: [TLS] padding bug Nico Williams
- Re: [TLS] padding bug Nikos Mavrogiannopoulos
- Re: [TLS] padding bug Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] padding bug (was: Re: Requesting feedba… Bodo Moeller
- Re: [TLS] padding bug (was: Re: Requesting feedba… Paterson, Kenny
- Re: [TLS] padding bug Brian Smith
- Re: [TLS] padding bug Martin Rex
- [TLS] Encrypt-then-MAC again (was Re: padding bug) Michael D'Errico
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Watson Ladd
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Paterson, Kenny
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Michael D'Errico
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ben Laurie
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Bryan C. Geraghty
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- [TLS] Would this fix RC4 again? (was Re: Encrypt-… Michael D'Errico
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Watson Ladd
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Paterson, Kenny
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Nikos Mavrogiannopoulos
- Re: [TLS] Would this fix RC4 again? (was Re: Encr… Jacob Appelbaum
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Ralf Skyper Kaiser
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Alex Elsayed
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Paterson, Kenny
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- [TLS] draft-mavrogiannopoulos-new-tls-padding-00 Martin Rex
- Re: [TLS] draft-mavrogiannopoulos-new-tls-padding… Nikos Mavrogiannopoulos