IETF Logo Mail Archive

Re: [TLS] Preventing cross-protocol attacks in TLS protocol

Nikos Mavrogiannopoulos <nmav@gnutls.org> Fri, 01 June 2012 09:38 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24C1821F8534 for <tls@ietfa.amsl.com>; Fri, 1 Jun 2012 02:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9kU3u0jVgZ7v for <tls@ietfa.amsl.com>; Fri, 1 Jun 2012 02:38:11 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 6328D21F8532 for <tls@ietf.org>; Fri, 1 Jun 2012 02:38:11 -0700 (PDT)
Received: by wgbdr13 with SMTP id dr13so1229969wgb.13 for <tls@ietf.org>; Fri, 01 Jun 2012 02:38:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=rU4hvIqe/Q/H2jPW+AX8szVPOgpzC3KZMZY9Hf1q1WQ=; b=RXAgmL1UsHITvwhwcOOuJUM9PSs3IsLHkEXkgj7Y9Ex3RT00KVFjSLxKF0sADGhJBO u+MMsDzO4pO4I95mgSNrNxzspLyYleLruQpjGR/YUcGJ4D5BnGlgF2UaL2TT+sLKlMr6 h9aAHHHWXkmOuhsVu0BFUee3wiOcG5pnbQQXZy8qfekqvtSab+XQQy00OmOKh7dfzvps QH1fApT9yX3u0TluerpG2JKIl5NqdOi0cMDW8fnpaxiZuVXej3JWDCwdDQM0LygxDOgf 8sGsZTfGTirTr/jmBRMC5GkL+t/JrSwz42Yd19ponfY2ZDiK6Bq4xw8kcpdp8Ksobu/x +rKw==
MIME-Version: 1.0
Received: by 10.216.145.97 with SMTP id o75mr1794985wej.7.1338543490471; Fri, 01 Jun 2012 02:38:10 -0700 (PDT)
Sender: n.mavrogiannopoulos@gmail.com
Received: by 10.180.103.228 with HTTP; Fri, 1 Jun 2012 02:38:10 -0700 (PDT)
In-Reply-To: <4FB55702.3090408@extendedsubset.com>
References: <CAJU7zaKQtP9UVi6pMK=Yz4jznf1fh9HDL6UPsUcuzu3Twk6H2g@mail.gmail.com> <4FB55702.3090408@extendedsubset.com>
Date: Fri, 01 Jun 2012 11:38:10 +0200
X-Google-Sender-Auth: ahu1vSKucufrlCiJv2ptoUbcGH8
Message-ID: <CAJU7zaLG8VCgeLiVWPSS-uvJavPnanVCMc_OnpybiZ5HyRZFpA@mail.gmail.com>
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: tls@ietf.org
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [TLS] Preventing cross-protocol attacks in TLS protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 09:38:12 -0000

On Thu, May 17, 2012 at 9:52 PM, Marsh Ray <marsh@extendedsubset.com> wrote:

> I think this is a good robustness improvement to the protocol and may bring
> other benefits. I actually considered including a very similar change in
> draft-ray-encrypted-handshake, but did not do so primarily due to scope.
> However, draft-mavrogiannopoulos-tls-server-key-exchage does not protect
> against the attack described.

I have improved the document to handle the case where both server and
client support the extension but the client does not require it to be
present. This comes at the cost of reducing the server random bytes to
28.

http://www.ietf.org/id/draft-mavrogiannopoulos-tls-cross-protocol-00.txt

regards,
Nikos

v2.23.0 | Report a Bug | By Email