Re: [TLS] Comments on
Bill Frantz <frantz@pwpconsult.com> Tue, 18 February 2014 21:49 UTC
Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BBC11A03F0 for <tls@ietfa.amsl.com>; Tue, 18 Feb 2014 13:49:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.6
X-Spam-Level:
X-Spam-Status: No, score=-1.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zI5OJXj9n57Z for <tls@ietfa.amsl.com>; Tue, 18 Feb 2014 13:49:43 -0800 (PST)
Received: from elasmtp-spurfowl.atl.sa.earthlink.net (elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66]) by ietfa.amsl.com (Postfix) with ESMTP id D50F21A02B9 for <tls@ietf.org>; Tue, 18 Feb 2014 13:49:42 -0800 (PST)
Received: from [174.234.1.147] (helo=Williams-MacBook-Pro.local) by elasmtp-spurfowl.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1WFsXp-0001iD-O1; Tue, 18 Feb 2014 16:49:38 -0500
Date: Tue, 18 Feb 2014 13:49:36 -0800
From: Bill Frantz <frantz@pwpconsult.com>
To: Niels Möller <nisse@lysator.liu.se>
X-Priority: 3
In-Reply-To: <nnlhx8inp2.fsf@bacon.lysator.liu.se>
Message-ID: <r422Ps-1075i-CC741CAE2962452A87F7B88E5F7DC563@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.3.1 (422)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec790745ea710b67ac215d0b58704dc93b67350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 174.234.1.147
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Z405R0uMOzKgER1qLsaN5anCHzU
Cc: Adam Langley <agl@imperialviolet.org>, tls@ietf.org
Subject: Re: [TLS] Comments on
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 21:49:44 -0000
On 2/18/14 at 4:56 AM, nisse@lysator.liu.se (Niels Möller) wrote: >Bill Frantz <frantz@pwpconsult.com> writes: > >>However, it is a situation that any application that is reading files >>needs to be prepared to handle. Disk errors and all that... > >I think there's a difference between on one hand, truncation due to >random failures of your own, reasonably trusted, hardware. And on the >other hand, truncation caused the enemy attacking the communication >channel for some evil purpose. From the point of view of an application, there isn't much difference. In both cases, it receives notification from the infrastructure that the read couldn't complete because an error occurred. System managers certainly want to know if they are under attack, but even just knowing that there was a MAC verification failure is not solidly definitive. There could have been an undetected failure in the transmission which only showed up because of the MAC failure -- since the MAC is a stronger check than the checks in TCP/IP. IF I were that manager, one failure -- be on high alert for attackers. Two failures -- try to located the attackers and deal with them. :-) >If we really want to make progress with this discussion, I guess we must >also distinguish between file types where appending data doesn't change >the meaning of earlier data (e.g, a typical log file), and file types >where appending data can change the meaning radically (e.g., consider a >document format where you can add data at the end of the file which adds >a mark "this document is fake" on top of every page when the file is >displayed or printed). I see no need to make such a distinction at our level. We will give the application an error that says we couldn't give it all the data. How it handles the error is not our problem. Handling this error like any other "couldn't read the rest of the file" error seems right in all cases. Cheers - Bill --------------------------------------------------------------------------- Bill Frantz | Re: Computer reliability, performance, and security: 408-356-8506 | The guy who *is* wearing a parachute is *not* the www.pwpconsult.com | first to reach the ground. - Terence Kelly
- Re: [TLS] Comments on Adam Langley
- Re: [TLS] Comments on Wan-Teh Chang
- [TLS] Comments on Niels Möller
- Re: [TLS] Comments on Niels Möller
- Re: [TLS] Comments on Dr Stephen Henson
- Re: [TLS] Comments on Adam Langley
- Re: [TLS] Comments on Niels Möller
- Re: [TLS] Comments on Adam Langley
- Re: [TLS] Comments on Niels Möller
- Re: [TLS] Comments on Adam Langley
- Re: [TLS] Comments on Nikos Mavrogiannopoulos
- Re: [TLS] Comments on Watson Ladd
- Re: [TLS] Comments on Adam Langley
- Re: [TLS] Comments on Adam Langley
- Re: [TLS] Comments on Watson Ladd
- Re: [TLS] Comments on Bill Frantz
- Re: [TLS] Comments on Watson Ladd
- Re: [TLS] Comments on Bill Frantz
- Re: [TLS] Comments on Alfredo Pironti
- Re: [TLS] Comments on Niels Möller
- [TLS] dealing with AEAD partial delivery [was: Re… Daniel Kahn Gillmor
- Re: [TLS] Comments on Bill Frantz
- Re: [TLS] Comments on draft-nir-cfrg-chacha20-pol… Niels Möller
- Re: [TLS] Comments on draft-nir-cfrg-chacha20-pol… Adam Langley
- Re: [TLS] Comments on draft-nir-cfrg-chacha20-pol… Niels Möller
- Re: [TLS] Comments on draft-nir-cfrg-chacha20-pol… Niels Möller
- Re: [TLS] Comments on draft-nir-cfrg-chacha20-pol… Adam Langley
- Re: [TLS] Comments on draft-nir-cfrg-chacha20-pol… Niels Möller