Re: [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-11.txt
Eric Rescorla <ekr@rtfm.com> Fri, 27 May 2005 17:47 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dbiw3-0008VC-Av; Fri, 27 May 2005 13:47:51 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dbiw1-0008Ta-Mo for tls@megatron.ietf.org; Fri, 27 May 2005 13:47:49 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA04610 for <tls@ietf.org>; Fri, 27 May 2005 13:47:48 -0400 (EDT)
Received: from romeo.rtfm.com ([198.144.203.242]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DbjEq-0001rd-Rm for tls@ietf.org; Fri, 27 May 2005 14:07:17 -0400
Received: by romeo.rtfm.com (Postfix, from userid 1001) id 74D551705C; Fri, 27 May 2005 10:58:02 -0700 (PDT)
To: Bodo Moeller <bmoeller@acm.org>
Subject: Re: [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-11.txt
References: <200505181951.PAA01480@ietf.org> <20050527065249.GA17836@tau.local>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 27 May 2005 10:58:02 -0700
In-Reply-To: <20050527065249.GA17836@tau.local> (Bodo Moeller's message of "Fri, 27 May 2005 00:52:49 -0600")
Message-ID: <867jhkd00l.fsf@romeo.rtfm.com>
User-Agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Security Through Obscurity, berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bdc523f9a54890b8a30dd6fd53d5d024
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@rtfm.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Sender: tls-bounces@lists.ietf.org
Errors-To: tls-bounces@lists.ietf.org
Bodo Moeller <bmoeller@acm.org> writes: > On Wed, May 18, 2005 at 03:51:12PM -0400, Internet-Drafts@ietf.org wrote: > >> Title : The TLS Protocol Version 1.1 >> Author(s) : T. Dierks, E. Rescorla >> Filename : draft-ietf-tls-rfc2246-bis-11.txt >> Pages : 90 >> Date : 2005-5-18 > >> http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-11.txt > > This new ID does not yet correct the inconsistencies for some field > and type names pointed out in > <URL:http://www.imc.org/ietf-tls/mail-archive/msg04525.html>, > reproduced below. OK. I'll fix this. > But first, here's a new comment: > > 7.4.7.1. RSA encrypted premaster secret message > > [...] In practice, since > there are no significant known security differences between TLS > and SSLv3, rollback to SSLv3 is not believed to be a serious > security risk. > > Discussing "security differences between TLS and SSLv3" is a little > odd because this sounds like comparing two protocol versions. But in > fact this specification defines TLS 1.1, so there are three protocol > versions to take into account. And there are security differences > both between SSL 3.0 and TLS 1.0 *and* between TLS 1.0 and TLS 1.1: > TLS 1.1 uses explicit IVs for CBC encryption to avoid deficiencies > present in both earlier versions; SSL 3.0 has additional weaknesses > due to its failure to completely specify block cipher padding > (as I pointed out in > http://www.imc.org/ietf-tls/mail-archive/msg03983.html). Right. I'll rewrite this. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > Section 7.4.3 defines > > struct { > opaque rsa_modulus<1..2^16-1>; > opaque rsa_exponent<1..2^16-1>; > } ServerRSAParams; > > struct { > opaque dh_p<1..2^16-1>; > opaque dh_g<1..2^16-1>; > opaque dh_Ys<1..2^16-1>; > } ServerDHParams; /* Ephemeral DH parameters */ > > but Appendix A.4.2 has capitalized versions of the names. > > struct { > opaque RSA_modulus<1..2^16-1>; > opaque RSA_exponent<1..2^16-1>; > } ServerRSAParams; > > struct { > opaque DH_p<1..2^16-1>; > opaque DH_g<1..2^16-1>; > opaque DH_Ys<1..2^16-1>; > } ServerDHParams; > > Generally, the principle appears to be that field names should be > [mostly] lower-case, with capital letters reserved for type names, > so it's A.4.2 that should be changed. > > > And in A.4.3, the type definition for ClientKeyExchange refers to a > "DiffieHellmanClientPublicValue" type. But this should actually > be "ClientDiffieHellmanPublic". OK. -Ekr _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-11.txt Internet-Drafts
- Re: [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-1… Yngve Nysaeter Pettersen
- [TLS] PKCS #1 block type Satoshi Akimoto
- Re: [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-1… Bodo Moeller
- Re: [TLS] PKCS #1 block type Peter Gutmann
- Re: [TLS] PKCS #1 block type EKR
- Re: [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-1… Eric Rescorla
- Re: [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-1… Franke, Markus
- Re: [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-1… EKR
- Re: [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-1… Eric Rescorla
- Re: [TLS] I-D ACTION:draft-ietf-tls-rfc2246-bis-1… Yngve N. Pettersen (Developer Opera Software ASA)