Re: [TLS] TLS and KCI vulnerable handshakes

Watson Ladd <watsonbladd@gmail.com> Sun, 23 August 2015 01:40 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBA911A89FC for <tls@ietfa.amsl.com>; Sat, 22 Aug 2015 18:40:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Level:
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HCAgbDB2nKzT for <tls@ietfa.amsl.com>; Sat, 22 Aug 2015 18:40:03 -0700 (PDT)
Received: from mail-wi0-x22c.google.com (mail-wi0-x22c.google.com [IPv6:2a00:1450:400c:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B153D1A89FD for <tls@ietf.org>; Sat, 22 Aug 2015 18:40:02 -0700 (PDT)
Received: by wicne3 with SMTP id ne3so43150139wic.0 for <tls@ietf.org>; Sat, 22 Aug 2015 18:40:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Fj2WJXMPqB6fSNYoSaklOEhcOty5OLSwEF6DdBcaj9Q=; b=JvTzYmm1DTp946gvK3o/isFffJ8HhHAlf7gOoE9f7XRJjKgBqAgvqAJXFztrd0+y8s IqCqcIS7kO7VM3eg+rF+zS3PYUjs3R76w1rmOlmArHUYb+jAEL8E55kmIdl0xB09lXnK Jv7Lgw6/o12zcb8jlgqW0czeJioFkrgzcapR5mHTraDTNL3Jxz5bGToSYinj7zl/zFNH EST6wlwTXV4GDxrareNC4XRiji75tCuRhrIp6y8EFJbOLc2qpbuhe74UP8lsteYupClE bQUFJYUS6oc7GF/3TbeeJmuTxSIsLXlfxoWvaqeaPFKblhWBrsGCsAp8uiTUbSP8x87J NWBA==
MIME-Version: 1.0
X-Received: by 10.180.219.41 with SMTP id pl9mr17849563wic.30.1440294001285; Sat, 22 Aug 2015 18:40:01 -0700 (PDT)
Received: by 10.28.132.11 with HTTP; Sat, 22 Aug 2015 18:40:01 -0700 (PDT)
In-Reply-To: <4f1c28360a0441219cbb21799ecb88be@ustx2ex-dag1mb2.msg.corp.akamai.com>
References: <55C8CD7A.7030309@rise-world.com> <9A043F3CF02CD34C8E74AC1594475C73F4AD80F3@uxcn10-5.UoA.auckland.ac.nz> <55CA821B.9090101@rise-world.com> <9A043F3CF02CD34C8E74AC1594475C73F4ADDD17@uxcn10-5.UoA.auckland.ac.nz> <20150817151814.GE24426@mournblade.imrryr.org> <9A043F3CF02CD34C8E74AC1594475C73F4ADDF25@uxcn10-5.UoA.auckland.ac.nz> <4f1c28360a0441219cbb21799ecb88be@ustx2ex-dag1mb2.msg.corp.akamai.com>
Date: Sat, 22 Aug 2015 18:40:01 -0700
Message-ID: <CACsn0cmF=P4Gf8QT1WczDxGTCn2k9zjzbuTDGTs0Q=dLqpxNyQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Rich Salz <rsalz@akamai.com>
Content-Type: multipart/alternative; boundary="001a1135fbc651a07d051df0949a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/c7Mtu6OrafMzbWb33Shoz0hfZw4>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS and KCI vulnerable handshakes
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Aug 2015 01:40:06 -0000

On Aug 17, 2015 9:08 AM, "Salz, Rich" <rsalz@akamai.com> wrote:
>
> > I was more interested in the motivation.  Same for Apple,
> > why would you implement something that pretty much no-one else (at the
> > time) supported, and for good reason?
>
> Perhaps because this was a year before Snowden and the mindset was
unquestioning complete RFC implementation?

<rant>

We've known since at least 2001 that the TLS RFC contains misfeatures. Core
OpenSSL developers wrote documents detailing how TLS connections can be
attacked through the use of these features, documents still sitting on the
OpenSSL website, dated 2004.  These documents were not brought up on the
TLS mailing list, or at TLS meetings. It's not until 2011 that we started
to see fixes for these problems. Why wasn't the attitude always one of
maintaining security for users?

If Snowden told you the Internet was a scary place, you weren't paying
attention.

</rant>

> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls