Re: [TLS] Duong and Rizzo, the actual attack
Florian Weimer <fweimer@bfk.de> Sat, 01 October 2011 16:19 UTC
Return-Path: <fweimer@bfk.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 433A021F8FC9 for <tls@ietfa.amsl.com>; Sat, 1 Oct 2011 09:19:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.943
X-Spam-Level:
X-Spam-Status: No, score=-1.943 tagged_above=-999 required=5 tests=[AWL=0.306, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9LkaylQVkB1w for <tls@ietfa.amsl.com>; Sat, 1 Oct 2011 09:19:47 -0700 (PDT)
Received: from mx01.bfk.de (mx01.bfk.de [193.227.124.2]) by ietfa.amsl.com (Postfix) with ESMTP id 23C3A21F8F87 for <tls@ietf.org>; Sat, 1 Oct 2011 09:19:47 -0700 (PDT)
Received: from mx00.int.bfk.de ([10.119.110.2]) by mx01.bfk.de with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) id 1RA2Kn-0004zM-Sm; Sat, 01 Oct 2011 16:22:41 +0000
Received: by bfk.de with local id 1RA2Kn-0003He-Pu; Sat, 01 Oct 2011 16:22:41 +0000
From: Florian Weimer <fweimer@bfk.de>
To: Eric Rescorla <ekr@rtfm.com>
References: <F6D1CEF0-0859-4DD2-A22E-CF8CDDF7E629@vpnc.org> <CABcZeBOw8SveKsQzK2oCY62n75XuQC3XVr-e5WJpC4a9Pe-C7g@mail.gmail.com>
Date: Sat, 01 Oct 2011 16:22:41 +0000
In-Reply-To: <CABcZeBOw8SveKsQzK2oCY62n75XuQC3XVr-e5WJpC4a9Pe-C7g@mail.gmail.com> (Eric Rescorla's message of "Fri, 23 Sep 2011 18:00:10 -0700")
Message-ID: <82sjncsmum.fsf@mid.bfk.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, tls@ietf.org
Subject: Re: [TLS] Duong and Rizzo, the actual attack
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Oct 2011 16:19:48 -0000
* Eric Rescorla: > I'm also not Adam Langley, but here's my writeup: > http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html I think a semi-passive eavesdropper (which is present under this threat model) can bypass the same-origin protection in practically all cases. An attacker which can route requests through the browser and can otherwise only observe traffic, but not inject it, seems a rather unrealistic scenario to me. If you can observe traffic, clairvoyant DNS spoofing should be possible, and with that, SOP falls completely. The Oracle browser plugin for Java some folks seem to concentrate on is probably not that relevant. Anyway, is there are full writeup? The copies of the paper I've seen still has many blank sections. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
- [TLS] Duong and Rizzo, the actual attack Paul Hoffman
- Re: [TLS] Duong and Rizzo, the actual attack Eric Rescorla
- Re: [TLS] Duong and Rizzo, the actual attack Florian Weimer