Re: [TLS] Rizzo claims implementation attach, should be interesting
Phillip Hallam-Baker <hallam@gmail.com> Tue, 20 September 2011 20:01 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADDE421F8B01 for <tls@ietfa.amsl.com>; Tue, 20 Sep 2011 13:01:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.466
X-Spam-Level:
X-Spam-Status: No, score=-3.466 tagged_above=-999 required=5 tests=[AWL=0.132, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KbWT1xviN2eo for <tls@ietfa.amsl.com>; Tue, 20 Sep 2011 13:01:57 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 082BD21F8AFA for <tls@ietf.org>; Tue, 20 Sep 2011 13:01:56 -0700 (PDT)
Received: by gyd12 with SMTP id 12so790507gyd.31 for <tls@ietf.org>; Tue, 20 Sep 2011 13:04:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RspFcP6Jcs4M6tfGBmvt6H51eDugRoJSU6AiIvhDtSw=; b=ip/OxuE2vVFz+pGaE7jkHvlsU4ciGstQ5Veoxohu83yu+pGAKi1Xk3Q9XBBsUtPQ47 5FRfjtQuqxnRIdeY37prI4hdTNvt2iW5qQsEZgc2VVIGpqZRfbUHC6gDeh0L6YOUWH9+ eB+yjL1dtl0Xfc4lSkigQH6drFX/oc9WmfZm0=
MIME-Version: 1.0
Received: by 10.101.218.6 with SMTP id v6mr1174083anq.140.1316549063562; Tue, 20 Sep 2011 13:04:23 -0700 (PDT)
Received: by 10.101.71.4 with HTTP; Tue, 20 Sep 2011 13:04:23 -0700 (PDT)
In-Reply-To: <201109201521.p8KFLR81001748@fs4113.wdf.sap.corp>
References: <4E77FAF6.90707@extendedsubset.com> <201109201521.p8KFLR81001748@fs4113.wdf.sap.corp>
Date: Tue, 20 Sep 2011 16:04:23 -0400
Message-ID: <CAMm+Lwh47fs7FGRZ0mTFCMDhNZc8nfZ+2UEbKpLNEiYn6DXZpg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: mrex@sap.com
Content-Type: multipart/alternative; boundary="001636ed746443565804ad64f764"
Cc: asteingruebl@paypal-inc.com, tls@ietf.org
Subject: Re: [TLS] Rizzo claims implementation attach, should be interesting
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Sep 2011 20:01:57 -0000
On Tue, Sep 20, 2011 at 11:21 AM, Martin Rex <mrex@sap.com> wrote: > Marsh Ray wrote: > > But why split hairs over it? It breaks a basic security properties of > > the system even if the application designer has done everything > > according to the recommendations in the spec. > > Wrong. I do not believe that it breaks any of the security properties. > It does break some flawed assumptions. > > SSL was NEVER designed with a promise that you could multiplex > data from an evil attack with data from a victim over the very same > SSL connection and be secure against adaptive chose plaintext > attacks trying to recover data from the victim. > SSL came before Javascript and even before cookies. So this is certainly outside the model. Adding AES in CBC mode probably came after the model had been changed though. If we want to avoid this type of attack we should probably change the encryption mode. I don't like stream ciphers in general, but SSL was designed round one and has been extensively verified when a stream cipher is used. >From a design point of view, re-use of the same key to encrypt each block is bad news and turning a block cipher into a stream cipher is bad news. Anyone know why CBC is so popular vs PCBC? -- Website: http://hallambaker.com/
- Re: [TLS] Rizzo claims implementation attach, sho… David Wagner
- [TLS] Rizzo claims implementation attach, should … Tim Dierks
- Re: [TLS] Rizzo claims implementation attach, sho… Peter Gutmann
- Re: [TLS] Rizzo claims implementation attach, sho… =JeffH
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Steingruebl, Andy
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Marsh Ray
- Re: [TLS] Rizzo claims implementation attach, sho… Eric Rescorla
- Re: [TLS] Rizzo claims implementation attach, sho… Eric Rescorla
- Re: [TLS] Rizzo claims implementation attach, sho… Yoav Nir
- Re: [TLS] Rizzo claims implementation attach, sho… Marsh Ray
- Re: [TLS] Rizzo claims implementation attach, sho… Yoav Nir
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Marsh Ray
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Eric Rescorla
- Re: [TLS] Rizzo claims implementation attach, sho… Phillip Hallam-Baker
- Re: [TLS] Rizzo claims implementation attach, sho… Nico Williams
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Marsh Ray
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Geoffrey Keating
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… =JeffH
- Re: [TLS] Rizzo claims implementation attach, sho… Nico Williams
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Nico Williams
- Re: [TLS] Rizzo claims implementation attach, sho… Marsh Ray
- Re: [TLS] Rizzo claims implementation attach, sho… Nico Williams
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Eric Rescorla
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Yngve N. Pettersen
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Yngve N. Pettersen
- Re: [TLS] Rizzo claims implementation attach, sho… Martin Rex
- Re: [TLS] Rizzo claims implementation attach, sho… Yoav Nir