Re: [TLS] Issue 15: Mandate protection against CBC mode timing attack
Bodo Moeller <bmoeller@acm.org> Sun, 03 June 2007 19:59 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HuwEM-0006bf-M2; Sun, 03 Jun 2007 15:59:14 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HuwEK-0006bZ-Q5 for tls@ietf.org; Sun, 03 Jun 2007 15:59:12 -0400
Received: from moutng.kundenserver.de ([212.227.126.187]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HuwEJ-0001sr-DB for tls@ietf.org; Sun, 03 Jun 2007 15:59:12 -0400
Received: from [80.142.163.135] (helo=tau.invalid) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis), id 0MKwtQ-1HuwEB34Us-0003BC; Sun, 03 Jun 2007 21:59:04 +0200
Received: by tau.invalid (Postfix, from userid 1000) id B01851AF29; Sun, 3 Jun 2007 21:59:02 +0200 (CEST)
Date: Sun, 03 Jun 2007 21:59:02 +0200
From: Bodo Moeller <bmoeller@acm.org>
To: Ben Laurie <benl@google.com>
Subject: Re: [TLS] Issue 15: Mandate protection against CBC mode timing attack
Message-ID: <20070603195902.GA14802@tau.invalid>
References: <20070603145222.40A7833C4B@delta.rtfm.com> <1b587cab0706031023n2085a090sa005aad0353515c4@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1b587cab0706031023n2085a090sa005aad0353515c4@mail.gmail.com>
User-Agent: Mutt/1.5.9i
X-Provags-ID: V01U2FsdGVkX18PUmsspIPb2wn1lSQw6ObLR8nwBvEzbzue0NZ Ctx/dAfdJy37a9auWQ1ath5wZNP+9qN9DZMZYhmcvMKvhVCSN1 WFBOWPEyo72R0FLGrVVVQ==
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
On Sun, Jun 03, 2007 at 10:23:09AM -0700, Ben Laurie wrote: > On 6/3/07, Eric Rescorla <ekr@networkresonance.com> wrote: >> http://www3.tools.ietf.org/wg/tls/trac/ticket/15 >> >> NIST's comments suggest that the defense suggested in 6.2.3.2 >> should be mandatory. My argument is that hardware systems may >> operate in fixed time or otherwise be safe and so we shouldn't >> mandate any particular defense. > Perhaps we should mandate it for implementations that are vulnerable? That's exactly what the current I-D does: "MUST ensure that record processing time is essentially the same whether or not the padding is correct", and "[i]n general, the best way to do this is ...". I don't see any reason to change the wording, so: >> Proposed resolution: leave as-is. Bodo _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Issue 15: Mandate protection against CBC mo… Eric Rescorla
- Re: [TLS] Issue 15: Mandate protection against CB… Ben Laurie
- Re: [TLS] Issue 15: Mandate protection against CB… Bodo Moeller