Re: [TLS] Serious crypto problem fixed by envelope HMAC methodinstead of currently used prefix
"Steven M. Bellovin" <smb@cs.columbia.edu> Mon, 27 November 2006 19:52 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GomWp-0007sz-VT; Mon, 27 Nov 2006 14:52:35 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GomWp-0007sC-1F for TLS@lists.ietf.org; Mon, 27 Nov 2006 14:52:35 -0500
Received: from machshav.com ([147.28.0.16]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GomWn-0002FM-J5 for TLS@lists.ietf.org; Mon, 27 Nov 2006 14:52:35 -0500
Received: by machshav.com (Postfix, from userid 512) id 209BBFB513; Mon, 27 Nov 2006 19:52:33 +0000 (UTC)
Received: from berkshire.machshav.com (localhost [127.0.0.1]) by machshav.com (Postfix) with ESMTP id 41EE0FB46D; Mon, 27 Nov 2006 19:52:32 +0000 (UTC)
Received: by berkshire.machshav.com (Postfix, from userid 54047) id 325A23C06EB; Mon, 27 Nov 2006 14:52:31 -0500 (EST)
Date: Mon, 27 Nov 2006 14:52:31 -0500
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Blumenthal, Uri" <uri.blumenthal@intel.com>
Subject: Re: [TLS] Serious crypto problem fixed by envelope HMAC methodinstead of currently used prefix
In-Reply-To: <279DDDAFA85EC74C9300A0598E704056FE74AC@hdsmsx412.amr.corp.intel.com>
References: <279DDDAFA85EC74C9300A0598E704056FE74AC@hdsmsx412.amr.corp.intel.com>
Organization: Columbia University
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; i386--netbsdelf)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Message-Id: <20061127195231.325A23C06EB@berkshire.machshav.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 93238566e09e6e262849b4f805833007
Cc: TLS@lists.ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
On Mon, 27 Nov 2006 14:31:04 -0500 "Blumenthal, Uri" <uri.blumenthal@intel.com> wrote: > >> SSLv3 used a variant of the original HMAC (pre-2104). > >> IIRC, SSLv2 didn't use HMAC and *did* have an extension > >> attack, but that's hardly our problem at this point. > > > > But does SSL v2 has the lenth field protection > > (as we discussed) against an extension attack? > > Can somebody send me the function used in SSL v2? > > As SSLv2 is a technically-dead protocol (that is not thrown out from > the code only for compatibility reasons), how relevant is it now??? > Agreed. SSLv2 has other flaws beyond that. Besides, if memory serves, IE7 doesn't include it, which means that it's quite irrelevant going forward. Finally -- we're defining TLS versions; we're not trying to repair flaws in SSLv2 or even v3. I don't see the relevance of the question to this WG. --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- RE: [TLS] Serious crypto problem fixed by envelop… Peter Williams
- RE: [TLS] Serious crypto problem fixed by envelop… Jan Mikkelsen
- RE: [TLS] Serious crypto problem fixed by envelop… Blumenthal, Uri
- Re: [TLS] Serious crypto problem fixed by envelop… Steven M. Bellovin