Re: [TLS] Next steps for draft-agl-tls-padding
Watson Ladd <watsonbladd@gmail.com> Sun, 06 April 2014 21:27 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57FC81A0182 for <tls@ietfa.amsl.com>; Sun, 6 Apr 2014 14:27:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CK_Um6-8RglQ for <tls@ietfa.amsl.com>; Sun, 6 Apr 2014 14:27:44 -0700 (PDT)
Received: from mail-yh0-x233.google.com (mail-yh0-x233.google.com [IPv6:2607:f8b0:4002:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id 3D0B41A02E4 for <tls@ietf.org>; Sun, 6 Apr 2014 14:27:44 -0700 (PDT)
Received: by mail-yh0-f51.google.com with SMTP id f10so5127489yha.10 for <tls@ietf.org>; Sun, 06 Apr 2014 14:27:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=gd1FWk+nwO07/2lNOQNGMLM0cPgqEt+wOXvvMNQAdFg=; b=IxRckMAl8tahy6kZW0XtfBFU0fGmeDkCtX6+rYJ9JBI44w7JJyTOC4SGYPkvSZvsly 9M/Uf2PRS2/s0n2GCnHxzcyvQRTie7be+PSgTVFn/6i86hdwX298pOAuo6IVdW3uzonN xKjKHdpYlozRQvHDLw0ltV9Jr2mU7xiYr2ztUpZPpzJrlUht5WtVKH9jq5eya5WaBvCV HvDyfU5dwbYnB2ZDCSDOGBTSGLo+fNE9gV5PGXYmSwaXGWdmFQhhmi0UG1Fq3vWxqDsO 6hbljvtCxDNeWEodDvPGO/iTprkFKhcBb2Bddbfztig9EInB9vUo/8NuO0Gmvd+y34q8 Ecbg==
MIME-Version: 1.0
X-Received: by 10.236.120.147 with SMTP id p19mr39116411yhh.6.1396819658695; Sun, 06 Apr 2014 14:27:38 -0700 (PDT)
Received: by 10.170.63.197 with HTTP; Sun, 6 Apr 2014 14:27:38 -0700 (PDT)
In-Reply-To: <20140406211750.GA8953@LK-Perkele-VII>
References: <9A043F3CF02CD34C8E74AC1594475C738A3471E5@uxcn10-tdc06.UoA.auckland.ac.nz> <CACsn0c=6j9GTPVkT0pGM4uu8XVmXOEqghU_gjDCVnd92z5kiyA@mail.gmail.com> <20140406211750.GA8953@LK-Perkele-VII>
Date: Sun, 06 Apr 2014 14:27:38 -0700
Message-ID: <CACsn0cm=_pkQeQPMUmcqTWzaP8NvfdpeFPUKCHEy6AikOThv3w@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/nxwayzOgC_yuw5M8SG_LmsDKA74
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Next steps for draft-agl-tls-padding
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Apr 2014 21:27:49 -0000
On Sun, Apr 6, 2014 at 2:17 PM, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote: > On Sun, Apr 06, 2014 at 10:51:05AM -0700, Watson Ladd wrote: >> >> You mean the text on covert channels? I always thought the way to >> avoid covert channels was to use implementations that didn't have >> them. In particularly, ECDSA has a covert channel which cannot be >> closed, and so does OAEP signature. > > You mean can't be verifiably closed? Or something else? All covert channels can be closed by auditing the software. But if I introduce a leak in the nonce bits of ECDSA that is subtle, or encode data I want to exfiltrate in the random padding of OAEP, even with the private key, I cannot detect this. > > AFAIK, there is no ECC-based signature primitive that is > publically deterministic (Ed25519 is no exception to this > rule). > > Of course, ECDSA is rather bad ECC signature scheme as signature > schemes go... > > > -Ilari Sincerely, Watson ladd -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [TLS] Next steps for draft-agl-tls-padding Eric Rescorla
- Re: [TLS] Next steps for draft-agl-tls-padding Russ Housley
- Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
- Re: [TLS] Next steps for draft-agl-tls-padding Daniel Kahn Gillmor
- Re: [TLS] Next steps for draft-agl-tls-padding Andrei Popov
- Re: [TLS] Next steps for draft-agl-tls-padding Martin Rex
- Re: [TLS] Next steps for draft-agl-tls-padding Adam Langley
- Re: [TLS] Next steps for draft-agl-tls-padding Eric Rescorla
- Re: [TLS] Next steps for draft-agl-tls-padding Peter Bowen
- Re: [TLS] Next steps for draft-agl-tls-padding Peter Gutmann
- Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
- Re: [TLS] Next steps for draft-agl-tls-padding Ilari Liusvaara
- Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
- Re: [TLS] Next steps for draft-agl-tls-padding Ilari Liusvaara
- Re: [TLS] Next steps for draft-agl-tls-padding Andrey Jivsov
- Re: [TLS] Next steps for draft-agl-tls-padding Martin Thomson
- Re: [TLS] Next steps for draft-agl-tls-padding Manuel Pégourié-Gonnard
- Re: [TLS] Next steps for draft-agl-tls-padding Watson Ladd
- Re: [TLS] Next steps for draft-agl-tls-padding Andrey Jivsov
- Re: [TLS] Next steps for draft-agl-tls-padding Daniel Kahn Gillmor
- Re: [TLS] Next steps for draft-agl-tls-padding Peter Bowen