IETF Logo Mail Archive

Re: [TLS] Kill Finished (and other tricks for hardware)

Henrick Hellström <henrick@streamsec.se> Fri, 18 April 2014 15:17 UTC

Return-Path: <henrick@streamsec.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 202671A01EF for <tls@ietfa.amsl.com>; Fri, 18 Apr 2014 08:17:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.15
X-Spam-Level:
X-Spam-Status: No, score=0.15 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id slUS5yx67p7S for <tls@ietfa.amsl.com>; Fri, 18 Apr 2014 08:17:29 -0700 (PDT)
Received: from vsp4.ballou.se (vsp4.ballou.se [91.189.40.102]) by ietfa.amsl.com (Postfix) with SMTP id C71851A01AF for <tls@ietf.org>; Fri, 18 Apr 2014 08:17:28 -0700 (PDT)
Received: from nmail1.ballou.se (unknown [10.0.0.116]) by vsp4.ballou.se (Halon Mail Gateway) with ESMTP for <tls@ietf.org>; Fri, 18 Apr 2014 17:14:22 +0200 (CEST)
Received: from [192.168.0.195] (c-a2c1e555.06-134-73746f39.cust.bredbandsbolaget.se [85.229.193.162]) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id 2031B1DEB7 for <tls@ietf.org>; Fri, 18 Apr 2014 17:17:23 +0200 (CEST)
Message-ID: <535141E7.2000001@streamsec.se>
Date: Fri, 18 Apr 2014 17:16:55 +0200
From: Henrick Hellström <henrick@streamsec.se>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: tls@ietf.org
References: <CACsn0cm7CU3HBOY-m90+HwGBuw+nZ7vyqRdHZcfDjw7wiTmDMw@mail.gmail.com> <5350BF46.7000608@pobox.com>
In-Reply-To: <5350BF46.7000608@pobox.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/gV4q6rIQCxkA24MbWYjfIj2ggQU
Subject: Re: [TLS] Kill Finished (and other tricks for hardware)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 15:17:31 -0000

On 2014-04-18 07:59, Michael D'Errico wrote:
> This is a much weaker failure indication than checking the Finished
> messages, so I'd prefer to keep them.  Can you think of an alternate
> construction for the Finished message that doesn't use the PRF?

Indeed. The client (being the last peer of the connection to send a 
random handshake message, and being in a position to pick the 
pre_master_secret) will have a quadratically improved chance of picking 
a specific master_secret.

v2.23.0 | Report a Bug | By Email