Re: [TLS] TLS1.3
Scott Schmit <i.grok@comcast.net> Sat, 16 February 2013 03:13 UTC
Return-Path: <i.grok@comcast.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3505411E80A3 for <tls@ietfa.amsl.com>; Fri, 15 Feb 2013 19:13:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.437
X-Spam-Level:
X-Spam-Status: No, score=-100.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kyJ-QODXd3OU for <tls@ietfa.amsl.com>; Fri, 15 Feb 2013 19:13:17 -0800 (PST)
Received: from qmta04.westchester.pa.mail.comcast.net (qmta04.westchester.pa.mail.comcast.net [IPv6:2001:558:fe14:43:76:96:62:40]) by ietfa.amsl.com (Postfix) with ESMTP id 600D221F8444 for <tls@ietf.org>; Fri, 15 Feb 2013 19:13:17 -0800 (PST)
Received: from omta21.westchester.pa.mail.comcast.net ([76.96.62.72]) by qmta04.westchester.pa.mail.comcast.net with comcast id 0r2q1l0021ZXKqc54rDGnV; Sat, 16 Feb 2013 03:13:16 +0000
Received: from odin.ulthar.us ([IPv6:2001:470:8c86:0:225:64ff:fe8b:c2f2]) by omta21.westchester.pa.mail.comcast.net with comcast id 0rDE1l00b2Ekl483hrDGA1; Sat, 16 Feb 2013 03:13:16 +0000
Received: from odin.ulthar.us (localhost [127.0.0.1]) by odin.ulthar.us (8.14.5/8.14.5) with ESMTP id r1G3DDIA021164 for <tls@ietf.org>; Fri, 15 Feb 2013 22:13:13 -0500
Received: (from draco@localhost) by odin.ulthar.us (8.14.5/8.14.5/Submit) id r1G3DCuB021163 for tls@ietf.org; Fri, 15 Feb 2013 22:13:12 -0500
Date: Fri, 15 Feb 2013 22:13:12 -0500
From: Scott Schmit <i.grok@comcast.net>
To: tls@ietf.org
Message-ID: <20130216031312.GA21026@odin.ulthar.us>
Mail-Followup-To: tls@ietf.org
References: <20130211152934.ED58A1A542@ld9781.wdf.sap.corp> <20130211153327.6EE941A546@ld9781.wdf.sap.corp>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="gBBFr7Ir9EOA20Yy"
Content-Disposition: inline
In-Reply-To: <20130211153327.6EE941A546@ld9781.wdf.sap.corp>
User-Agent: Mutt/1.5.21 (2010-09-15)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1360984396; bh=+lpOVlWv7tbv5C9M9XZ84Q1qVRH2TKv6VhcdI4lguwE=; h=Received:Received:Received:Received:Date:From:To:Subject: Message-ID:MIME-Version:Content-Type; b=ZqoFLQCavTY7stftyJ5PSMZVarn2V9xxGqs2Stu3x+c1QeQzcU6ILVoOLzdLpVtI0 Si/nmOdREVcIsbW/6nHFsTy/VuwxkJcMw7fybNgx89pJMYvdo6mq0Zyu9Ja1IQryrs PTm/45UKU6v7LsYhEgBKkHKSD++6qU0lV7iv7V7qfQ0zio3XfL8lIqGyuTTcrhgAqP VLK+aR/ib1ZG0leHWCEgTBDS5RAYjbIEwirstSRPc2Ad9EnY+w93FuatagnXnwE7pd YbMR0czMQ9lD1Ts6VJvL9yyGNRaes9opsFEtMmM7maxrNT0Ag6+WDAF0nAU1iLWVS5 IqutJGkYpuDbA==
Subject: Re: [TLS] TLS1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Feb 2013 03:13:18 -0000
On Mon, Feb 11, 2013 at 04:33:27PM +0100, Martin Rex wrote: > Martin Rex wrote: > > > >When the encryption scheme that is used is bijective, then it > > > >will not matter (to the confidentiality of the encryption) > > > >whether AtE or EtA is used, as long as authentication covers the > > > >exact same information in both cases, i.e. *ALL* of it, padding > > > >included. > > > > > > However you do need to to MAC the IV. > > > > Correct. > > Re-thinking it, I believe it would be OK to _not_ cover the CBC-IV in > the AtE, while you *MUST* cover the IV in the EtA case. Look at the CBC decrypt operation again. If I can modify the IV, I can modify the first block of your plaintext. So much for authentication... -- Scott Schmit
- Re: [TLS] TLS1.3 Peter Gutmann
- [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] TLS1.3 Eric Rescorla
- Re: [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] TLS1.3 Paterson, Kenny
- Re: [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 Eric Rescorla
- Re: [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 Dan Harkins
- Re: [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 Peter Gutmann
- Re: [TLS] TLS1.3 Peter Gutmann
- Re: [TLS] TLS1.3 Peter Gutmann
- Re: [TLS] TLS1.3 Peter Gutmann
- Re: [TLS] TLS1.3 Yoav Nir
- Re: [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 David McGrew (mcgrew)
- Re: [TLS] TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] TLS1.3 Paterson, Kenny
- Re: [TLS] TLS1.3 Martin Rex
- Re: [TLS] TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] TLS1.3 Peter Gutmann
- Re: [TLS] TLS1.3 Martin Rex
- Re: [TLS] TLS1.3 Peter Gutmann
- Re: [TLS] TLS1.3 Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 Paterson, Kenny
- Re: [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 Paterson, Kenny
- Re: [TLS] TLS1.3 Yoav Nir
- Re: [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 Lewis, Nick
- Re: [TLS] TLS1.3 Yoav Nir
- Re: [TLS] TLS1.3 Nikos Mavrogiannopoulos
- Re: [TLS] TLS1.3 Martin Rex
- Re: [TLS] TLS1.3 Nico Williams
- Re: [TLS] TLS1.3 Martin Rex
- Re: [TLS] TLS1.3 Russ Housley
- Re: [TLS] TLS1.3 Wan-Teh Chang
- Re: [TLS] TLS1.3 Scott Schmit
- Re: [TLS] TLS1.3 Martin Rex
- Re: [TLS] TLS1.3 Scott Schmit
- Re: [TLS] TLS1.3 Peter Gutmann