Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS

Andrei Popov <Andrei.Popov@microsoft.com> Fri, 15 December 2017 18:41 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A97F1270A7 for <tls@ietfa.amsl.com>; Fri, 15 Dec 2017 10:41:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GJWrmaPFjV39 for <tls@ietfa.amsl.com>; Fri, 15 Dec 2017 10:41:09 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0119.outbound.protection.outlook.com [104.47.42.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A385312706D for <tls@ietf.org>; Fri, 15 Dec 2017 10:41:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+3We7bAVOYFAb6jPrJN13Oi9WDpSc+3IsWzZyXVCm14=; b=l9nJdYHNkiJD6rRMgFdBjMdtQ3Q7qSY2uFOfy6vELNCF2rpb2+ieckFyIQ4DvUXQNbFQokdEpUb9DnZ1h4pjHJ8t7d8cZw+2wW+Yrek1x+CKqCClV3khGzFf1d432ZgZ3z8AVbPJAoiwhNc6H7vzXnr8fgYfVO5TftBfSR/m1do=
Received: from MWHPR21MB0189.namprd21.prod.outlook.com (10.173.52.135) by MWHPR21MB0173.namprd21.prod.outlook.com (10.173.52.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.345.1; Fri, 15 Dec 2017 18:41:06 +0000
Received: from MWHPR21MB0189.namprd21.prod.outlook.com ([10.173.52.135]) by MWHPR21MB0189.namprd21.prod.outlook.com ([10.173.52.135]) with mapi id 15.20.0345.002; Fri, 15 Dec 2017 18:41:06 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, Eric Rescorla <ekr@rtfm.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS
Thread-Index: AQHTdSqavAlrna8BzEyYxpCWE2aK26NDc+uAgAAd44CAAARHAIAAATeAgADhAoCAAAcvAIAAL3IAgAAF0ACAAAGYgIAAAKyAgAAFUACAAADZAA==
Date: Fri, 15 Dec 2017 18:41:06 +0000
Message-ID: <MWHPR21MB01893A20A8D0812E880926568C0B0@MWHPR21MB0189.namprd21.prod.outlook.com>
References: <CACsn0cmMbbT1iAfmxnXHe00dNiqBMyoNkk7e2CyTKWrcdRTtcQ@mail.gmail.com> <CAAF6GDf+GxToBAN83O3NtLO4zJ-8Qax8KjMCGhXv_EhY+NDsKg@mail.gmail.com> <20171215020116.04f9ae15@pc1> <CAAF6GDe79w9XH1GrGvvR-+=uEKfi6GczacUX3Jhy0dL_zW67-Q@mail.gmail.com> <20171215143057.GA17121@LK-Perkele-VII> <MWHPR21MB01897F29048C1B2AB66EA7488C0B0@MWHPR21MB0189.namprd21.prod.outlook.com> <20171215174628.GA17601@LK-Perkele-VII> <CABcZeBOsL0a0xHvVWEus_EY3mUNioaV9fsz89Gt+HeqdHpoyDw@mail.gmail.com> <CACsn0ckYPpp5nD2jj4Zmx=ZJvqWzHW0tmmXo-9JeKL45+pRUqw@mail.gmail.com> <CABcZeBPPozOsTxxJO63RmHwTr56Wucx6OYW=kvvhosRUHR1ctA@mail.gmail.com> <20171215183424.GA17780@LK-Perkele-VII>
In-Reply-To: <20171215183424.GA17780@LK-Perkele-VII>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:5::4ca]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR21MB0173; 6:GkeTewFVCVD20H/lKr5BNlS0wL44wBSVj8IpFd0bDNqk0p8QhVH9uyxWvs7EQshwXggQ14cpGXbN1yKTw8XQmXH/98r0+ihgIiFUNazCFJ8itaA1SyVLnH89Nq5+sGBqniayNAGg29tPhz791B9ZOdDw5UqvlDrmpntX3zo1rmaheMWmbAUeeN6nOglRDeu904MPKWqbgzb2cZL2rvNxnTkUvfFdga7wOnvLQruxQ5d+nGbw3VABqnkPo00Fp9K3CNyP0WslFuyszH2KmfADVkMXY305S75riPEbBaarNhE9k6G4ZUFzcNqDKg06DzlzXpYhHIN/jxTVcnq/VK5gEba+2qjTJAc8AUmV1bU+qzM=; 5:fCTiugRNOOo2Xfx8Rb2mhGoDpQ4L2hRS7r1rVDM4CvVKs51XZ/4v9two7s+pkyRf3LhhJt/USjXbCB8QwjLjkscXhkIEWgoqXqLJzM392vBUvG16+Mwu52FiZ/6f+Kwo31LRXk0qkLbyOlnERKhPJf+uwU0TiOx97udhmDG26fM=; 24:ZiORk10VQO0podkzG2G/o5thl4IAAhXSrNKTB+8QbUUVlf7ATScljUs95fcopV5gCo4bXMO9WABaszzu3CiCXMvKYHn/dKdFxk89e3W9AQA=; 7:DdIAnSumAenFhGisx0odkD2tSYMAymKPLG+qlpAERvDMp5EOhrbIh7ZPQ+8hFgz91MGuTAABPSgxDnI+l5kbvXetOSv9ynAaRStld9eN52Xs/6ItKyo1wfrrAON3YCZzzENJrRgHm4BNP2prVh+zXqeNc8F9MRBPBTM4t8kQ2cyl0UTP/ZhhHxxuZHKhrAovdNDsoVCU/SSFrgKkwyjTMdxRTIyID+j0VMJqgn5/q2tIv8e9EjUIiX0aO2gw5CM+
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 67706bf5-548e-4738-6038-08d543eb6723
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603307); SRVR:MWHPR21MB0173;
x-ms-traffictypediagnostic: MWHPR21MB0173:
x-microsoft-antispam-prvs: <MWHPR21MB0173B4BFD989EDC22DA248A28C0B0@MWHPR21MB0173.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078)(219752817060721)(266576461109395);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(2401047)(8121501046)(5005006)(3002001)(10201501046)(3231023)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123558100)(20161123564025)(201703131423075)(201703011903075)(201702281528075)(201703061421075)(20161123562025)(20161123555025)(20161123560025)(6072148)(201708071742011); SRVR:MWHPR21MB0173; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:MWHPR21MB0173;
x-forefront-prvs: 05220145DE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7966004)(396003)(366004)(39860400002)(346002)(376002)(189003)(199004)(24454002)(13464003)(68736007)(74316002)(6116002)(7736002)(305945005)(81166006)(2950100002)(6506007)(22452003)(59450400001)(8990500004)(316002)(102836003)(25786009)(53546011)(4326008)(53936002)(966005)(2900100001)(6246003)(86362001)(72206003)(86612001)(9686003)(110136005)(5660300001)(97736004)(508600001)(81156014)(8676002)(10290500003)(8936002)(105586002)(7696005)(99286004)(3660700001)(77096006)(3280700002)(6306002)(55016002)(76176011)(14454004)(93886005)(6436002)(229853002)(33656002)(2906002)(10090500001)(106356001)(29543002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0173; H:MWHPR21MB0189.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 67706bf5-548e-4738-6038-08d543eb6723
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Dec 2017 18:41:06.7509 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0173
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Io9IX3yWLLIJ28MKhNpXGZnlLWs>
Subject: Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Dec 2017 18:41:11 -0000

It's true, the migration will be slow, but IMHO it still makes sense to define and implement an alternative hash.

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Ilari Liusvaara
Sent: Friday, December 15, 2017 10:34 AM
To: Eric Rescorla <ekr@rtfm.com>;
Cc: tls@ietf.org
Subject: Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS

On Fri, Dec 15, 2017 at 10:15:23AM -0800, Eric Rescorla wrote:
> On Fri, Dec 15, 2017 at 10:12 AM, Watson Ladd <watsonbladd@gmail.com>; wrote:
> 
> > We can force a rotate of all certs in 90 days, and I don't think 
> > most people will notice.
> >
> 
> Unfortunately, there are plenty of longterm certificates with 
> lifetimes >>
> 90 days.

Yes, currently the lifetime limit for public certificates is 39 months, and will be reduced to 825 days (~27 months) effective March 2018.


Then there is backdating to consider. It was seen in both MD5 and SHA-1 deprecations. So maximum certificate lifetime sets limit on how fast features can be flushed out.

And then there would be enormous amounts of endpoints not supporting anything better. Those would have to be upgraded.

All in all, a real mess.


-Ilari

_______________________________________________
TLS mailing list
TLS@ietf.org
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=04%7C01%7CAndrei.Popov%40microsoft.com%7C248257e4202549b54e9208d543ea7ff7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636489596817634560%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=viW%2F6xW3bJoG6SlxgENwp%2BFH8%2Bqnb%2BFynkE4Yxfq%2Bjc%3D&reserved=0