IETF Logo Mail Archive

Re: [TLS] Rizzo claims implementation attach, should be interesting

Eric Rescorla <ekr@rtfm.com> Tue, 20 September 2011 15:25 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77EF221F8CB8 for <tls@ietfa.amsl.com>; Tue, 20 Sep 2011 08:25:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.906
X-Spam-Level:
X-Spam-Status: No, score=-102.906 tagged_above=-999 required=5 tests=[AWL=0.071, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H0ux6921h+cd for <tls@ietfa.amsl.com>; Tue, 20 Sep 2011 08:25:29 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id C19F021F8CAB for <tls@ietf.org>; Tue, 20 Sep 2011 08:25:28 -0700 (PDT)
Received: by wyg24 with SMTP id 24so726864wyg.31 for <tls@ietf.org>; Tue, 20 Sep 2011 08:27:54 -0700 (PDT)
Received: by 10.227.165.202 with SMTP id j10mr1098121wby.18.1316532474243; Tue, 20 Sep 2011 08:27:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.55.82 with HTTP; Tue, 20 Sep 2011 08:27:34 -0700 (PDT)
In-Reply-To: <201109201521.p8KFLR81001748@fs4113.wdf.sap.corp>
References: <4E77FAF6.90707@extendedsubset.com> <201109201521.p8KFLR81001748@fs4113.wdf.sap.corp>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 20 Sep 2011 08:27:34 -0700
Message-ID: <CABcZeBOEa-H38859XTnUbNYYYEOzBGF7RJseCQ8ZWBbHthGbFA@mail.gmail.com>
To: mrex@sap.com
Content-Type: text/plain; charset="ISO-8859-1"
Cc: asteingruebl@paypal-inc.com, tls@ietf.org
Subject: Re: [TLS] Rizzo claims implementation attach, should be interesting
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Sep 2011 15:25:29 -0000

On Tue, Sep 20, 2011 at 8:21 AM, Martin Rex <mrex@sap.com> wrote:
> Marsh Ray wrote:
>>
>> I've not been told the details of Duong and Rizzo's attack and haven't
>> seen "the BEAST" in action yet, so I'm not sure if that would be
>> sufficient to fix CBC in TLS 1.0. I am slightly annoyed at these guys
>> for dribbling out the information one hint at a time like this.
>
> The "ekoparty conference" is 21-23 Sep., and usually if you get a
> paper accepted for a conference, you're not supposed to publish
> before the conference...

For what it's worth, that's not the convention in most academic security
conferences I've been involved with (e.g., USENIX Security, ISOC NDSS,
IEEE Oakland). Indeed, it's common to see papers submitted (i.e.,
not even accepted!) that have already been distributed on the author's
web sites. I don't know what the rules for ekoparty are, however.

-Ekr

v2.23.0 | Report a Bug | By Email