IETF Logo Mail Archive

Re: [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-11.txt

Bodo Moeller <bmoeller@acm.org> Fri, 27 May 2005 06:53 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DbYj0-0007c5-Be; Fri, 27 May 2005 02:53:42 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DbYiy-0007bf-Ip for tls@megatron.ietf.org; Fri, 27 May 2005 02:53:40 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA14514 for <tls@ietf.org>; Fri, 27 May 2005 02:53:37 -0400 (EDT)
Received: from moutng.kundenserver.de ([212.227.126.186]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DbZ1e-0002jR-J5 for tls@ietf.org; Fri, 27 May 2005 03:13:01 -0400
Received: from S01060030bdc6ced5.cg.shawcable.net [68.147.30.54] (helo=tau.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0MKxQS-1DbYiq1aId-0006e3; Fri, 27 May 2005 08:53:32 +0200
Received: by tau.local (Postfix, from userid 500) id A7FDE2F19D; Fri, 27 May 2005 00:52:49 -0600 (MDT)
Date: Fri, 27 May 2005 00:52:49 -0600
From: Bodo Moeller <bmoeller@acm.org>
To: tls@ietf.org
Subject: Re: [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-11.txt
Message-ID: <20050527065249.GA17836@tau.local>
References: <200505181951.PAA01480@ietf.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <200505181951.PAA01480@ietf.org>
User-Agent: Mutt/1.4i
X-Provags-ID: kundenserver.de abuse@kundenserver.de login:2100a517a32aea841b51dac1f7c5a318
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 25620135586de10c627e3628c432b04a
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Sender: tls-bounces@lists.ietf.org
Errors-To: tls-bounces@lists.ietf.org

On Wed, May 18, 2005 at 03:51:12PM -0400, Internet-Drafts@ietf.org wrote:

> 	Title		: The TLS Protocol Version 1.1
> 	Author(s)	: T. Dierks, E. Rescorla
> 	Filename	: draft-ietf-tls-rfc2246-bis-11.txt
> 	Pages		: 90
> 	Date		: 2005-5-18

> http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-11.txt

This new ID does not yet correct the inconsistencies for some field
and type names pointed out in
<URL:http://www.imc.org/ietf-tls/mail-archive/msg04525.html>,
reproduced below.

But first, here's a new comment:

7.4.7.1. RSA encrypted premaster secret message

       [...]                                         In practice, since
       there are no significant known security differences between TLS
       and SSLv3, rollback to SSLv3 is not believed to be a serious
       security risk.

Discussing "security differences between TLS and SSLv3" is a little
odd because this sounds like comparing two protocol versions.  But in
fact this specification defines TLS 1.1, so there are three protocol
versions to take into account.  And there are security differences
both between SSL 3.0 and TLS 1.0 *and* between TLS 1.0 and TLS 1.1:
TLS 1.1 uses explicit IVs for CBC encryption to avoid deficiencies
present in both earlier versions; SSL 3.0 has additional weaknesses
due to its failure to completely specify block cipher padding
(as I pointed out in
http://www.imc.org/ietf-tls/mail-archive/msg03983.html).



>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Section 7.4.3 defines

       struct {
           opaque rsa_modulus<1..2^16-1>;
           opaque rsa_exponent<1..2^16-1>;
       } ServerRSAParams;

       struct {
           opaque dh_p<1..2^16-1>;
           opaque dh_g<1..2^16-1>;
           opaque dh_Ys<1..2^16-1>;
       } ServerDHParams;     /* Ephemeral DH parameters */

but Appendix A.4.2 has capitalized versions of the names.

    struct {
        opaque RSA_modulus<1..2^16-1>;
        opaque RSA_exponent<1..2^16-1>;
    } ServerRSAParams;

    struct {
        opaque DH_p<1..2^16-1>;
        opaque DH_g<1..2^16-1>;
        opaque DH_Ys<1..2^16-1>;
    } ServerDHParams;

Generally, the principle appears to be that field names should be
[mostly] lower-case, with capital letters reserved for type names,
so it's A.4.2 that should be changed.


And in A.4.3, the type definition for ClientKeyExchange refers to a
"DiffieHellmanClientPublicValue" type.  But this should actually
be "ClientDiffieHellmanPublic".
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email