Re: [TLS] padding bug

Ben Laurie <benl@google.com> Sun, 08 September 2013 17:57 UTC

Return-Path: <benl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40FFF11E8122 for <tls@ietfa.amsl.com>; Sun, 8 Sep 2013 10:57:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.52
X-Spam-Level:
X-Spam-Status: No, score=-1.52 tagged_above=-999 required=5 tests=[AWL=0.457, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id At6qvpvecGsm for <tls@ietfa.amsl.com>; Sun, 8 Sep 2013 10:57:38 -0700 (PDT)
Received: from mail-ie0-x233.google.com (mail-ie0-x233.google.com [IPv6:2607:f8b0:4001:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 6479F21F9AFE for <tls@ietf.org>; Sun, 8 Sep 2013 10:57:38 -0700 (PDT)
Received: by mail-ie0-f179.google.com with SMTP id m16so8491886ieq.24 for <tls@ietf.org>; Sun, 08 Sep 2013 10:57:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=6UGunUQH6iLUPNvQ/jczQD7ZBn0xpqlsvwQcX+3wBPc=; b=lhtSQ+re6Uazz53BR8fkObXkYFOcqZi+X5GZl6jA6Q/sjRSOprSTcERj9Bp7Tml0us AAjZwR+GS8H0UiIMujuNTJHXCnPVevuDjFkKZyyPbamcI7Mv5BRKuG87Q4ZCjxrWn6Vb Vw+CcOB/TrlDcFjAay62t6seXYJRLf1qhFxBxf82UAuexNvufEVHefWEPDRa8DuKDZNx AB1gTqSaGMhHyrf08rEobQEiG1k//r8iD1a6tS2JR0BWtWMqA8PobnpEQDx29Z6P+CL6 xNenWU5RBBweeQWnQk6ZbOR9QwzQRQI2wmPvsbaUwdES/trcABu51kU3ezJM6Wmbeh+A MhJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=6UGunUQH6iLUPNvQ/jczQD7ZBn0xpqlsvwQcX+3wBPc=; b=l8EzOOVHaPzqC+5JaNPSdBOJBSZEBYBLkFpw2UqWpteT/u7HrS9I1U8QKMt4NtuXtU ZErqzIPaKvnzKDljwJ9sqhQqbWG016t/YQ+OcBAJTmbCkKqIQ3Uw1ggdasyIeXfnJDQ8 LTbOvK+96WGwe93GJRz1GQ6f1wbH6Lu51LS0tC4TksywPqgZPwRC5MVLwOVKXyPYRTss e2V6usgvix3OCbQ4rcNYjckZLqRGHw3ekMb+mEglQ17tJWM7+QQs1UaT7HvDBIyTCB8+ o4IKsAeeXEJFtk9NdO/EpYFCpkeZHEhz1GpcQWioaUMnzWQ3eObFRrVrRCS0lJUhH9KC N72g==
X-Gm-Message-State: ALoCoQmbIwVQbjojG8UR2JxavzcNONpQVehCPX1vHZFnuEdlfU9bCsn2sTcRkhrVKdCEv5uukZGx1HRLLZx1yYsENN4wIFyNjfL+/E3ZaVRihPXbdMmd7ZVG7Qast98bZTHlBZVal+4tg5M3tespPqdimPYwJ4ap9VoYwVFcyP6dvH0CH2ijvpb1VwxWbgJAOwxh4J03t0Be
MIME-Version: 1.0
X-Received: by 10.50.25.39 with SMTP id z7mr5343984igf.59.1378663055836; Sun, 08 Sep 2013 10:57:35 -0700 (PDT)
Received: by 10.64.230.140 with HTTP; Sun, 8 Sep 2013 10:57:35 -0700 (PDT)
In-Reply-To: <522C7FD8.1000301@drh-consultancy.co.uk>
References: <AAE0766F5AF36B46BAB7E0EFB927320630E4A54175@GBTWK10E001.Technology.local> <522BE808.4090405@stpeter.im> <522C6892.4020206@drh-consultancy.co.uk> <522C7FD8.1000301@drh-consultancy.co.uk>
Date: Sun, 8 Sep 2013 18:57:35 +0100
Message-ID: <CABrd9SSbv1owOq9RK-OY2YqfUHavpebYCdKUVd6MGSff_MiiWg@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Dr Stephen Henson <lists@drh-consultancy.co.uk>
Content-Type: multipart/alternative; boundary=047d7bd76898b590a304e5e301d9
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] padding bug
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Sep 2013 17:57:39 -0000

On 8 September 2013 14:47, Dr Stephen Henson <lists@drh-consultancy.co.uk>wrote;wrote:

> On 08/09/2013 13:07, Dr Stephen Henson wrote:
> > On 08/09/2013 03:59, Peter Saint-Andre wrote:
> >> [old thread alert!]
> >>
> >>
> >>> 2.       An extension for Encrypt-then-MAC (i.e. this draft)
> >>
> >>> Was any consensus achieved as to the best approach?
> >>
> >
> > I can add a data point to this. I spent an afternoon implementing this
> (i.e.
> > the encrypt then mac draft) a while ago in OpenSSL. It was pretty easy
> to do
> > and interoped fine with the test servers.
> >
> > I'll make it available as an experimental feature in OpenSSL master
> branch.
> >
>
> Well I've added this and spotted a problem. The draft extension value
> (0x10)
> clashes with the draft value used in the ALPN specification.
>

Given that the ALPN draft apparently has an allocated number, can we get
one allocated to this I-D?