Re: [TLS] WGLC: draft-ietf-tls-session-hash
Stephen Checkoway <s@pahtak.org> Mon, 24 November 2014 00:12 UTC
Return-Path: <s@pahtak.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38E9B1A1B66 for <tls@ietfa.amsl.com>; Sun, 23 Nov 2014 16:12:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GaYtj2yDxB_O for <tls@ietfa.amsl.com>; Sun, 23 Nov 2014 16:12:52 -0800 (PST)
Received: from mail-qc0-f170.google.com (mail-qc0-f170.google.com [209.85.216.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 451781A1B65 for <tls@ietf.org>; Sun, 23 Nov 2014 16:12:52 -0800 (PST)
Received: by mail-qc0-f170.google.com with SMTP id x3so6157568qcv.15 for <tls@ietf.org>; Sun, 23 Nov 2014 16:12:51 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:content-transfer-encoding:message-id:references:to; bh=g34H/cduIQUzTV37YR+GKH/x5HSHWV0smnxAhZW5b8g=; b=WHnuVMTr1GQBlvWUGVOgbZWjiCKDiMYoVu+HNOm1zfG867+f2ZSKqCD+3BNL0pxYi9 3SVld2SR+v4NOYrE6EDqUJfbKmmlHnY5NFBHoT2X1ncu58G1T0QFOoJeMBY55eEJbi7J fhijN5k15RfA6iD+ckLtRmUxM+e143a0IWewQkbkQXLICbrZNoSQnGergmgGVorwokZ/ 9UbC6ghYQ8Zkuqpniq7unggg0cGVtlVtJjTsdPVXxIab2iDrTXTeZaBQDWfTWvKVFdpR b+74YwJroZHfGii37drocTohkTk0DKBGaJzLly5yTwDhYO7VsSSwt17Ww41ZrxgAsWlb au3A==
X-Gm-Message-State: ALoCoQlyOcJAyrcFdOeHN5nVZionvE/MsSCiJoh3QfDYEDLVPq3crOSQeWYMMV2LdILaFS2FwA0e
X-Received: by 10.224.30.74 with SMTP id t10mr25930623qac.8.1416787971432; Sun, 23 Nov 2014 16:12:51 -0800 (PST)
Received: from zbox.pahtak.org ([68.48.196.126]) by mx.google.com with ESMTPSA id o30sm8216327qge.33.2014.11.23.16.12.49 for <tls@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 23 Nov 2014 16:12:50 -0800 (PST)
Received: from [10.0.1.8] (ip-210-102.oberlin.net [208.66.210.102]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by zbox.pahtak.org (Postfix) with ESMTPSA id 11930AC2842 for <tls@ietf.org>; Sun, 23 Nov 2014 19:12:47 -0500 (EST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Stephen Checkoway <s@pahtak.org>
In-Reply-To: <E3E12F78-101D-4BA8-9EFB-53C24362066E@ieca.com>
Date: Sun, 23 Nov 2014 19:12:47 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <0AD24619-98DE-4D23-922A-E856B7B5B279@pahtak.org>
References: <E3E12F78-101D-4BA8-9EFB-53C24362066E@ieca.com>
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/j3ZVo6F7pKKxypge10kcRfQAVrI
Subject: Re: [TLS] WGLC: draft-ietf-tls-session-hash
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2014 00:12:54 -0000
On Nov 23, 2014, at 2:49 PM, Sean Turner <turners@ieca.com> wrote: > This is the working group last call for http://datatracker.ietf.org/doc/draft-ietf-tls-session-hash/. Please review the document and send your comments to the list by Friday, December 12, 2014. Minor editorial comments: Synchronization of the "verify_data" in abbreviated handshakes also undermines the security guarantees of the renegotiation indication extension [RFC5746], re-enabling a prefix-injection flaw similar to the renegotiation attack [Ray09]. However, in a triple handshake attack, the client sees the server certificate changing across different full handshakes. Hence, a precondition to mount this stage of the attack is that the client accepts different certificates at each handshake, even if their common names do not match. Before the triple handshake attack was discovered, this used to be widespread behavior, at least among some web browsers, that where hence vulnerable to the attack. 1. I think it should be "...accepts different certificates _for_ each handshake..." 2. I'm not entirely sure what the final sentence is saying. It doesn't make sense for "the attack" to refer to the triple handshake attack (which is the most recently mentioned attack). Is it saying that browsers were vulnerable to a prefix-injection attack à la the renegotiation attack (which is referred to as a flaw rather than attack in the paragraph)? 3. "that where hence" should be something else, but I'm not sure what exactly that sentence means. -- Stephen Checkoway
- [TLS] WGLC: draft-ietf-tls-session-hash Sean Turner
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Stephen Checkoway
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Yoav Nir
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Adam Langley
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Nico Williams
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Stephen Checkoway
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Yoav Nir
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Nico Williams
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Eric Rescorla
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Martin Thomson
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Eric Rescorla
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Martin Thomson
- Re: [TLS] WGLC: draft-ietf-tls-session-hash Henrik Grubbström