Re: [TLS] Comments on TLS identity protection
<home_pw@msn.com> Fri, 29 December 2006 17:52 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H0LuC-0007i7-Kc; Fri, 29 Dec 2006 12:52:32 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H0LuC-0007i0-71 for tls@ietf.org; Fri, 29 Dec 2006 12:52:32 -0500
Received: from bay0-omc1-s36.bay0.hotmail.com ([65.54.246.108]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H0LuA-0002NU-PT for tls@ietf.org; Fri, 29 Dec 2006 12:52:32 -0500
Received: from hotmail.com ([65.54.174.86]) by bay0-omc1-s36.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 29 Dec 2006 09:52:30 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 29 Dec 2006 09:52:30 -0800
Message-ID: <BAY103-DAV14881C12253AFFE73420B992C60@phx.gbl>
Received: from 69.227.152.254 by BAY103-DAV14.phx.gbl with DAV; Fri, 29 Dec 2006 17:52:29 +0000
X-Originating-IP: [69.227.152.254]
X-Originating-Email: [home_pw@msn.com]
X-Sender: home_pw@msn.com
From: home_pw@msn.com
To: martin.rex@sap.com
References: <200612281259.NAA28445@uw1048.wdf.sap.corp>
Subject: Re: [TLS] Comments on TLS identity protection
Date: Fri, 29 Dec 2006 09:52:43 -0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail desktop 8.0.1223
X-MimeOLE: Produced By Microsoft MimeOLE V8.0.1223
X-OriginalArrivalTime: 29 Dec 2006 17:52:30.0222 (UTC) FILETIME=[1C2B62E0:01C72B72]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
TLS does indeed forbid the _negotiation_ of this defined ciphersuite. (This is why I phrased my claim in terms of SSLv3, which allows it. Furthermore, for a mixed TLS/SSL protocol entity, completeness demands the feature be negotiable, for certain versions) So the claims of all 3 parties are true :-) But we are not yet getting to the crux. Regardless of the modes under which NULL MAC is negotiated/conforming, it exists. It properly exists, furthermore. (A decent conformance checker should be testing for it.) In SSLv3 one can choose to changeCipherSuite to a null encryption and null mac state, and merely use the fragmentation, sequencing and reassembly functions of the SSL protocol machine. (Nothing in SSLv3 states how the seq_num is calculated , note. It can be simple or fancy (provided it starts at zero, when the connection state is initialized or assigned).) In TLS, one can define and negotiate a local ciphersuite that does the same, of course. PC->server does TLS RSA handshake and Netscape privacy-enhanced step-up renegotiation (from Eric's book). Server->PC initiates a tunelled SSL_NULL_WITH_NULL_NULL handshake, to negotiate a SSL_NULL_WITH_NULL_NULL SSL Connection that gives us a record layer protocol with variable-length framing, alerts and the ClientHello-signalled type-extensibility (over a reliable bearer known as the outer TLS Connection). This is all very useful! ----- Original Message ----- From: "Martin Rex" <martin.rex@sap.com> To: <ekr@networkresonance.com> Cc: <home_pw@msn.com>; <tls@ietf.org> Sent: Thursday, December 28, 2006 4:59 AM Subject: Re: [TLS] Comments on TLS identity protection > EKR wrote: >> >> Yes, but TLS explicitly forbids you to negotiate this algorithm >> (i.e., it's only useful for performing the handshake). >> >> TLS_NULL_WITH_NULL_NULL is specified and is the initial state of a >> TLS connection during the first handshake on that channel, but must >> not be negotiated, as it provides no more protection than an >> unsecured connection. >> >> So, it's basically a different way of expressing "do your first >> handshake in the clear". > > TLS_NULL_WITH_NULL_NULL does not provide per-message MAC. > It is sort-of a hack for the SSL protocol engine to cover > the initial phase when there is not yet a shared secret. > > It is OK to use for the messages of the SSL handshake -- which > do not need a per-message MAC as they're protected by the > full handshake MAC of the Finished messages. > > -Martin > _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection badra
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Kyle Hamilton
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- RE: [TLS] Comments on TLS identity protection Peter Williams
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection Bodo Moeller
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection badra
- RE: [TLS] Comments on TLS identity protection Pasi.Eronen
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection badra
- Re: [TLS] Comments on TLS identity protection Eric Rescorla
- Re: [TLS] Comments on TLS identity protection badra
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection Badra
- Re: [TLS] Comments on TLS identity protection Omirjan Batyrbaev
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection Martin Rex
- RE: [TLS] Comments on TLS identity protection Peter Williams
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection Martin Rex
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection home_pw
- Re: [TLS] Comments on TLS identity protection EKR
- Re: [TLS] Comments on TLS identity protection home_pw