IETF Logo Mail Archive

Re: [TLS] rfc7366: is encrypt-then-mac implemented?

"Christian Kahlo" <christian.kahlo@ageto.net> Thu, 30 October 2014 16:10 UTC

Return-Path: <christian.kahlo@ageto.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA7B61A005A for <tls@ietfa.amsl.com>; Thu, 30 Oct 2014 09:10:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NriaX9M9GTb2 for <tls@ietfa.amsl.com>; Thu, 30 Oct 2014 09:09:59 -0700 (PDT)
Received: from mail-lb0-f177.google.com (mail-lb0-f177.google.com [209.85.217.177]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E4131A0043 for <tls@ietf.org>; Thu, 30 Oct 2014 09:09:56 -0700 (PDT)
Received: by mail-lb0-f177.google.com with SMTP id 10so4601116lbg.36 for <tls@ietf.org>; Thu, 30 Oct 2014 09:09:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:reply-to:from:to:references :in-reply-to:subject:date:organization:mime-version:content-type :content-transfer-encoding:thread-index:content-language; bh=Ssn94pDhBfOLIWntJuGmEItv5GlIzVqxEeLGF21iSQw=; b=m+XxNYXfRv7+Zpojf3qA3ntSWosqqa5pG+TWNglk0TTMCTAyT+wae8hy0VBndM9pVX Lkbh4mnDbVCC2fafOs1+7XOQ3hShL415AEwTgLK9yGUCBMl5G+9qYsX2VmOW34Wmvdgw DCheqqMVMI5d1+aqi7gsM8a9hCqfFTQ2K3EsUec7x1oOhzG+c1GTiVla1xiJpUeErRaL /X+XDSkMelbI2iRmXaIizAtvD74+lMXHw/mKyaegkCackIVdZONHr3JyBL1CCBbIN8k5 GetWPD6Xgq2Aqh7G4EUHaHDPme/Dtr+W7fzoq3OUrDHs3u7kEvf7zP7HRDKl2fHszwci /Ifw==
X-Gm-Message-State: ALoCoQmtU5u3EZfj9kI5mBVbNvYihFSJwO2tvrzXbDvNIFaNE0TethjCYyTVyTgEQl94tnMDehNW
X-Received: by 10.152.7.175 with SMTP id k15mr19884437laa.58.1414685394476; Thu, 30 Oct 2014 09:09:54 -0700 (PDT)
Received: from THINK2 ([82.119.170.75]) by mx.google.com with ESMTPSA id h9sm3352855lae.44.2014.10.30.09.09.52 for <multiple recipients> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 30 Oct 2014 09:09:53 -0700 (PDT)
Message-ID: <545262d1.c913980a.262d.ffffb8ac@mx.google.com>
X-Google-Original-Message-ID: <004a01cff45b$f0c30e30$d2492a90$@kahlo@ageto.net>
From: Christian Kahlo <christian.kahlo@ageto.net>
To: 'Peter Gutmann' <pgut001@cs.auckland.ac.nz>, tls@ietf.org
References: <9A043F3CF02CD34C8E74AC1594475C739B9DC04D@uxcn10-5.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C739B9DC04D@uxcn10-5.UoA.auckland.ac.nz>
Date: Thu, 30 Oct 2014 17:09:51 +0100
Organization: AGETO Innovation GmbH
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac/0QlyClWW7Q6CgQVidvuiE5f8+/wAFO75A
Content-Language: de
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/KUuApcPZoVBRTo_0Ch2Uq5i1ZNE
Subject: Re: [TLS] rfc7366: is encrypt-then-mac implemented?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: c.kahlo@ageto.net
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Oct 2014 16:10:02 -0000

> >But as stated before I'll have a look in the final RFC and compare it
> to the
> >currently deployed implementation.
> 
> See the more recent messages about this though, there are two possible
> interpretations, both equally valid, so don't go changing things just
> yet :-).

Done so. After reading some dozen eMails and bug reports at different
sites (Google, Mozilla) I think I'm now up to date what the whole
discussion is about.

I understood "TLSCipherText.length" in the MAC-function as the length
of the encrypted and padded data because the MAC is calculated exactly
over this - not anything else. This seemed quite logical to me. But I
now realize that fragment.length != length of the final data block on
the wire. It's more a question of wording - and how it is interpreted.

BTW: @all, after seeing all this: it is far, far easier to talk
to Peter or me directly in case of doubts about EtM than to open
tickets on systems all over the world we aren't aware of. ;-)

So, eid.vx4.net will keep its implementation for all those who
want to check and discuss RFC7366.

Best regards,
Christian

v2.23.0 | Report a Bug | By Email