IETF Logo Mail Archive

Re: [TLS] WGLC: draft-ietf-tls-session-hash

Stephen Checkoway <s@pahtak.org> Mon, 24 November 2014 00:12 UTC

Return-Path: <s@pahtak.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38E9B1A1B66 for <tls@ietfa.amsl.com>; Sun, 23 Nov 2014 16:12:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GaYtj2yDxB_O for <tls@ietfa.amsl.com>; Sun, 23 Nov 2014 16:12:52 -0800 (PST)
Received: from mail-qc0-f170.google.com (mail-qc0-f170.google.com [209.85.216.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 451781A1B65 for <tls@ietf.org>; Sun, 23 Nov 2014 16:12:52 -0800 (PST)
Received: by mail-qc0-f170.google.com with SMTP id x3so6157568qcv.15 for <tls@ietf.org>; Sun, 23 Nov 2014 16:12:51 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:content-transfer-encoding:message-id:references:to; bh=g34H/cduIQUzTV37YR+GKH/x5HSHWV0smnxAhZW5b8g=; b=WHnuVMTr1GQBlvWUGVOgbZWjiCKDiMYoVu+HNOm1zfG867+f2ZSKqCD+3BNL0pxYi9 3SVld2SR+v4NOYrE6EDqUJfbKmmlHnY5NFBHoT2X1ncu58G1T0QFOoJeMBY55eEJbi7J fhijN5k15RfA6iD+ckLtRmUxM+e143a0IWewQkbkQXLICbrZNoSQnGergmgGVorwokZ/ 9UbC6ghYQ8Zkuqpniq7unggg0cGVtlVtJjTsdPVXxIab2iDrTXTeZaBQDWfTWvKVFdpR b+74YwJroZHfGii37drocTohkTk0DKBGaJzLly5yTwDhYO7VsSSwt17Ww41ZrxgAsWlb au3A==
X-Gm-Message-State: ALoCoQlyOcJAyrcFdOeHN5nVZionvE/MsSCiJoh3QfDYEDLVPq3crOSQeWYMMV2LdILaFS2FwA0e
X-Received: by 10.224.30.74 with SMTP id t10mr25930623qac.8.1416787971432; Sun, 23 Nov 2014 16:12:51 -0800 (PST)
Received: from zbox.pahtak.org ([68.48.196.126]) by mx.google.com with ESMTPSA id o30sm8216327qge.33.2014.11.23.16.12.49 for <tls@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 23 Nov 2014 16:12:50 -0800 (PST)
Received: from [10.0.1.8] (ip-210-102.oberlin.net [208.66.210.102]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by zbox.pahtak.org (Postfix) with ESMTPSA id 11930AC2842 for <tls@ietf.org>; Sun, 23 Nov 2014 19:12:47 -0500 (EST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Stephen Checkoway <s@pahtak.org>
In-Reply-To: <E3E12F78-101D-4BA8-9EFB-53C24362066E@ieca.com>
Date: Sun, 23 Nov 2014 19:12:47 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <0AD24619-98DE-4D23-922A-E856B7B5B279@pahtak.org>
References: <E3E12F78-101D-4BA8-9EFB-53C24362066E@ieca.com>
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/j3ZVo6F7pKKxypge10kcRfQAVrI
Subject: Re: [TLS] WGLC: draft-ietf-tls-session-hash
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2014 00:12:54 -0000

On Nov 23, 2014, at 2:49 PM, Sean Turner <turners@ieca.com> wrote:

> This is the working group last call for http://datatracker.ietf.org/doc/draft-ietf-tls-session-hash/.  Please review the document and send your comments to the list by Friday, December 12, 2014.  

Minor editorial comments:

   Synchronization of the "verify_data" in abbreviated handshakes also
   undermines the security guarantees of the renegotiation indication
   extension [RFC5746], re-enabling a prefix-injection flaw similar to
   the renegotiation attack [Ray09].  However, in a triple handshake
   attack, the client sees the server certificate changing across
   different full handshakes.  Hence, a precondition to mount this stage
   of the attack is that the client accepts different certificates at
   each handshake, even if their common names do not match.  Before the
   triple handshake attack was discovered, this used to be widespread
   behavior, at least among some web browsers, that where hence
   vulnerable to the attack.

1. I think it should be "...accepts different certificates _for_ each handshake..."
2. I'm not entirely sure what the final sentence is saying. It doesn't make sense for "the attack" to refer to the triple handshake attack (which is the most recently mentioned attack). Is it saying that browsers were vulnerable to a prefix-injection attack à la the renegotiation attack (which is referred to as a flaw rather than attack in the paragraph)?
3. "that where hence" should be something else, but I'm not sure what exactly that sentence means.

-- 
Stephen Checkoway

v2.23.0 | Report a Bug | By Email