Re: [TLS] padding bug

Hovav Shacham <hovav@cs.ucsd.edu> Tue, 24 September 2013 16:31 UTC

Return-Path: <hovav@eng.ucsd.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92EC221F9F0A for <tls@ietfa.amsl.com>; Tue, 24 Sep 2013 09:31:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uEQBl1F2Lqoh for <tls@ietfa.amsl.com>; Tue, 24 Sep 2013 09:31:55 -0700 (PDT)
Received: from mail-qc0-f177.google.com (mail-qc0-f177.google.com [209.85.216.177]) by ietfa.amsl.com (Postfix) with ESMTP id 671FA21F9D96 for <tls@ietf.org>; Tue, 24 Sep 2013 09:31:53 -0700 (PDT)
Received: by mail-qc0-f177.google.com with SMTP id x12so3202151qcv.8 for <tls@ietf.org>; Tue, 24 Sep 2013 09:31:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to:content-type; bh=WVwbReWEcQ0LNO39kz1TGukm08uoAmlNDtd7F2Vketc=; b=biRtCOSpjxLhWzZ35qRVbK21eHFnAqGDhFk3+FcUV7yFZIWZNEHmCJdfWd2NjUh0Qr FcFZoc5BsaMyLcMV1dfFvgBpsn6ewAb9dyj69ACdbHh9U0aFwrN31XS1IUtegMBhVYs6 021hf8RFADs6mCIeHeoGaCLVlCYDwqWlvrABoAqlAcdwJus3ewoZtj1g3FxCF8z+5+Ad XIXE/zvwZLy3SbpH2EtpJiFUqKtPEDQ4qXWcG8qWBtZaY0J0HVVSEmcY0zYn/t8b4NXb Vj5geDxYX93xSsrXyZKdhoR1c/QpYUgLhcUmQey06pu5UNwTIW7QamyazDknlIHLcqwr Co9A==
X-Gm-Message-State: ALoCoQkg1iPMZtD5NUt0J+2pc6aGLJ2HYLfwEygwZW7YyLUJS1lo/CxxpI9f21TOEd4Okdm9CNFT
X-Received: by 10.49.39.39 with SMTP id m7mr27400914qek.60.1380040307733; Tue, 24 Sep 2013 09:31:47 -0700 (PDT)
MIME-Version: 1.0
Sender: hovav@eng.ucsd.edu
Received: by 10.49.117.135 with HTTP; Tue, 24 Sep 2013 09:31:26 -0700 (PDT)
From: Hovav Shacham <hovav@cs.ucsd.edu>
Date: Tue, 24 Sep 2013 09:31:26 -0700
X-Google-Sender-Auth: Z7Nvj8VyAhVU1mdiJdqXvpDA2hE
Message-ID: <CAGAMPd_R-esTbs5d4QMkvmF3sFSA+Q7Wx9WPJhhZxZjm1W31SA@mail.gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary=047d7bdc1564518d2604e723ac69
X-Mailman-Approved-At: Tue, 24 Sep 2013 09:35:01 -0700
Subject: Re: [TLS] padding bug
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 16:31:59 -0000

Peter Gutmann <pgut001 at cs.auckland.ac.nz> writes:

It seems to be accepted by everyone except the WG chairs


I'm not thrilled with making changes to a fundamental part of the TLS
design through an extension.  TLS is too complicated to analyze already;
this doesn't help.

I would prefer an approach that deprecates existing suites in favor of
non-CBC authenticated encryption modes.

-hs.