Re: [TLS] [Technical Errata Reported] RFC5288 (4694)
Judson Wilson <wilson.judson@gmail.com> Mon, 16 May 2016 03:24 UTC
Return-Path: <wilson.judson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A32212D0C1 for <tls@ietfa.amsl.com>; Sun, 15 May 2016 20:24:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GSj0uBR5axEO for <tls@ietfa.amsl.com>; Sun, 15 May 2016 20:24:13 -0700 (PDT)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77F3212D0A4 for <tls@ietf.org>; Sun, 15 May 2016 20:24:13 -0700 (PDT)
Received: by mail-io0-x229.google.com with SMTP id d62so195622853iof.2 for <tls@ietf.org>; Sun, 15 May 2016 20:24:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=DDadoGSkRJKEdsAVMFuju8Cyax/Y6UzsHhhBHOlozoA=; b=d48EcMjQ1LHpLaz5VdCV6OwQ/Mm/13WhsW0ruBZCTqtCiPwyg4gEG4oy9u76myw5un a22cysKcDodnDxqiJfI1Ur5RbW501MRwdZFT6fLZqLUO2eM0xRLRh8eeyK9yl484Nh03 nyjkyS6BpHL6Fx86p62CmKEynBxJqdqlPvNxL6LMxHnqfcnFWXeeAaS+pAfweMo/14cR guWcvdtywPX7rKXIEDxWvuZKQlBknROGtZAxEMvfeCaF3Qba6fuh6C5VDkIFCIe1CEAS cNAHqUA0bE/L95ZD/IeKOgD3C4/h/e0qNJvLAa82tl2Ebzhb9GTGGWe61KyIYASOiXSI CW9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=DDadoGSkRJKEdsAVMFuju8Cyax/Y6UzsHhhBHOlozoA=; b=fRz5mVmeXxrWyKcOYfcFXsBj1suY2++phQHjy8zvocorIbUGptC48SqR2mFD4HrCsM 0HPNB8SwcMde0ZNILPPMZnioIeJvJFgDdDEDGNdvnsZzSSLHOD/NgWYJ+BWfXaEm1FLc W9hTxklRzC4Mt0n3a/+MRom2x/slibQ+3y+N6r4TCTd1U5MOJ8BviAqJvtDzz3M+DuSx swNtkjdUs9tSwrkwPQEN87Cy+STXWPF+zlBCnYcGsBYdoO9QeuobFot1sdsljgnYoeSx x804jb6KBWxs4RcTuMR3do8tC/gdJr8EURQMNvVaxgW6iGXO3czs7j8817Qos2r+VO22 wI+Q==
X-Gm-Message-State: AOPr4FV6ySJeoB5KOQUm23gznDVfZqHjSZ+iVV9JUKilcBE/f7Puaa03SooRbuC2cz+3HY7XJ/Ildi4q40ARZA==
MIME-Version: 1.0
X-Received: by 10.107.146.134 with SMTP id u128mr18333880iod.189.1463369052892; Sun, 15 May 2016 20:24:12 -0700 (PDT)
Received: by 10.64.16.132 with HTTP; Sun, 15 May 2016 20:24:12 -0700 (PDT)
In-Reply-To: <CAOgPGoBWi-=wGfFFBRNb_XTQU-JuL_Yk6L6gsPrm5AbY_Unoaw@mail.gmail.com>
References: <20160514082717.7997D180004@rfc-editor.org> <9A043F3CF02CD34C8E74AC1594475C73F4C80CD0@uxcn10-5.UoA.auckland.ac.nz> <5738C35B.2070504@openfortress.nl> <CAOgPGoBWi-=wGfFFBRNb_XTQU-JuL_Yk6L6gsPrm5AbY_Unoaw@mail.gmail.com>
Date: Sun, 15 May 2016 20:24:12 -0700
Message-ID: <CAB=4g8LvuXb_gKfqoho+rpovbX4FuXXXb4Y3Y0r68hOS3nKdZg@mail.gmail.com>
From: Judson Wilson <wilson.judson@gmail.com>
To: Joseph Salowey <joe@salowey.net>
Content-Type: multipart/alternative; boundary="94eb2c055bfa92baa30532ed2817"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/c95baCdupj17sdFWB3IAfvhs6Do>
Cc: "sean+ietf@sn3rd.com" <sean+ietf@sn3rd.com>, "Kathleen.Moriarty.ietf@gmail.com" <Kathleen.Moriarty.ietf@gmail.com>, "mcgrew@cisco.com" <mcgrew@cisco.com>, "jsalowey@cisco.com" <jsalowey@cisco.com>, "tls@ietf.org" <tls@ietf.org>, "abhijitc@cisco.com" <abhijitc@cisco.com>, RFC Errata System <rfc-editor@rfc-editor.org>
Subject: Re: [TLS] [Technical Errata Reported] RFC5288 (4694)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2016 03:24:15 -0000
The way I read the first draft, the wording made it sound like "nonce" was a contraction of the words "(N)umber used (once)". I thought I learned something. Then I looked it up, and unfortunately, that is not the case, as cute as it would be. That is the problem with the wording. Even if a nonce is number that is only used once, the word is not derived from omitting letters from the phrase, so we shouldn't mislead people into believing that. Removing the scare quotes is sufficient to prevent this misunderstanding. On Sun, May 15, 2016 at 7:23 PM, Joseph Salowey <joe@salowey.net> wrote: > > On Sun, May 15, 2016 at 11:43 AM, Rick van Rein <rick@openfortress.nl> > wrote: > >> Hi, >> >> > I think the erratum needs an erratum. Firstly, "nonce" doesn't mean >> "number >> > used once", and secondly nonce re-use in AES-GCM doesn't just result in >> > "catastrophic failure of it's authenticity", it results in catastrophic >> > failure of the entire mode, both confidentiality and >> integrity/authenticity. >> >> I'd like to add that I don't see a difference between a "failure" and a >> "catastrophic failure". It's probably better to stay away from subjective >> words like that. >> >> > [Joe] It would be better to state what actually fails: > > "Nonce re-use in AES-GCM allows for the recovery of the authentication > key resulting in complete failure of the mode's authenticity. Hence, TLS > sessions can be effectively attacked through forgery by an adversary. > This enables an attacker to inject data into the TLS allowing for XSS and > other attack vectors. " > > > >> -Rick >> > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Aaron Zauner
- [TLS] [Technical Errata Reported] RFC5288 (4694) RFC Errata System
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Peter Gutmann
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Rick van Rein
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Peter Gutmann
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Aaron Zauner
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Aaron Zauner
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Tony Arcieri
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Joseph Salowey
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Judson Wilson
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Peter Gutmann
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Atul Luykx
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Peter Gutmann
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Yoav Nir
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Aaron Zauner
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Paterson, Kenny
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Aaron Zauner
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Paterson, Kenny
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Aaron Zauner
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Paterson, Kenny
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Aaron Zauner
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Aaron Zauner
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Aaron Zauner
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Joseph Lorenzo Hall
- Re: [TLS] [Technical Errata Reported] RFC5288 (46… Megan Ferguson
- [TLS] [Errata Verified] RFC5288 (4694) RFC Errata System
- Re: [TLS] [Errata Verified] RFC5288 (4694) Peter Gutmann