Re: [TLS] draft-turner-ssl-must-not
Martin Rex <mrex@sap.com> Tue, 06 July 2010 14:25 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9E6443A67F9 for <tls@core3.amsl.com>; Tue, 6 Jul 2010 07:25:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.951
X-Spam-Level:
X-Spam-Status: No, score=-9.951 tagged_above=-999 required=5 tests=[AWL=0.298, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sh05wDDBZGaI for <tls@core3.amsl.com>; Tue, 6 Jul 2010 07:25:12 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id 7C7F73A6946 for <tls@ietf.org>; Tue, 6 Jul 2010 07:25:12 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id o66EP3cF005929 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 6 Jul 2010 16:25:08 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201007061425.o66EP2Rc021252@fs4113.wdf.sap.corp>
To: marsh@xs01.extendedsubset.com
Date: Tue, 06 Jul 2010 16:25:02 +0200
In-Reply-To: <20100706064708.GA31209@xs01.extendedsubset.com> from "Marsh Ray" at Jul 6, 10 06:47:08 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal06
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] draft-turner-ssl-must-not
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 14:25:13 -0000
Marsh Ray wrote: > > On Tue, Jul 06, 2010 at 04:17:14AM +0200, Martin Rex wrote: > > > > The base result is that the strength of concatenation of two > > hash functions improves the result not as much as one might hope. > > > > It always does improve the result, however. > > Putting it another way, if you spend 36 bytes (288 bits) on space > for your hash and it turns out to have only about 2^75 collision > resistance, I'm not sure many people would call that an improvement. It is an improvement because it is harder to find a collision for both hashes than finding it for only one of them. And it used the commonly available cryptographic hashes at that time (sha-2 was not available back then). I see it as an improvement, even if it is a small one. > > > Which means that SSLv3 is stronger than TLSv1.0 and TLSv1.1 > > in that respect. > > > > Personally, I dislike the extreme truncation of the Finished > > messages in TLS to 12 octets. My expectation is that this limits > > the overall strength, and that it spoils the use of SHA-2 in TLSv1.2. > > +1. > > There's no logic to it, or whatever there might be is too clever by half. There appears to be a lack of logic by not adjusting the truncation size when going from a SHA-1 (=160 bits) based PRF to a SHA-256 (=256 bits) based PRF. In case a 96 bit truncation is deemed adequate for SHA-1, then a truncation like 144 or 160 bits appears more appropriate for SHA-2. -Martin
- [TLS] draft-turner-ssl-must-not Nikos Mavrogiannopoulos
- Re: [TLS] draft-turner-ssl-must-not Sean Turner
- Re: [TLS] draft-turner-ssl-must-not Nikos Mavrogiannopoulos
- Re: [TLS] draft-turner-ssl-must-not Juho Vähä-Herttua
- Re: [TLS] draft-turner-ssl-must-not Ivan Ristic
- Re: [TLS] draft-turner-ssl-must-not Martin Rex
- Re: [TLS] draft-turner-ssl-must-not Sean Turner
- Re: [TLS] draft-turner-ssl-must-not Yngve Nysaeter Pettersen
- Re: [TLS] draft-turner-ssl-must-not Martin Rex
- Re: [TLS] draft-turner-ssl-must-not Peter Gutmann
- Re: [TLS] draft-turner-ssl-must-not Peter Gutmann
- Re: [TLS] draft-turner-ssl-must-not Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] draft-turner-ssl-must-not Nikos Mavrogiannopoulos
- Re: [TLS] draft-turner-ssl-must-not Juho Vähä-Herttua
- Re: [TLS] draft-turner-ssl-must-not Nikos Mavrogiannopoulos
- Re: [TLS] draft-turner-ssl-must-not Yngve Nysaeter Pettersen
- Re: [TLS] draft-turner-ssl-must-not Yngve Nysaeter Pettersen
- Re: [TLS] draft-turner-ssl-must-not Yngve Nysaeter Pettersen
- Re: [TLS] draft-turner-ssl-must-not Marsh Ray
- Re: [TLS] draft-turner-ssl-must-not Juho Vähä-Herttua
- Re: [TLS] draft-turner-ssl-must-not Nasko Oskov
- Re: [TLS] draft-turner-ssl-must-not Peter Gutmann
- Re: [TLS] draft-turner-ssl-must-not Nelson B Bolyard
- Re: [TLS] draft-turner-ssl-must-not Marsh Ray
- Re: [TLS] draft-turner-ssl-must-not Ben Laurie
- Re: [TLS] draft-turner-ssl-must-not Marsh Ray
- Re: [TLS] draft-turner-ssl-must-not Bodo Moeller
- Re: [TLS] draft-turner-ssl-must-not Marsh Ray
- Re: [TLS] draft-turner-ssl-must-not Bodo Moeller
- Re: [TLS] draft-turner-ssl-must-not Martin Rex
- Re: [TLS] draft-turner-ssl-must-not Martin Rex
- Re: [TLS] draft-turner-ssl-must-not Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] draft-turner-ssl-must-not Martin Rex
- Re: [TLS] draft-turner-ssl-must-not Peter Gutmann
- Re: [TLS] draft-turner-ssl-must-not Marsh Ray
- Re: [TLS] draft-turner-ssl-must-not Peter Gutmann
- Re: [TLS] draft-turner-ssl-must-not Marsh Ray
- Re: [TLS] draft-turner-ssl-must-not Peter Gutmann
- Re: [TLS] draft-turner-ssl-must-not Marsh Ray
- Re: [TLS] draft-turner-ssl-must-not Yoav Nir
- Re: [TLS] draft-turner-ssl-must-not Martin Rex
- Re: [TLS] draft-turner-ssl-must-not Nikos Mavrogiannopoulos
- Re: [TLS] draft-turner-ssl-must-not Marsh Ray
- Re: [TLS] draft-turner-ssl-must-not Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] draft-turner-ssl-must-not Marsh Ray
- Re: [TLS] draft-turner-ssl-must-not Simon Josefsson
- [TLS] Finished verify_data collision (Was Re: dra… Marsh Ray
- Re: [TLS] Finished verify_data collision (Was Re:… Nikos Mavrogiannopoulos
- Re: [TLS] Finished verify_data collision (Was Re:… Marsh Ray