Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS
Andrei Popov <Andrei.Popov@microsoft.com> Fri, 15 December 2017 18:41 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A97F1270A7 for <tls@ietfa.amsl.com>; Fri, 15 Dec 2017 10:41:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GJWrmaPFjV39 for <tls@ietfa.amsl.com>; Fri, 15 Dec 2017 10:41:09 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0119.outbound.protection.outlook.com [104.47.42.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A385312706D for <tls@ietf.org>; Fri, 15 Dec 2017 10:41:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+3We7bAVOYFAb6jPrJN13Oi9WDpSc+3IsWzZyXVCm14=; b=l9nJdYHNkiJD6rRMgFdBjMdtQ3Q7qSY2uFOfy6vELNCF2rpb2+ieckFyIQ4DvUXQNbFQokdEpUb9DnZ1h4pjHJ8t7d8cZw+2wW+Yrek1x+CKqCClV3khGzFf1d432ZgZ3z8AVbPJAoiwhNc6H7vzXnr8fgYfVO5TftBfSR/m1do=
Received: from MWHPR21MB0189.namprd21.prod.outlook.com (10.173.52.135) by MWHPR21MB0173.namprd21.prod.outlook.com (10.173.52.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.345.1; Fri, 15 Dec 2017 18:41:06 +0000
Received: from MWHPR21MB0189.namprd21.prod.outlook.com ([10.173.52.135]) by MWHPR21MB0189.namprd21.prod.outlook.com ([10.173.52.135]) with mapi id 15.20.0345.002; Fri, 15 Dec 2017 18:41:06 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, Eric Rescorla <ekr@rtfm.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS
Thread-Index: AQHTdSqavAlrna8BzEyYxpCWE2aK26NDc+uAgAAd44CAAARHAIAAATeAgADhAoCAAAcvAIAAL3IAgAAF0ACAAAGYgIAAAKyAgAAFUACAAADZAA==
Date: Fri, 15 Dec 2017 18:41:06 +0000
Message-ID: <MWHPR21MB01893A20A8D0812E880926568C0B0@MWHPR21MB0189.namprd21.prod.outlook.com>
References: <CACsn0cmMbbT1iAfmxnXHe00dNiqBMyoNkk7e2CyTKWrcdRTtcQ@mail.gmail.com> <CAAF6GDf+GxToBAN83O3NtLO4zJ-8Qax8KjMCGhXv_EhY+NDsKg@mail.gmail.com> <20171215020116.04f9ae15@pc1> <CAAF6GDe79w9XH1GrGvvR-+=uEKfi6GczacUX3Jhy0dL_zW67-Q@mail.gmail.com> <20171215143057.GA17121@LK-Perkele-VII> <MWHPR21MB01897F29048C1B2AB66EA7488C0B0@MWHPR21MB0189.namprd21.prod.outlook.com> <20171215174628.GA17601@LK-Perkele-VII> <CABcZeBOsL0a0xHvVWEus_EY3mUNioaV9fsz89Gt+HeqdHpoyDw@mail.gmail.com> <CACsn0ckYPpp5nD2jj4Zmx=ZJvqWzHW0tmmXo-9JeKL45+pRUqw@mail.gmail.com> <CABcZeBPPozOsTxxJO63RmHwTr56Wucx6OYW=kvvhosRUHR1ctA@mail.gmail.com> <20171215183424.GA17780@LK-Perkele-VII>
In-Reply-To: <20171215183424.GA17780@LK-Perkele-VII>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:5::4ca]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR21MB0173; 6:GkeTewFVCVD20H/lKr5BNlS0wL44wBSVj8IpFd0bDNqk0p8QhVH9uyxWvs7EQshwXggQ14cpGXbN1yKTw8XQmXH/98r0+ihgIiFUNazCFJ8itaA1SyVLnH89Nq5+sGBqniayNAGg29tPhz791B9ZOdDw5UqvlDrmpntX3zo1rmaheMWmbAUeeN6nOglRDeu904MPKWqbgzb2cZL2rvNxnTkUvfFdga7wOnvLQruxQ5d+nGbw3VABqnkPo00Fp9K3CNyP0WslFuyszH2KmfADVkMXY305S75riPEbBaarNhE9k6G4ZUFzcNqDKg06DzlzXpYhHIN/jxTVcnq/VK5gEba+2qjTJAc8AUmV1bU+qzM=; 5:fCTiugRNOOo2Xfx8Rb2mhGoDpQ4L2hRS7r1rVDM4CvVKs51XZ/4v9two7s+pkyRf3LhhJt/USjXbCB8QwjLjkscXhkIEWgoqXqLJzM392vBUvG16+Mwu52FiZ/6f+Kwo31LRXk0qkLbyOlnERKhPJf+uwU0TiOx97udhmDG26fM=; 24:ZiORk10VQO0podkzG2G/o5thl4IAAhXSrNKTB+8QbUUVlf7ATScljUs95fcopV5gCo4bXMO9WABaszzu3CiCXMvKYHn/dKdFxk89e3W9AQA=; 7:DdIAnSumAenFhGisx0odkD2tSYMAymKPLG+qlpAERvDMp5EOhrbIh7ZPQ+8hFgz91MGuTAABPSgxDnI+l5kbvXetOSv9ynAaRStld9eN52Xs/6ItKyo1wfrrAON3YCZzzENJrRgHm4BNP2prVh+zXqeNc8F9MRBPBTM4t8kQ2cyl0UTP/ZhhHxxuZHKhrAovdNDsoVCU/SSFrgKkwyjTMdxRTIyID+j0VMJqgn5/q2tIv8e9EjUIiX0aO2gw5CM+
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 67706bf5-548e-4738-6038-08d543eb6723
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603307); SRVR:MWHPR21MB0173;
x-ms-traffictypediagnostic: MWHPR21MB0173:
x-microsoft-antispam-prvs: <MWHPR21MB0173B4BFD989EDC22DA248A28C0B0@MWHPR21MB0173.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078)(219752817060721)(266576461109395);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(2401047)(8121501046)(5005006)(3002001)(10201501046)(3231023)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123558100)(20161123564025)(201703131423075)(201703011903075)(201702281528075)(201703061421075)(20161123562025)(20161123555025)(20161123560025)(6072148)(201708071742011); SRVR:MWHPR21MB0173; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:MWHPR21MB0173;
x-forefront-prvs: 05220145DE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7966004)(396003)(366004)(39860400002)(346002)(376002)(189003)(199004)(24454002)(13464003)(68736007)(74316002)(6116002)(7736002)(305945005)(81166006)(2950100002)(6506007)(22452003)(59450400001)(8990500004)(316002)(102836003)(25786009)(53546011)(4326008)(53936002)(966005)(2900100001)(6246003)(86362001)(72206003)(86612001)(9686003)(110136005)(5660300001)(97736004)(508600001)(81156014)(8676002)(10290500003)(8936002)(105586002)(7696005)(99286004)(3660700001)(77096006)(3280700002)(6306002)(55016002)(76176011)(14454004)(93886005)(6436002)(229853002)(33656002)(2906002)(10090500001)(106356001)(29543002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0173; H:MWHPR21MB0189.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 67706bf5-548e-4738-6038-08d543eb6723
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Dec 2017 18:41:06.7509 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0173
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Io9IX3yWLLIJ28MKhNpXGZnlLWs>
Subject: Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Dec 2017 18:41:11 -0000
It's true, the migration will be slow, but IMHO it still makes sense to define and implement an alternative hash. -----Original Message----- From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Ilari Liusvaara Sent: Friday, December 15, 2017 10:34 AM To: Eric Rescorla <ekr@rtfm.com> Cc: tls@ietf.org Subject: Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS On Fri, Dec 15, 2017 at 10:15:23AM -0800, Eric Rescorla wrote: > On Fri, Dec 15, 2017 at 10:12 AM, Watson Ladd <watsonbladd@gmail.com> wrote: > > > We can force a rotate of all certs in 90 days, and I don't think > > most people will notice. > > > > Unfortunately, there are plenty of longterm certificates with > lifetimes >> > 90 days. Yes, currently the lifetime limit for public certificates is 39 months, and will be reduced to 825 days (~27 months) effective March 2018. Then there is backdating to consider. It was seen in both MD5 and SHA-1 deprecations. So maximum certificate lifetime sets limit on how fast features can be flushed out. And then there would be enormous amounts of endpoints not supporting anything better. Those would have to be upgraded. All in all, a real mess. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=04%7C01%7CAndrei.Popov%40microsoft.com%7C248257e4202549b54e9208d543ea7ff7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636489596817634560%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=viW%2F6xW3bJoG6SlxgENwp%2BFH8%2Bqnb%2BFynkE4Yxfq%2Bjc%3D&reserved=0
- [TLS] A closer look at ROBOT, BB Attacks, timing … Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Watson Ladd
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hanno Böck
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Yoav Nir
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Nikos Mavrogiannopoulos
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Kathleen Moriarty
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hanno Böck
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Eric Rescorla
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Watson Ladd
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Eric Rescorla
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Eric Rescorla
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Tim Hollebeek
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Tim Hollebeek
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Martin Rex
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Martin Rex
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Peter Gutmann
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh