[TLS] Comments/Questions on draft-gutmann-tls-encrypt-then-mac-00.txt
Eric Rescorla <ekr@rtfm.com> Fri, 20 September 2013 15:53 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B81221F9B6A for <tls@ietfa.amsl.com>; Fri, 20 Sep 2013 08:53:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.643
X-Spam-Level:
X-Spam-Status: No, score=-102.643 tagged_above=-999 required=5 tests=[AWL=0.333, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hPyOT7GrRp5l for <tls@ietfa.amsl.com>; Fri, 20 Sep 2013 08:53:53 -0700 (PDT)
Received: from mail-qa0-f52.google.com (mail-qa0-f52.google.com [209.85.216.52]) by ietfa.amsl.com (Postfix) with ESMTP id 4877D21F9A99 for <tls@ietf.org>; Fri, 20 Sep 2013 08:53:39 -0700 (PDT)
Received: by mail-qa0-f52.google.com with SMTP id k4so552345qaq.18 for <tls@ietf.org>; Fri, 20 Sep 2013 08:53:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=cV3DiUMLsSE4PAmRMWc7Gw4Nrpt94GlPrfVxRr5gkAI=; b=U2NjTcd7qC6IqcbLZ8dRPcAu6/u1ePnh5Ig9woWV8PaBkhmMwH/jd+tPZ93ZgQXpll c5pK0I0jIL+Q2Gbz14wSos15P8CjchFy4kjiqOBz+h+XVDZjF6OgeZBXGy4bJKfC3scE 1/6cMFGwneYNkvUxdTEQROTw3pEIkGBjpbzJnbH2ZtHFOtOTxDPpy3r9timcr4Ornayr zm9K481WcXXQOGGZG4c566HMJxi/iKhjSryyM06Vp8+HeYbwssCJpcoUITgEj9OAj/3N CZvRcJnS0NTgGjsMW6ivkwcGEaFlcGadmdDc6x6GWdeeg7NpKejB0wWn6A3BfuNK9lZG BTHQ==
X-Gm-Message-State: ALoCoQkcA+GmHortHCAfqDK+fRHVixBTGzp1yn49ax661vhLxGKF12pHSo+UQa3jSPzh5a8nMCn+
X-Received: by 10.224.20.132 with SMTP id f4mr6454995qab.42.1379692418766; Fri, 20 Sep 2013 08:53:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.49.42.68 with HTTP; Fri, 20 Sep 2013 08:52:58 -0700 (PDT)
X-Originating-IP: [74.95.2.168]
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 20 Sep 2013 08:52:58 -0700
Message-ID: <CABcZeBN+0hX1-cb0V4AyaO3FrwaGrtjbRO3BGOV0KBSjRkNwkw@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11336248852a0b04e6d2acd4"
Subject: [TLS] Comments/Questions on draft-gutmann-tls-encrypt-then-mac-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Sep 2013 15:53:58 -0000
Peter, After reviewing this document I have a few comments/questions: - Because this draft relies on extensions, it seems not to resist active attack when clients do insecure version fallback (see for instance: http://www.ietf.org/mail-archive/web/tls/current/msg09468.html) The existing attacks appear to principally be active attacks on the browser environment, which is where fallback tends to happen. - Maybe I am misreading the draft, but I'm unclear on how you get the TLSCompressed.length for the MAC computation in Section 3. Does this have the same issue as was raised for McGrew's CBC AEAD draft? Am I missing something here? Thanks, -Ekr
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- [TLS] Comments/Questions on draft-gutmann-tls-enc… Eric Rescorla
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Dr Stephen Henson
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bill Frantz
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Nikos Mavrogiannopoulos
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Christian Kahlo
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Eric Rescorla
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Alfredo Pironti
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Ralph Holz
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Adam Langley
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yaron Sheffer
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yaron Sheffer
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Mohamad Badra
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Michael D'Errico
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Martin Rex
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Peter Gutmann
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Alfredo Pironti
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Paul Bakker
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Bodo Moeller
- Re: [TLS] Comments/Questions on draft-gutmann-tls… Yoav Nir