Re: [TLS] Comments/Questions on draft-gutmann-tls-encrypt-then-mac-00.txt

Bodo Moeller <bmoeller@acm.org> Wed, 25 September 2013 13:21 UTC

Return-Path: <SRS0=M8uh=TF=acm.org=bmoeller@srs.kundenserver.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A324C21F9FB6 for <tls@ietfa.amsl.com>; Wed, 25 Sep 2013 06:21:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.423
X-Spam-Level:
X-Spam-Status: No, score=-1.423 tagged_above=-999 required=5 tests=[AWL=0.203, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pB0vemPmklDH for <tls@ietfa.amsl.com>; Wed, 25 Sep 2013 06:21:34 -0700 (PDT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.10]) by ietfa.amsl.com (Postfix) with ESMTP id A919621F9CDF for <tls@ietf.org>; Wed, 25 Sep 2013 06:21:31 -0700 (PDT)
Received: from mail-oa0-f43.google.com (mail-oa0-f43.google.com [209.85.219.43]) by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis) id 0MdH7v-1V6sNA0EXD-00IF2C; Wed, 25 Sep 2013 15:21:27 +0200
Received: by mail-oa0-f43.google.com with SMTP id f4so1001220oah.2 for <tls@ietf.org>; Wed, 25 Sep 2013 06:21:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=yXmCiFzN5eynEr5k8F3iE4BHfJVR3yiqkoqYazuon5w=; b=XQgRQUs/GBtG2bvS3XrX11/1BYeYfjlJkfvOpyTN0erNHRnKbnVYIkheedlxxzxY8e xEpOpLl8tjO0x1rKUX0yBh0DqexlRCzk+exqI/yE4c0PfY8ZHzIv7H2Qo0hvCFBMxig9 s05TdWjkHI5pIyDGojOoQRWy46rH6GjNyZSSiVG+3lDkNnAODYDvrRGq/8Z9CPFuiHA9 jPlj12WfmBzzWl3BcY0dzzWonPQXP9zDPWiwxnvcg5YX2qglfmi5ZqfHdMuLBNykqsdx YKcryaktA8hFaQ9lkdUxYTgxT6i2wSEJjg2KDQzzZwgpqgU2fptuORwOfn1Dn7KIr1h+ cTTw==
MIME-Version: 1.0
X-Received: by 10.60.173.205 with SMTP id bm13mr16973449oec.25.1380115285827; Wed, 25 Sep 2013 06:21:25 -0700 (PDT)
Received: by 10.60.115.72 with HTTP; Wed, 25 Sep 2013 06:21:25 -0700 (PDT)
In-Reply-To: <CAMfhd9U2eBdeO4MuDBW9hcuxzu0sttkifySSHJp9=bm5n3NNEg@mail.gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C735567D321@uxcn10-6.UoA.auckland.ac.nz> <CADMpkcJtp-+P8CFn_K7uptXtorYom0ALdaUn6xB16JFZSHoBtg@mail.gmail.com> <CAMfhd9U2eBdeO4MuDBW9hcuxzu0sttkifySSHJp9=bm5n3NNEg@mail.gmail.com>
Date: Wed, 25 Sep 2013 15:21:25 +0200
Message-ID: <CADMpkcJ_fDj5mX3ksNpbKNHbXLAkD1RqZ-uZB7fuwqZHWhc17Q@mail.gmail.com>
From: Bodo Moeller <bmoeller@acm.org>
To: Adam Langley <agl@imperialviolet.org>
Content-Type: multipart/alternative; boundary=089e011607065c728f04e73521e3
X-Provags-ID: V02:K0:lwz/vhk3sUZr+NRMWozsxSkWq3l3rOGRzwqWCCUyrAP Vqy7b8ydmcGXuOl4MNDKLDhhw8UgZRxGtzS6jrwRIfz1yP8qYJ +vmPKY76SDL1UdDx666/XFgY8CNGYlfQRaisAokipEu+Nv6q21 G1at4inQ4ttV8U1T5G9yJ2tnuKQUNxhMdlhrt9MU1OXPI8bEXF 7BkNmfiYLuj0qsjhP0Y8hMcBwM90x8YVKEcDlZgisOb1I4OVbK VfVCu7KXZYGso5rAB2lwc9FpUy3bDO7VqZw6Hy2MhKgosWilOX r2Pu45HB66g+PXBIbpD3DCPT/ymFWqgoutRquenglV1oOx1TU/ nAOYg8jO4K4BI57Ntct9UXQqDBLah1U0neh4dvr2+ihMFsLbUY t1JX971FCj6XBN2h+gh8aO+EeT5Qi2jsZ1X1dMt/BmmjFxkDVW 83Wcy
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Comments/Questions on draft-gutmann-tls-encrypt-then-mac-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 13:21:40 -0000

> A possible problem with this approach is that there are both broken
> servers and broken networks and I don't have good information about
> the latter. (It's obviously much more difficult to detect.)
>
> Broken networks can stop the transit of TLS based on version and that
> has been observed, very rarely, in the wild. However, just because we
> haven't observed it much doesn't mean that it's not happening, it just
> means that we rarely get to observe it.


I know -- and the boundaries between "broken network" and "attacker" may
not always be clear: if the broken network effectively *is* an attacker
(even unintentionally so) and weakens the cryptography of the connection,
it may make a lot of sense to avoid that network entirely.