Re: [TLS] Changes to draft-ietf-tls-dtls-heartbeat resulting from IESG review

"Dan Harkins" <> Mon, 05 December 2011 17:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1222021F8C53 for <>; Mon, 5 Dec 2011 09:04:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9qGkgEXVDp3M for <>; Mon, 5 Dec 2011 09:04:24 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 648E421F8C0D for <>; Mon, 5 Dec 2011 09:04:24 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id 02EA5A88810C; Mon, 5 Dec 2011 09:04:24 -0800 (PST)
Received: from (SquirrelMail authenticated user by with HTTP; Mon, 5 Dec 2011 09:04:24 -0800 (PST)
Message-ID: <>
In-Reply-To: <>
References: <> <>
Date: Mon, 5 Dec 2011 09:04:24 -0800 (PST)
From: "Dan Harkins" <>
To: "Nikos Mavrogiannopoulos" <>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: Re: [TLS] Changes to draft-ietf-tls-dtls-heartbeat resulting from IESG review
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 05 Dec 2011 17:04:25 -0000

On Mon, December 5, 2011 1:37 am, Nikos Mavrogiannopoulos wrote:
> On Mon, Dec 5, 2011 at 7:13 AM, Joe Salowey <>; wrote:
>> Some changes were made to the document as part of IESG review.  The
>> revised document and diffs can be found here:
>> One of the requested changes was to randomize to the data in the
>> heartbeat message to attempt to head of any issues occurring from weak
>> or flawed ciphers.   Since the change was relatively simple, the
>> document was modified even though modern ciphers should not have a
>> problem.  Flaws may be discovered in one of the many cipher suites in
>> the future.
> Are there any papers or cipher documentation discussing how using
> randomized data in a packet would solve possible future cipher flaws?

  Check out "Deterministic Authenticated Encryption"* by Rogaway and
Shrimpton. It defines a cipher mode for key-wrapping but the proof of
security (appendix C) is based on the notion of randomized data in the
packet-- i.e. that part of the data (the key) being wrapped is random.

  They also treat this new cipher mode as a general IV-based authenticated
encryption scheme that has the property of misuse-resistance (section 7).