Re: [TLS] Issue 49: Finished.verify length

Mike <mike-list@pobox.com> Fri, 14 September 2007 05:38 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IW3su-0006PL-FK; Fri, 14 Sep 2007 01:38:32 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IW3ss-0006Ox-J5 for tls@ietf.org; Fri, 14 Sep 2007 01:38:30 -0400
Received: from rune.pobox.com ([208.210.124.79]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IW3ss-0000QZ-8B for tls@ietf.org; Fri, 14 Sep 2007 01:38:30 -0400
Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id 5D4741342E2 for <tls@ietf.org>; Fri, 14 Sep 2007 01:38:47 -0400 (EDT)
Received: from [192.168.1.8] (wsip-24-234-114-35.lv.lv.cox.net [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id E3AE41342E1 for <tls@ietf.org>; Fri, 14 Sep 2007 01:38:46 -0400 (EDT)
Message-ID: <46EA1E46.6040908@pobox.com>
Date: Thu, 13 Sep 2007 22:38:14 -0700
From: Mike <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: tls@ietf.org
Subject: Re: [TLS] Issue 49: Finished.verify length
References: <20070913183453.D32DD33C21@delta.rtfm.com> <46E9D35F.60904@pobox.com> <20070914040741.3473733C3A@delta.rtfm.com>
In-Reply-To: <20070914040741.3473733C3A@delta.rtfm.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 08170828343bcf1325e4a0fb4584481c
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

> As I recall, the truncation was intended to *increase* security,
> because it leaked less information about the MS to an active
> attacker.

Well, the Finished message follows ChangeCipherSpec, so it is
encrypted when the attacker receives it.  I was thinking about
the other direction where the attacker convinces you (via his
Finished message) that a session has been established, making
you think it's ok to send your sensitive information, which
he can then work offline to try to decode.  His Finished
message would also have to be correctly encrypted and MAC'ed,
so I imagine it would be extremely difficult to forge in any
case....

Mike

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls