IETF Logo Mail Archive

Re: [TLS] TLS1.3

Nikos Mavrogiannopoulos <nmav@gnutls.org> Thu, 07 February 2013 09:47 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B01921F84C0 for <tls@ietfa.amsl.com>; Thu, 7 Feb 2013 01:47:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id duCsa1ayaugd for <tls@ietfa.amsl.com>; Thu, 7 Feb 2013 01:47:22 -0800 (PST)
Received: from mail-ie0-x22c.google.com (mail-ie0-x22c.google.com [IPv6:2607:f8b0:4001:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 4EEC321F854C for <tls@ietf.org>; Thu, 7 Feb 2013 01:47:22 -0800 (PST)
Received: by mail-ie0-f172.google.com with SMTP id c10so3238025ieb.31 for <tls@ietf.org>; Thu, 07 Feb 2013 01:47:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=zpsivh42eEcVBaglSTPtOTrgLH4auAr07swVLPZTldw=; b=XA65KP/0sQenxMo+FMag2Au86LUucc2RQp05zN5WhmW6J5a/sxMUOTZ/CWNU7MsPtN kTzVsOle1M4ZnRPSgIIx7F1kWRLKt28Zm4+16SbKrPkiUWhZSvo7TdzlGyJpM74djA1f 41a0pTTBAT02DD34m8YyaXIJ6PVEni7+9KK4gVfAK7tcl4nwc3+FNk8xu9mg3OPJHq/M VsGXef/K47GjvDAwF9WMKz1INmNxGGh+NuRPdID/k0J+761FIdC6jDoGWZWB0dj01Tt1 K3lptOTcM9cfuAjk+nn3cVXbpjdI50OknnEqpwCqgEsvB6JRXuhPNPJcVh5nB6KDfja5 PP7w==
MIME-Version: 1.0
X-Received: by 10.42.46.141 with SMTP id k13mr1062357icf.46.1360230441906; Thu, 07 Feb 2013 01:47:21 -0800 (PST)
Sender: n.mavrogiannopoulos@gmail.com
Received: by 10.64.58.76 with HTTP; Thu, 7 Feb 2013 01:47:21 -0800 (PST)
In-Reply-To: <AAE0766F5AF36B46BAB7E0EFB9273206194A67DCD0@GBTWK10E001.Technology.local>
References: <AAE0766F5AF36B46BAB7E0EFB9273206194A67DCD0@GBTWK10E001.Technology.local>
Date: Thu, 07 Feb 2013 10:47:21 +0100
X-Google-Sender-Auth: SVBFav_yz6hit9bRXceIYrywfa0
Message-ID: <CAJU7zaJzLdf9Ty21uKQ8-GYOoHUFafVDFz7j49jzg5PpZThFcg@mail.gmail.com>
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: "Lewis, Nick" <nick.lewis@usa.g4s.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2013 09:47:24 -0000

On Thu, Feb 7, 2013 at 9:43 AM, Lewis, Nick <nick.lewis@usa.g4s.com> wrote:
> With confidence in the TLS being undermined once again as a result of
> problems with its MAC-Pad-Encrypt mechanism are there any plans to adopt an
> alternative mechanism such as Pad-MAC-Encrypt in TLS1.3?

Indeed that would be useful. The current padding mechanism required
1-2 pages of code to solve the known issues and that may not even be
sufficient, and have yet another attack next year.

For that, in gnutls we have already implemented an extension to
include the pad into the MAC'd data and avoid any padding oracle
attacks. The extension defines a new padding mechanism for all
ciphersuites (with the purpose of length hiding - Alfredo may add more
information on that), that has the side effect of fixing the known TLS
padding issues.

The extension is described at:
http://tools.ietf.org/html/draft-pironti-tls-length-hiding-00

regards,
Nikos

v2.23.0 | Report a Bug | By Email