Re: [TLS] Fresh results
Hanno Böck <hanno@hboeck.de> Tue, 01 December 2015 20:03 UTC
Return-Path: <hanno@hboeck.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 881931B2B54 for <tls@ietfa.amsl.com>; Tue, 1 Dec 2015 12:03:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OZtCzwee5ecs for <tls@ietfa.amsl.com>; Tue, 1 Dec 2015 12:03:23 -0800 (PST)
Received: from zucker.schokokeks.org (zucker.schokokeks.org [178.63.68.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E90321B32CF for <tls@ietf.org>; Tue, 1 Dec 2015 12:02:49 -0800 (PST)
Received: from pc1 (0x3ec7a652.inet.dsl.telianet.dk [::ffff:62.199.166.82]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3, 128bits, ECDHE-RSA-AES128-GCM-SHA256) by zucker.schokokeks.org with ESMTPSA; Tue, 01 Dec 2015 21:02:46 +0100 id 0000000000000037.00000000565DFCE6.00001A5A
Date: Tue, 01 Dec 2015 21:02:57 +0100
From: Hanno Böck <hanno@hboeck.de>
To: tls@ietf.org
Message-ID: <20151201210257.64f1a7a5@pc1>
In-Reply-To: <CACsn0cm41VD40tiwR-sO9piPu01rRkoWKPwHWCKcr5Z9id8kDg@mail.gmail.com>
References: <CACsn0cm41VD40tiwR-sO9piPu01rRkoWKPwHWCKcr5Z9id8kDg@mail.gmail.com>
X-Mailer: Claws Mail 3.13.0 (GTK+ 2.24.28; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-6746-1449000166-0001-2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/W1ARDEw-ChvjUKkiduGsH6HZxwM>
Subject: Re: [TLS] Fresh results
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2015 20:03:25 -0000
On Tue, 1 Dec 2015 14:28:49 -0500 Watson Ladd <watsonbladd@gmail.com> wrote: > https://www.nds.rub.de/media/nds/veroeffentlichungen/2015/08/21/Tls13QuicAttacks.pdf > > This one looks very nasty to fix. Short of disallowing the use of RSA > certificates for TLS 1.2 with the RSA handshake and in TLS 1.3, I > don't see a good fix. I haven't read this paper in detail yet. > > Cross-protocol attacks are the gift that keeps giving. Correct me if I'm wrong, but as I understand the result (and I had one of the authors explaining it to me a few days ago) the problem appears only if you have a TLS 1.2 implementation with an RSA keyexchange that is vulnerable to a bleichenbacher attack. If it is not then you're fine. So as long as you make sure you implement all the proper countermeasures against that you should be fine. (Granted: This is tricky, as has been shown by previous results, even the OpenSSL implementation was lacking proper countermeasures not that long ago, but it's not impossible) Deprecating the RSA keyexchange just became a bit harder with Google's intent to deprecate DHE in Chrome and use RSA as the fallback if the host doesn't do ECDHE. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: BBB51E42
- [TLS] Fresh results Watson Ladd
- Re: [TLS] Fresh results Hanno Böck
- Re: [TLS] Fresh results Dave Garrett
- Re: [TLS] Fresh results Nikos Mavrogiannopoulos
- Re: [TLS] Fresh results Fabrice Gautier
- Re: [TLS] Fresh results Yoav Nir
- Re: [TLS] Fresh results Dave Garrett
- Re: [TLS] Fresh results Watson Ladd
- Re: [TLS] Fresh results Hanno Böck
- Re: [TLS] Fresh results Fabrice Gautier
- Re: [TLS] Fresh results Karthikeyan Bhargavan
- Re: [TLS] Fresh results Viktor Dukhovni
- Re: [TLS] Fresh results Karthikeyan Bhargavan
- Re: [TLS] Fresh results Hubert Kario
- Re: [TLS] Fresh results David Benjamin
- Re: [TLS] Fresh results Fabrice Gautier