Re: [TLS] Also, on client-random and server-random

Adam Langley <agl@google.com> Wed, 03 February 2010 10:16 UTC

Return-Path: <agl@google.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 334C73A6C02 for <tls@core3.amsl.com>; Wed, 3 Feb 2010 02:16:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.977
X-Spam-Level:
X-Spam-Status: No, score=-101.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ih7+v5H92MFs for <tls@core3.amsl.com>; Wed, 3 Feb 2010 02:16:09 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id 38AA43A6C01 for <tls@ietf.org>; Wed, 3 Feb 2010 02:16:09 -0800 (PST)
Received: from kpbe14.cbf.corp.google.com (kpbe14.cbf.corp.google.com [172.25.105.78]) by smtp-out.google.com with ESMTP id o13AGngd016719 for <tls@ietf.org>; Wed, 3 Feb 2010 02:16:49 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1265192210; bh=0+HQO4DIS/OD6L0+/0b8PWMd2Zs=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=UCCYPtJvLak9v8wV3HelCPeVuX4rKyarUVaxOe0wIPdaJ3ARjmMLjqs8dCKZUjT4m AcJhIk10hgvh0XBdwbJjQ==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:x-system-of-record; b=x3wQefL0X+t97n33IjTSMP/kskadmDW2OkskK9HB6m3hOx9mlBBeQFjC3MXIwoa13 aOvunz1BKJKK1uYW5vPQA==
Received: from pzk31 (pzk31.prod.google.com [10.243.19.159]) by kpbe14.cbf.corp.google.com with ESMTP id o13AGSKR000301 for <tls@ietf.org>; Wed, 3 Feb 2010 02:16:48 -0800
Received: by pzk31 with SMTP id 31so1311856pzk.1 for <tls@ietf.org>; Wed, 03 Feb 2010 02:16:48 -0800 (PST)
MIME-Version: 1.0
Received: by 10.142.202.14 with SMTP id z14mr1404068wff.248.1265192208606; Wed, 03 Feb 2010 02:16:48 -0800 (PST)
In-Reply-To: <3561bdcc1002022022l1734b663wd8cfdb29d9be899@mail.gmail.com>
References: <3561bdcc1002022022l1734b663wd8cfdb29d9be899@mail.gmail.com>
Date: Wed, 3 Feb 2010 05:16:48 -0500
Message-ID: <a84d7bc61002030216p378256b1q308b6d7e8bc84b02@mail.gmail.com>
From: Adam Langley <agl@google.com>
To: Ravi Ganesan <ravi@findravi.com>
Content-Type: text/plain; charset=UTF-8
X-System-Of-Record: true
Cc: tls@ietf.org
Subject: Re: [TLS] Also, on client-random and server-random
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2010 10:16:10 -0000

On Tue, Feb 2, 2010 at 11:22 PM, Ravi Ganesan <ravi@findravi.com> wrote:
> FWIW, in my deconstruction of why these values exist, it seemed to me
> that if you ran the full handshake with only the server-random [...] you were ok

Consider a TLS connection using DH that I just sniffed from the network.

If there's no client random then what stops me from intercepting
future connections from the same client, to the same server and
replaying the server's side to the client? The server random would be
the same, as would the DH value and signature. I think, from a quick
thought experiment, that the master secret would end up the same and
the client would accept it. There's no reason that the client is
required to use a different DH public value.


AGL