Re: [TLS] Changes to draft-ietf-tls-dtls-heartbeat resulting from IESG review

Nikos Mavrogiannopoulos <nmav@gnutls.org> Mon, 05 December 2011 09:37 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEAD821F8AE1 for <tls@ietfa.amsl.com>; Mon, 5 Dec 2011 01:37:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DfdwVuF9GPv9 for <tls@ietfa.amsl.com>; Mon, 5 Dec 2011 01:37:28 -0800 (PST)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1DABA21F8AF4 for <tls@ietf.org>; Mon, 5 Dec 2011 01:37:27 -0800 (PST)
Received: by faas1 with SMTP id s1so404847faa.31 for <tls@ietf.org>; Mon, 05 Dec 2011 01:37:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=L1JpkbkZ4vMhDApt8yOdXs9yodfkB5TNbEQdhSxPuLo=; b=ZI2bPOSddCB2tVIfPcLQkgexi8kzg4KoKTZD6Top2W9eL5afaH56y+EctvADbDM3RK AZXF5pHO7FucEyknDx6A52eBJFpfjplyYd1lG173AvulPling4JyyIFk0aUhJlUQx6j4 o1gmH6WNK2Sz3pKKhtSMiJSiZbovKyNYZFSXY=
MIME-Version: 1.0
Received: by 10.180.74.211 with SMTP id w19mr1510940wiv.7.1323077847068; Mon, 05 Dec 2011 01:37:27 -0800 (PST)
Sender: n.mavrogiannopoulos@gmail.com
Received: by 10.180.4.72 with HTTP; Mon, 5 Dec 2011 01:37:26 -0800 (PST)
In-Reply-To: <6D345690-D3F1-4A65-8314-D9A7E47D857E@cisco.com>
References: <6D345690-D3F1-4A65-8314-D9A7E47D857E@cisco.com>
Date: Mon, 5 Dec 2011 10:37:26 +0100
X-Google-Sender-Auth: K_hOP6BeetOmgRB5fhqLHfJgJpU
Message-ID: <CAJU7zaJLH2L6W6CjSvAZ0OL6=hqMscqdx_gwg0J0jwOP3Sr=VA@mail.gmail.com>
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: Joe Salowey <jsalowey@cisco.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: tls@ietf.org
Subject: Re: [TLS] Changes to draft-ietf-tls-dtls-heartbeat resulting from IESG review
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2011 09:37:29 -0000

On Mon, Dec 5, 2011 at 7:13 AM, Joe Salowey <jsalowey@cisco.com>; wrote:
> Some changes were made to the document as part of IESG review.  The revised document and diffs can be found here:
> http://www.ietf.org/internet-drafts/draft-ietf-tls-dtls-heartbeat-04.txt
> http://tools.ietf.org/rfcdiff?url2=draft-ietf-tls-dtls-heartbeat-04
> One of the requested changes was to randomize to the data in the heartbeat message to attempt to head of any issues occurring from weak or flawed ciphers.   Since the change was relatively simple, the document was modified even though modern ciphers should not have a problem.  Flaws may be discovered in one of the many cipher suites in the future.

Are there any papers or cipher documentation discussing how using
randomized data in a packet would solve possible future cipher flaws?

regards,
Nikos