Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS
Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 15 December 2017 19:55 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41E12124F57 for <tls@ietfa.amsl.com>; Fri, 15 Dec 2017 11:55:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qwnFYW7v6LYu for <tls@ietfa.amsl.com>; Fri, 15 Dec 2017 11:55:35 -0800 (PST)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2CC5124D6C for <tls@ietf.org>; Fri, 15 Dec 2017 11:55:34 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id 352C197AEB; Fri, 15 Dec 2017 21:55:33 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id Fe3Zm5ktIFKE; Fri, 15 Dec 2017 21:55:33 +0200 (EET)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id DFE4A231B; Fri, 15 Dec 2017 21:55:29 +0200 (EET)
Date: Fri, 15 Dec 2017 21:55:29 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Tim Hollebeek <tim.hollebeek@digicert.com>
Cc: Andrei Popov <Andrei.Popov@microsoft.com>, "tls@ietf.org" <tls@ietf.org>
Message-ID: <20171215195529.GA20237@LK-Perkele-VII>
References: <20171215174628.GA17601@LK-Perkele-VII> <CABcZeBOsL0a0xHvVWEus_EY3mUNioaV9fsz89Gt+HeqdHpoyDw@mail.gmail.com> <CACsn0ckYPpp5nD2jj4Zmx=ZJvqWzHW0tmmXo-9JeKL45+pRUqw@mail.gmail.com> <CABcZeBPPozOsTxxJO63RmHwTr56Wucx6OYW=kvvhosRUHR1ctA@mail.gmail.com> <20171215183424.GA17780@LK-Perkele-VII> <MWHPR21MB01893A20A8D0812E880926568C0B0@MWHPR21MB0189.namprd21.prod.outlook.com> <20171215184951.GB17780@LK-Perkele-VII> <DM5PR14MB1289FA656DB8D87DCA0B355F830B0@DM5PR14MB1289.namprd14.prod.outlook.com> <MWHPR21MB0189419E69BD53F735C55FFC8C0B0@MWHPR21MB0189.namprd21.prod.outlook.com> <DM5PR14MB1289D532FD2C60EFA1B02F7A830B0@DM5PR14MB1289.namprd14.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <DM5PR14MB1289D532FD2C60EFA1B02F7A830B0@DM5PR14MB1289.namprd14.prod.outlook.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZbGg9SJ74l1fRqXwnjVLlcqkjls>
Subject: Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Dec 2017 19:55:37 -0000
On Fri, Dec 15, 2017 at 07:33:44PM +0000, Tim Hollebeek wrote: > > However, servers are easier to upgrade than clients, which is why you see > some of the server side support you mention. I know CloudFlare in > particular helped a lot of people cope with communicating with clients who > had different certificate capabilities. It isn't a bad thing that both > approaches exist. Also, it should be noted that the past two migrations needed to be compatible with TLS 1.0 and 1.1, which have much less advanced signature negotiation than TLS 1.2 (and 1.3). However, there are enormous amount of very badly configured servers out there, so it is doubtful how quickly things change. -Ilari
- [TLS] A closer look at ROBOT, BB Attacks, timing … Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Watson Ladd
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hanno Böck
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Yoav Nir
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Nikos Mavrogiannopoulos
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Kathleen Moriarty
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hanno Böck
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Eric Rescorla
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Watson Ladd
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Eric Rescorla
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Eric Rescorla
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Tim Hollebeek
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Tim Hollebeek
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Martin Rex
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Martin Rex
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Peter Gutmann
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh