Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS
Andrei Popov <Andrei.Popov@microsoft.com> Fri, 15 December 2017 19:25 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 714DE12706D for <tls@ietfa.amsl.com>; Fri, 15 Dec 2017 11:25:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4d8mnv7P19ie for <tls@ietfa.amsl.com>; Fri, 15 Dec 2017 11:25:22 -0800 (PST)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0122.outbound.protection.outlook.com [104.47.41.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35482126C19 for <tls@ietf.org>; Fri, 15 Dec 2017 11:25:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ZIpVIZvtVFmQPj3EVTUxQ3x2VeehYxbHw5Ya4I52drs=; b=a7CjElXBCNqwikJkxOd0vFBEXLYCT1x14hcfZzfTfMR5MYhnK6V6Dg+HgV+AImHJNN8EAKN2UAUjOoBtTGLQOlRz8h7O0FUnAmeB6cR2A3PFrf7MjJhHiVf3rN6Gy9khWuAMwCAAseXhohfQKPA5Uxn3nGGUCoES9aMtI47E4gE=
Received: from MWHPR21MB0189.namprd21.prod.outlook.com (10.173.52.135) by MWHPR21MB0768.namprd21.prod.outlook.com (10.173.51.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.345.3; Fri, 15 Dec 2017 19:25:20 +0000
Received: from MWHPR21MB0189.namprd21.prod.outlook.com ([10.173.52.135]) by MWHPR21MB0189.namprd21.prod.outlook.com ([10.173.52.135]) with mapi id 15.20.0345.002; Fri, 15 Dec 2017 19:25:20 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Tim Hollebeek <tim.hollebeek@digicert.com>, Ilari Liusvaara <ilariliusvaara@welho.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS
Thread-Index: AQHTdSqavAlrna8BzEyYxpCWE2aK26NDc+uAgAAd44CAAARHAIAAATeAgADhAoCAAAcvAIAAL3IAgAAF0ACAAAGYgIAAAKyAgAAFUACAAADZAIAAA3iAgAAGwACAAAHlUA==
Date: Fri, 15 Dec 2017 19:25:20 +0000
Message-ID: <MWHPR21MB0189419E69BD53F735C55FFC8C0B0@MWHPR21MB0189.namprd21.prod.outlook.com>
References: <20171215020116.04f9ae15@pc1> <CAAF6GDe79w9XH1GrGvvR-+=uEKfi6GczacUX3Jhy0dL_zW67-Q@mail.gmail.com> <20171215143057.GA17121@LK-Perkele-VII> <MWHPR21MB01897F29048C1B2AB66EA7488C0B0@MWHPR21MB0189.namprd21.prod.outlook.com> <20171215174628.GA17601@LK-Perkele-VII> <CABcZeBOsL0a0xHvVWEus_EY3mUNioaV9fsz89Gt+HeqdHpoyDw@mail.gmail.com> <CACsn0ckYPpp5nD2jj4Zmx=ZJvqWzHW0tmmXo-9JeKL45+pRUqw@mail.gmail.com> <CABcZeBPPozOsTxxJO63RmHwTr56Wucx6OYW=kvvhosRUHR1ctA@mail.gmail.com> <20171215183424.GA17780@LK-Perkele-VII> <MWHPR21MB01893A20A8D0812E880926568C0B0@MWHPR21MB0189.namprd21.prod.outlook.com> <20171215184951.GB17780@LK-Perkele-VII> <DM5PR14MB1289FA656DB8D87DCA0B355F830B0@DM5PR14MB1289.namprd14.prod.outlook.com>
In-Reply-To: <DM5PR14MB1289FA656DB8D87DCA0B355F830B0@DM5PR14MB1289.namprd14.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:5::4ca]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR21MB0768; 6:dt9eqERHTkGTHpOTqenYb2Nef2yFH8Kq3k1PUZsIUG2kE57GHZvQFMg7JqcBlMFGxueHo76UFOTmq3Y0yq8UozQ/jB2OlJqYT2iNYT9Gy52qSPdZSckNDTvZ0U6J9cbvoBlWZATxd9KWGXt7tR3y0FwAyxMyf0HZK80h2/F0t+yDMIiA722DgAmgC4nXN6GTZalzeKIx4CnG+KgUVl+DfOOghlKLFhuqya4ZSW45KduvmhqQYL/xDHSHqQSydbVXHAnQOrSw6kZyj2gXVhbkGOBAxMOAjZQIHwRGl6t7yuu8VDtXkem7el6MBhgE8C3AQlfeiGGIboKASo5zr12Re8PJIqmmg/PodyEuAhK+Pmc=; 5:Ulztf45ojdFBJLiynXRy/kucUJOywW+/HKH7osq1bM/WJ6PKoskL6BL6uziVuSP1f4M3DwfaCFn7Ie0w5+ww6Y+jM19sMPX665nW3idvlZ8BYDmx5sVo6xaNl0cDDOFCndopq49Tr4QFMNmXmGPf0yZqwjm9A5qELQ8NwbIWV4o=; 24:k0MCeEmHEjNAuwqSgx7zFgaz2EnlgoiFvRVIXtJdRgBUIKmO1bIgfG2v5PQ1toyt+Hqx7nBxAUcM6DHJUHwlAT8XRbO6b4XGTnK6U7CkOKw=; 7:i9bo7aqqpL1frFhKQ4Uh0jVWHERk1xy0NNmp5N4EqP67FvgtY8bqt1+MAVfb6CvPr3Wjmr5f410ACBjUDqy2Yr6JuvSyqzfKHgoHoGDWKd4YYqkIwEeIASr5WmR7e0nsFwzmcghlbgPOzbzIvSxnUQifANU0ivTLsOrYHz4QAHgkss8WouxllWfi6Z6erC2iVF/MzPe8K+wDHhskWPlMu5C8q1s5tT8qfWyBTn8+2vlN2B9XN6UvYSEGb/u2scY0
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 0a41c4a6-a1b0-42ed-84bd-08d543f194ae
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603307); SRVR:MWHPR21MB0768;
x-ms-traffictypediagnostic: MWHPR21MB0768:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-microsoft-antispam-prvs: <MWHPR21MB0768E0A86AABB9DD1A74D7218C0B0@MWHPR21MB0768.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231023)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123560025)(20161123555025)(20161123562025)(201703131423075)(201703011903075)(201702281528075)(201703061421075)(20161123564025)(20161123558100)(6072148)(201708071742011); SRVR:MWHPR21MB0768; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:MWHPR21MB0768;
x-forefront-prvs: 05220145DE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7966004)(376002)(39860400002)(366004)(346002)(396003)(199004)(189003)(10090500001)(93886005)(9686003)(6506007)(2950100002)(7696005)(76176011)(68736007)(106356001)(14454004)(97736004)(72206003)(508600001)(53936002)(6116002)(8990500004)(2900100001)(4326008)(5660300001)(316002)(3660700001)(22452003)(2906002)(99286004)(110136005)(59450400001)(8936002)(25786009)(102836003)(6246003)(3280700002)(86612001)(86362001)(33656002)(81166006)(8676002)(81156014)(7736002)(74316002)(305945005)(105586002)(77096006)(55016002)(229853002)(6436002)(10290500003)(29543002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0768; H:MWHPR21MB0189.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0a41c4a6-a1b0-42ed-84bd-08d543f194ae
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Dec 2017 19:25:20.2031 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0768
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lWYHEr8NhjzAa4svagabri6ItqE>
Subject: Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Dec 2017 19:25:24 -0000
> Ideally, you'd want certificates to be able to have two signatures during > the transition period, in order to support clients who have transitioned and > those who have not. > Hosting multiple certificates and switching based on the client is feasible, > but requires some technical wizardry and isn't possible in all situations. For my understanding, why is the former (double-signed certs, where either signature is trusted) better than the latter (multiple certs with different algorithms)? The latter is currently supported by some TLS servers. Cheers, Andrei
- [TLS] A closer look at ROBOT, BB Attacks, timing … Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Watson Ladd
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hanno Böck
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Yoav Nir
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Nikos Mavrogiannopoulos
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Kathleen Moriarty
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hanno Böck
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Eric Rescorla
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Watson Ladd
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Eric Rescorla
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Eric Rescorla
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Tim Hollebeek
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Andrei Popov
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Tim Hollebeek
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Martin Rex
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Martin Rex
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Peter Gutmann
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Ilari Liusvaara
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Hubert Kario
- Re: [TLS] A closer look at ROBOT, BB Attacks, tim… Colm MacCárthaigh