Re: [TLS] draft-ietf-tls-encrypt-then-mac
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Fri, 11 April 2014 18:36 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DEEF1A036B for <tls@ietfa.amsl.com>; Fri, 11 Apr 2014 11:36:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sya6r-XJ9cyF for <tls@ietfa.amsl.com>; Fri, 11 Apr 2014 11:36:00 -0700 (PDT)
Received: from co9outboundpool.messaging.microsoft.com (co9ehsobe005.messaging.microsoft.com [207.46.163.28]) by ietfa.amsl.com (Postfix) with ESMTP id 9118C1A034A for <tls@ietf.org>; Fri, 11 Apr 2014 11:36:00 -0700 (PDT)
Received: from mail141-co9-R.bigfish.com (10.236.132.237) by CO9EHSOBE008.bigfish.com (10.236.130.71) with Microsoft SMTP Server id 14.1.225.22; Fri, 11 Apr 2014 18:35:32 +0000
Received: from mail141-co9 (localhost [127.0.0.1]) by mail141-co9-R.bigfish.com (Postfix) with ESMTP id 0912D1201CA; Fri, 11 Apr 2014 18:35:32 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.248.5; KIP:(null); UIP:(null); IPV:NLI; H:AMSPRD0310HT003.eurprd03.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -32
X-BigFish: PS-32(zzbb2dI98dI154cP9371I1432Izz1f42h1ee6h1de0h1d18h1fdah2073h2146h1202h1e76h2189h1d1ah1d2ah21bch1fc6h208chzz1de098h1033IL17326ah8275bh8275dh1de097h186068hz2fh109h2a8h839h947he5bhf0ah1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah224fh1d0ch1d2eh1d3fh1dfeh1dffh1fe8h1ff5h209eh2216h22d0h2336h2438h2461h2487h24ach24d7h2516h2545h255eh25cch25f6h2605h268bh26d3h1155h)
Received-SPF: pass (mail141-co9: domain of rhul.ac.uk designates 157.56.248.5 as permitted sender) client-ip=157.56.248.5; envelope-from=Kenny.Paterson@rhul.ac.uk; helo=AMSPRD0310HT003.eurprd03.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10019001)(6009001)(428001)(51704005)(54524002)(24454002)(189002)(199002)(377454003)(479174003)(83072002)(15202345003)(99396002)(20776003)(15975445006)(83506001)(79102001)(76176999)(54356999)(50986999)(77096999)(80022001)(2656002)(19580405001)(85852003)(66066001)(83322001)(87936001)(92566001)(80976001)(77982001)(31966008)(19580395003)(4396001)(74482001)(46102001)(74502001)(76482001)(92726001)(86362001)(74662001)(81342001)(36756003)(81542001); DIR:OUT; SFP:1102; SCL:1; SRVR:DBXPR03MB384; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:7E7AF1EE.8D3244E5.7EE3512C.446AE948.20262; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received: from mail141-co9 (localhost.localdomain [127.0.0.1]) by mail141-co9 (MessageSwitch) id 1397241330729060_25625; Fri, 11 Apr 2014 18:35:30 +0000 (UTC)
Received: from CO9EHSMHS010.bigfish.com (unknown [10.236.132.226]) by mail141-co9.bigfish.com (Postfix) with ESMTP id A3CD54A0047; Fri, 11 Apr 2014 18:35:30 +0000 (UTC)
Received: from AMSPRD0310HT003.eurprd03.prod.outlook.com (157.56.248.5) by CO9EHSMHS010.bigfish.com (10.236.130.20) with Microsoft SMTP Server (TLS) id 14.16.227.3; Fri, 11 Apr 2014 18:35:30 +0000
Received: from DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) by AMSPRD0310HT003.eurprd03.prod.outlook.com (10.255.40.38) with Microsoft SMTP Server (TLS) id 14.16.435.0; Fri, 11 Apr 2014 18:35:54 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) with Microsoft SMTP Server (TLS) id 15.0.918.8; Fri, 11 Apr 2014 18:35:54 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.00.0918.000; Fri, 11 Apr 2014 18:35:53 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Yoav Nir <ynir.ietf@gmail.com>, Alyssa Rowan <akr@akr.io>
Thread-Topic: [TLS] draft-ietf-tls-encrypt-then-mac
Thread-Index: AQHPVZ6AY9C8WLyMEkaEXA//mHyG4JsMqmwAgAAApwCAAADMgIAACdGAgAACNgCAAAT+AIAAElkA
Date: Fri, 11 Apr 2014 18:35:53 +0000
Message-ID: <CF6DF408.1BF1C%kenny.paterson@rhul.ac.uk>
References: <CACsn0cmxQ+HmENgCpeYcfyaM5vW323yqOOAoWaHkhYcExwxS5A@mail.gmail.com> <659cabb0f0f240d19001868304e952f2@BL2PR03MB419.namprd03.prod.outlook.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120B48FB51@USMBX1.msg.corp.akamai.com> <CABcZeBO45OHMOJ3=XpvuSBLQwehr5Cy8r_-+-HPEn6yqevXPBw@mail.gmail.com> <9f41a80fdbe243f2915b79d700b7915e@BL2PR03MB419.namprd03.prod.outlook.com> <53483080.1090207@akr.io> <3FDBCD10-DC22-4DB2-9BAB-C0F72277CF08@gmail.com>
In-Reply-To: <3FDBCD10-DC22-4DB2-9BAB-C0F72277CF08@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
x-originating-ip: [134.219.227.30]
x-forefront-prvs: 0178184651
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <956BE4EFD38CD5409ED2650CA2B756AA@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/eVO6njPoZa8HbdYK-OOxIMgZc2w
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-encrypt-then-mac
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Apr 2014 18:36:05 -0000
On 11/04/2014 19:30, "Yoav Nir" <ynir.ietf@gmail.com> wrote: > >On Apr 11, 2014, at 9:12 PM, Alyssa Rowan <akr@akr.io> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> On 11/04/2014 19:04, Andrei Popov wrote: >> >>> I believe UTA has added some text describing RC4 vulnerabilities to >>> one of their BCP I-Ds. Which is a good thing, but I think the TLS >>> WG should still consider fully deprecating RC4. >>> >>> Since the previous RC4 deprecation draft expired, I re-submitted >>> it: http://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-02 >> >> I think the WG should adopt this draft. RC4 is critically weak, or >> worse. +1 >> > > >-1 > >RC4 is also used in other protocols such as SSH (See RFC 4345), and the >(in)security considerations apply there as well. So I think this document >should proceed as AD-sponsored individual or a CFRG document, and not >specifically a TLS document. I tend to disagree. RC4 is *widely* used in TLS, and the specific attacks referred to in Andrei's draft are for TLS. It's the TLS WG's responsibility to clean up its own problems. >It is strange that the IETF would publish a die-die-die document only >three years after RFC 6229, but that¹s life, I guess. That's irrelevant. The state of cryptanalytic knowledge changes, and IETF has to respond to that. Cheers, Kenny
- Re: [TLS] draft-ietf-tls-encrypt-then-mac Yoav Nir
- [TLS] draft-ietf-tls-encrypt-then-mac Watson Ladd
- Re: [TLS] draft-ietf-tls-encrypt-then-mac Andrei Popov
- Re: [TLS] draft-ietf-tls-encrypt-then-mac Salz, Rich
- Re: [TLS] draft-ietf-tls-encrypt-then-mac Eric Rescorla
- Re: [TLS] draft-ietf-tls-encrypt-then-mac Andrei Popov
- Re: [TLS] draft-ietf-tls-encrypt-then-mac Alyssa Rowan
- Re: [TLS] draft-ietf-tls-encrypt-then-mac Paterson, Kenny
- Re: [TLS] draft-ietf-tls-encrypt-then-mac Yoav Nir
- Re: [TLS] draft-ietf-tls-encrypt-then-mac Stephen Farrell
- Re: [TLS] draft-ietf-tls-encrypt-then-mac Michael D'Errico