Re: [TLS] TLS 1.3 : small fragments attack
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 30 December 2017 05:03 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9387F124BE8 for <tls@ietfa.amsl.com>; Fri, 29 Dec 2017 21:03:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bSpXiPCBWaL0 for <tls@ietfa.amsl.com>; Fri, 29 Dec 2017 21:03:50 -0800 (PST)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DD4E12422F for <tls@ietf.org>; Fri, 29 Dec 2017 21:03:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1514610230; x=1546146230; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=DrA9rVbbuVJo0t2oduDJgdiByqFLMbwrDLWFxrnRgrI=; b=s0gOjX13EejRdjkNke1OEVMu7ZvdZ/DLOhhJmFRUL8lOURNdZ6QI6uHP 03vS1hGs7h7y7dq9suV3ShgOy19QYrOk136moCukzIIQgGacm8YjlTK6E B2aTO/UJl6x/9NEb3J4Cwdq3L4ayZdUm+zscGyOA2Z4oKMUY8yBo7OCUO zSzxeIpPmXsGAFHJ741zRaAvV1ZMvrkJCSEQorv/3Q+UE53Tm261GS5ij YP9dFT7h9+tiXuWbwOutOBmZ2mtmXvKxfZJBx1t9XfgYvhrLG+9dd7AZG hMN4X14rH/1kQjrVJgQtcd9CFV7wESW5kR9ucui6dI1U+32bfworgI114 Q==;
X-IronPort-AV: E=Sophos;i="5.45,478,1508756400"; d="scan'208";a="206582700"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.4 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-tdc-c.UoA.auckland.ac.nz) ([10.6.3.4]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 30 Dec 2017 18:03:42 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-c.UoA.auckland.ac.nz (10.6.3.24) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sat, 30 Dec 2017 18:03:42 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Sat, 30 Dec 2017 18:03:42 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "tls@ietf.org" <tls@ietf.org>, Jitendra Lulla <lullajd@yahoo.com>
Thread-Topic: [TLS] TLS 1.3 : small fragments attack
Thread-Index: AQHTgO80gASsapOtDUK7GtKcpROFZ6NbVTHw
Date: Sat, 30 Dec 2017 05:03:41 +0000
Message-ID: <1514610214269.6873@cs.auckland.ac.nz>
References: <1890717233.6710973.1514584277146.ref@mail.yahoo.com>, <1890717233.6710973.1514584277146@mail.yahoo.com>
In-Reply-To: <1890717233.6710973.1514584277146@mail.yahoo.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mA05YSDGlHIcZini0oU0LohW4-g>
Subject: Re: [TLS] TLS 1.3 : small fragments attack
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Dec 2017 05:03:52 -0000
Jitendra Lulla <lullajd@yahoo.com> writes: >The client can have a rogue TLS implementation with the following intentional >changes: > >0. Choose CBC with AES256-SHA56 or any other heavier (in terms of processing >power requirements) and non paralleliz'able cipher suite. > >1. After the handshake, always send all the TLS records (Application Data) >plain text fragment size which is no greater than 1 Byte. > >2. Always send a padding of max possible or big size (eg 256 Bytes) Apart from (2), that looks like interactive terminal traffic over TLS. The large padding may also be natually sent by an implementation that's trying a bit too hard to hide typing/traffic patterns. Peter.
- [TLS] TLS 1.3 : small fragments attack Jitendra Lulla
- Re: [TLS] TLS 1.3 : small fragments attack Peter Gutmann
- Re: [TLS] TLS 1.3 : small fragments attack Jitendra Lulla
- Re: [TLS] TLS 1.3 : small fragments attack Peter Gutmann
- Re: [TLS] TLS 1.3 : small fragments attack Viktor Dukhovni
- Re: [TLS] TLS 1.3 : small fragments attack Yoav Nir