Re: [TLS] History of TLS analysis (was Re: TLS 1.2 Long-term Support Profile draft posted)
Nikos Mavrogiannopoulos <nmav@redhat.com> Mon, 21 March 2016 09:24 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA73312D664 for <tls@ietfa.amsl.com>; Mon, 21 Mar 2016 02:24:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.923
X-Spam-Level:
X-Spam-Status: No, score=-6.923 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKudS9WiERBG for <tls@ietfa.amsl.com>; Mon, 21 Mar 2016 02:24:38 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0B7012D5C2 for <tls@ietf.org>; Mon, 21 Mar 2016 02:24:38 -0700 (PDT)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (Postfix) with ESMTPS id 09027711CA; Mon, 21 Mar 2016 09:24:38 +0000 (UTC)
Received: from dhcp-10-40-1-102.brq.redhat.com ([10.40.3.171]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u2L9OZKJ015809 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 21 Mar 2016 05:24:37 -0400
Message-ID: <1458552275.3008.25.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Watson Ladd <watsonbladd@gmail.com>
Date: Mon, 21 Mar 2016 10:24:35 +0100
In-Reply-To: <CACsn0c=0-36NCXWODYMnnEvGCSS_=zkxDp4HcbpKMV+kYWR9Fg@mail.gmail.com>
References: <CACsn0c=r7m94xOg0T=sxXn0JMfDq0us2iuEWi29uFEgE+r4SLw@mail.gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4C2682D@uxcn10-tdc05.UoA.auckland.ac.nz> <CACsn0c=0-36NCXWODYMnnEvGCSS_=zkxDp4HcbpKMV+kYWR9Fg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Mon, 21 Mar 2016 09:24:38 +0000 (UTC)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/LoTJ39bRKNQMFFlC_02xonv-IXA>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] History of TLS analysis (was Re: TLS 1.2 Long-term Support Profile draft posted)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 09:24:41 -0000
On Sat, 2016-03-19 at 07:51 -0700, Watson Ladd wrote: > On Fri, Mar 18, 2016 at 4:31 PM, Peter Gutmann > <pgut001@cs.auckland.ac.nz> wrote: > > > > Watson Ladd <watsonbladd@gmail.com> writes: > > > > > > > > Then use a padding extension that solves all problems, instead of > > > relying on > > > a side effect of CBC mode. > > It's not a "side-effect of CBC mode", CBC mode allows padding > > packets, GCM > > doesn't, see Colm MacCárthaigh's recent post on the topic. > GnuTLS is the only implementation that pads to more than 16 byte > boundaries This is no longer true. We disabled that feature few years ago since it was the main cause for several compatibility failures. The failures were with other broken implementations, but no-one cares who is at fault if the session doesn't work. regards, Nikos
- [TLS] History of TLS analysis (was Re: TLS 1.2 Lo… Watson Ladd
- Re: [TLS] History of TLS analysis (was Re: TLS 1.… Peter Gutmann
- Re: [TLS] History of TLS analysis (was Re: TLS 1.… Yuhong Bao
- Re: [TLS] History of TLS analysis (was Re: TLS 1.… Watson Ladd
- Re: [TLS] History of TLS analysis (was Re: TLS 1.… Nikos Mavrogiannopoulos
- Re: [TLS] History of TLS analysis (was Re: TLS 1.… Bodo Moeller