Re: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?
mrex@sap.com (Martin Rex) Fri, 18 March 2016 17:08 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7BDF12D58B for <tls@ietfa.amsl.com>; Fri, 18 Mar 2016 10:08:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.521
X-Spam-Level:
X-Spam-Status: No, score=-5.521 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BPBb744hfT2F for <tls@ietfa.amsl.com>; Fri, 18 Mar 2016 10:08:58 -0700 (PDT)
Received: from smtpde02.smtp.sap-ag.de (smtpde02.smtp.sap-ag.de [155.56.68.140]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDF7E12D61A for <tls@ietf.org>; Fri, 18 Mar 2016 10:08:57 -0700 (PDT)
Received: from mail05.wdf.sap.corp (mail05.sap.corp [194.39.131.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtpde02.smtp.sap-ag.de (Postfix) with ESMTPS id 8002144CF4; Fri, 18 Mar 2016 18:08:55 +0100 (CET)
X-purgate-ID: 152705::1458320935-00007292-50577E28/0/0
X-purgate-size: 738
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate-type: clean
X-SAP-SPAM-Status: clean
Received: from ld9781.wdf.sap.corp (ld9781.wdf.sap.corp [10.21.82.193]) by mail05.wdf.sap.corp (Postfix) with ESMTP id 1C4D140D2E; Fri, 18 Mar 2016 18:08:54 +0100 (CET)
Received: by ld9781.wdf.sap.corp (Postfix, from userid 10159) id CB0801A471; Fri, 18 Mar 2016 18:08:54 +0100 (CET)
In-Reply-To: <CAAF6GDfsMivA_LiWK2xJgyhMTf8ygFo17MN+YkAnTN2-HV8Ryw@mail.gmail.com>
To: Colm MacCárthaigh <colm@allcosts.net>
Date: Fri, 18 Mar 2016 18:08:54 +0100
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="ISO-8859-1"
Message-Id: <20160318170854.CB0801A471@ld9781.wdf.sap.corp>
From: mrex@sap.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/SELZ0r0eFrIb6U6EJhOt-yRi9u0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Are the AEAD cipher suites a security trade-off win with TLS1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Mar 2016 17:09:00 -0000
Colm MacCárthaigh wrote: > > But I take the point that AEAD modes are harder for programmers to screw > up; and that does have value. Though it is a pretty flawed assumption. I've seen an AEAD cipher implementation fail badly just recently (resulting in corrupted plaintext that went unnoticed within TLS--MACing the ciphertext is obviously a pretty dumb idea), something that is *MUCH* more unlikely to happen to any cipher suites using GenericBlockCipher PDU. Pretty much all of othe known crypto attacks are highly theoretical and meaningless in practice, whereas corrupted plaintext is an immediate real pain in the ass. I'm glad that the problem was spotted before the affected code was shipped. -Martin
- [TLS] Are the AEAD cipher suites a security trade… Colm MacCárthaigh
- Re: [TLS] Are the AEAD cipher suites a security t… Tom Ritter
- Re: [TLS] Are the AEAD cipher suites a security t… Colm MacCárthaigh
- Re: [TLS] Are the AEAD cipher suites a security t… Alexandre Anzala-Yamajako
- Re: [TLS] Are the AEAD cipher suites a security t… Paterson, Kenny
- Re: [TLS] Are the AEAD cipher suites a security t… Adam Langley
- Re: [TLS] Are the AEAD cipher suites a security t… Colm MacCárthaigh
- Re: [TLS] Are the AEAD cipher suites a security t… Colm MacCárthaigh
- Re: [TLS] Are the AEAD cipher suites a security t… Colm MacCárthaigh
- Re: [TLS] Are the AEAD cipher suites a security t… Salz, Rich
- Re: [TLS] Are the AEAD cipher suites a security t… Benjamin Beurdouche
- Re: [TLS] Are the AEAD cipher suites a security t… Martin Rex
- Re: [TLS] Are the AEAD cipher suites a security t… Martin Rex
- Re: [TLS] Are the AEAD cipher suites a security t… Peter Gutmann
- Re: [TLS] Are the AEAD cipher suites a security t… Harlan Lieberman-Berg
- Re: [TLS] Are the AEAD cipher suites a security t… Eric Rescorla
- Re: [TLS] Are the AEAD cipher suites a security t… Peter Gutmann