Re: [TLS] Issue 49: Finished.verify length
Mike <mike-list@pobox.com> Fri, 14 September 2007 05:38 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IW3su-0006PL-FK; Fri, 14 Sep 2007 01:38:32 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IW3ss-0006Ox-J5 for tls@ietf.org; Fri, 14 Sep 2007 01:38:30 -0400
Received: from rune.pobox.com ([208.210.124.79]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IW3ss-0000QZ-8B for tls@ietf.org; Fri, 14 Sep 2007 01:38:30 -0400
Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id 5D4741342E2 for <tls@ietf.org>; Fri, 14 Sep 2007 01:38:47 -0400 (EDT)
Received: from [192.168.1.8] (wsip-24-234-114-35.lv.lv.cox.net [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id E3AE41342E1 for <tls@ietf.org>; Fri, 14 Sep 2007 01:38:46 -0400 (EDT)
Message-ID: <46EA1E46.6040908@pobox.com>
Date: Thu, 13 Sep 2007 22:38:14 -0700
From: Mike <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: tls@ietf.org
Subject: Re: [TLS] Issue 49: Finished.verify length
References: <20070913183453.D32DD33C21@delta.rtfm.com> <46E9D35F.60904@pobox.com> <20070914040741.3473733C3A@delta.rtfm.com>
In-Reply-To: <20070914040741.3473733C3A@delta.rtfm.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 08170828343bcf1325e4a0fb4584481c
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
> As I recall, the truncation was intended to *increase* security, > because it leaked less information about the MS to an active > attacker. Well, the Finished message follows ChangeCipherSpec, so it is encrypted when the attacker receives it. I was thinking about the other direction where the attacker convinces you (via his Finished message) that a session has been established, making you think it's ok to send your sensitive information, which he can then work offline to try to decode. His Finished message would also have to be correctly encrypted and MAC'ed, so I imagine it would be extremely difficult to forge in any case.... Mike _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Mike
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Mike
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- Re: [TLS] Issue 49: Finished.verify length Bodo Moeller
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Eric Rescorla
- RE: [TLS] Issue 49: Finished.verify length Pasi.Eronen
- Re: [TLS] Issue 49: Finished.verify length Russ Housley