Re: [TLS] Comments/Questions on draft-gutmann-tls-encrypt-then-mac-00.txt
"Paul Bakker" <p.j.bakker@offspark.com> Thu, 26 September 2013 06:58 UTC
Return-Path: <p.j.bakker@offspark.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F72A21F98AC for <tls@ietfa.amsl.com>; Wed, 25 Sep 2013 23:58:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.504
X-Spam-Level:
X-Spam-Status: No, score=-0.504 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Enkq06XJ0U3a for <tls@ietfa.amsl.com>; Wed, 25 Sep 2013 23:58:07 -0700 (PDT)
Received: from vps2.brainspark.nl (vps2.brainspark.nl [141.138.204.106]) by ietfa.amsl.com (Postfix) with ESMTP id 3E72321F9767 for <tls@ietf.org>; Wed, 25 Sep 2013 23:58:06 -0700 (PDT)
Received: from a82-161-132-220.adsl.xs4all.nl ([82.161.132.220] helo=Slimpy) by vps2.brainspark.nl with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <p.j.bakker@offspark.com>) id 1VP5Py-00040v-RF; Thu, 26 Sep 2013 08:51:24 +0200
From: Paul Bakker <p.j.bakker@offspark.com>
To: mrex@sap.com, 'Alfredo Pironti' <alfredo@pironti.eu>
References: <CALR0uiJPZQZ9-RJUmy-GZ-16E4Q3QB_DY=fk_8wEtWio63Fgtw@mail.gmail.com> <20130925210954.825521A9A7@ld9781.wdf.sap.corp>
In-Reply-To: <20130925210954.825521A9A7@ld9781.wdf.sap.corp>
Date: Thu, 26 Sep 2013 08:57:32 +0200
Message-ID: <00b601ceba85$af76ac90$0e6405b0$@offspark.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQIbqhsvkLjOsXMYuVkR6j4EVe9YzZk9tuyQ
Content-Language: nl
X-SA-Exim-Connect-IP: 82.161.132.220
X-SA-Exim-Mail-From: p.j.bakker@offspark.com
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on vps2.brainspark.nl)
Cc: tls@ietf.org
Subject: Re: [TLS] Comments/Questions on draft-gutmann-tls-encrypt-then-mac-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2013 06:58:11 -0000
> Alfredo Pironti wrote: > > Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > > > Eric Rescorla <ekr@rtfm.com> writes: > > > > > >> - Maybe I am misreading the draft, but I'm unclear on how you get > > >> the TLSCompressed.length for the MAC computation in Section 3. > > >> Does this have the same issue as was raised for McGrew's CBC AEAD > > >> draft? > > Eric is correct, the definition of the MAC in Peter's draft is obviously incorrect > (and likely does not match Peter's implementation): > > TLSv1.0: https://tools.ietf.org/html/rfc2246#section-6.2.3.1 > > The MAC is generated as: > > HMAC_hash(MAC_write_secret, seq_num + TLSCompressed.type + > TLSCompressed.version + TLSCompressed.length + > TLSCompressed.fragment)); > > When changing from mac-pad-encrypt to encrypt-mac, as suggested by > Peter's draft, the MAC no longer operates on the TLSComressed PDU, but on > the TLSCiphertext PDU -- which results in: > > HMAC_hash(MAC_write_secret, seq_num + TLSCiphertext.type + > TLSCiphertext.version + TLSCiphertext.length + > TLSCiphertext.fragment)); > > The computation of TLSCompressed.length on receive changes slightly, > because there no longer is a MAC trailing the data after decrypt. Please read my other reply on 'skipping' a layer somewhere in this thread.
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- [TLS] Comments/Questions on draft-gutmann-tls-enc… Eric Rescorla
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Dr Stephen Henson
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bill Frantz
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Eric Rescorla
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Alfredo Pironti
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Ralph Holz
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Adam Langley
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yaron Sheffer
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yaron Sheffer
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Mohamad Badra
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Alfredo Pironti
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yoav Nir