IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 21 November 2016 04:31 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AFE9129572 for <tls@ietfa.amsl.com>; Sun, 20 Nov 2016 20:31:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iWxhnqbD5x3p for <tls@ietfa.amsl.com>; Sun, 20 Nov 2016 20:31:13 -0800 (PST)
Received: from mail-wj0-x22d.google.com (mail-wj0-x22d.google.com [IPv6:2a00:1450:400c:c01::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ACF312956C for <tls@ietf.org>; Sun, 20 Nov 2016 20:31:12 -0800 (PST)
Received: by mail-wj0-x22d.google.com with SMTP id xy5so21681287wjc.0 for <tls@ietf.org>; Sun, 20 Nov 2016 20:31:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=uKGPwAbxenFM1Y3TN18lRPaVx4RmnJbH+1C/aoPPH9c=; b=Vr2Vf2F6JusLd8fVt03IsIjpLEpM55P6gh41pccrBhhpVBOGsrHDIHjJ7S4eU07A/y 33UarNhneyzJFqQtwA7jgzu03zBo9HXx/JwZpdQBUfTzSYnOUcQvzK5uN9yJFaj6FA+5 8Nm+/wgsjOBX8g2ZXOa+6UI7wUNxQITMpHTdaDuTL5djiGlmt1RJE78NXop6Xg3pu4tI PCynUDgMlhmD2vXiTi5SpM4pRBln5B85RxR1ZgUQ4t1RyJHaB/7GKfET7yEwBm+x96cu nmbuCDIfBFiEwR9hecQ7d/FGMIb68Bj1mfD2PgvvdLg6/Yq2wYUpbecs15yOUwnFf+gE NUDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=uKGPwAbxenFM1Y3TN18lRPaVx4RmnJbH+1C/aoPPH9c=; b=NLrRZfzjYpi0mn3azdg8+0f0pfTR0ZXVWYFAqlK4U1sP6iELiMAbtyAVVE40GWA7kR tOYwx+3e7SM9X2eSC8I53Iuf8FJIFrrNXGOnsrQxAexZ84IMIxcJYneITYB0es5USir1 YfytREzqzhs5aqY07gFzX4A1rxl4wI/+F31CDlw8Ce4FvHBOedx4RS5AHZLzWSI/R/hS 9H9Gf0UEBKgWJda3rLK3QBlDSZ+c32asrSR8h/R0tx1sZSNUWvCPwyL07KfVE3XaQRQi pOmiV/r3gd6Zf4UrUQDHQzk20iWV3irsCrDlC1DwEFzWJfAxGk7CtMv3PaV1IHo5Sc4u rdMg==
X-Gm-Message-State: AKaTC01/TsEE8Gn75dFPHB/LxL0VaV6dW/WQR7hn8nXz9LPg3VcS4Nzc2BDK+15DAs1C/A==
X-Received: by 10.194.2.198 with SMTP id 6mr8907003wjw.51.1479702670701; Sun, 20 Nov 2016 20:31:10 -0800 (PST)
Received: from [192.168.43.74] ([2.53.141.102]) by smtp.gmail.com with ESMTPSA id ua15sm22629530wjb.1.2016.11.20.20.31.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 20 Nov 2016 20:31:09 -0800 (PST)
To: "Salz, Rich" <rsalz@akamai.com>, Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <62B88142-2DBE-439F-AD4A-309053925794@sn3rd.com> <7462904085cc4a94914298af81157031@usma1ex-dag1mb1.msg.corp.akamai.com> <7de8f9da-8ab1-cfc2-00ad-9c91c7694174@gmail.com> <8394bafcd99344838d878b5e8cf5b524@usma1ex-dag1mb1.msg.corp.akamai.com>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <8262a7bf-6c19-0a23-9d0b-8f59344444aa@gmail.com>
Date: Mon, 21 Nov 2016 06:31:05 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <8394bafcd99344838d878b5e8cf5b524@usma1ex-dag1mb1.msg.corp.akamai.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ISoAyPQeDgUqLgakcCCcACvtIyo>
Subject: Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2016 04:31:14 -0000

So the key schedule changed and therefore we think cross-version attacks 
are impossible. Have we also analyzed other protocols to ensure that 
cross protocol attacks, e.g. with SSH or IPsec, are out of the question?

Put differently, algorithm designers gave us a cheap, easy to use tool 
to avoid a class of potential attacks. Why are we insisting on not using it?

Thanks,
	Yaron

On 20/11/16 17:33, Salz, Rich wrote:
>> For those who missed CURDLE, could you please briefly explain why we don't
>> need signature context in non-TLS areas.
>
> The one place we were concerned about attacks was in pre-hash signatures, and we made those a MUST NOT.  And yes, your'e right, it's not relevant to TLS.
>
>> So why are we now saying that contexts are not needed even for TLS?
>
> I think because the key schedule changed.
>
> --
> Senior Architect, Akamai Technologies
> Member, OpenSSL Dev Team
> IM: richsalz@jabber.at Twitter: RichSalz
>
>

v2.23.0 | Report a Bug | By Email