Re: [TLS] Justification

Stefan Santesson <stefan@aaa-sec.com> Wed, 12 May 2010 19:48 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EC1833A67F0 for <tls@core3.amsl.com>; Wed, 12 May 2010 12:48:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.36
X-Spam-Level:
X-Spam-Status: No, score=-1.36 tagged_above=-999 required=5 tests=[AWL=-0.711, BAYES_50=0.001, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Uq1-e8HVaBT for <tls@core3.amsl.com>; Wed, 12 May 2010 12:48:28 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.94.112]) by core3.amsl.com (Postfix) with ESMTP id 3D17F3A67B5 for <tls@ietf.org>; Wed, 12 May 2010 12:48:25 -0700 (PDT)
Received: from s19.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id A8C8628E8CE for <tls@ietf.org>; Wed, 12 May 2010 21:48:19 +0200 (CEST)
Received: (qmail 6377 invoked from network); 12 May 2010 19:48:09 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.8]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s19.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <mike-list@pobox.com>; 12 May 2010 19:48:09 -0000
User-Agent: Microsoft-Entourage/12.24.0.100205
Date: Wed, 12 May 2010 19:47:57 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: Michael D'Errico <mike-list@pobox.com>, Nicolas Williams <Nicolas.Williams@oracle.com>
Message-ID: <C810B66D.AC68%stefan@aaa-sec.com>
Thread-Topic: [TLS] Justification
Thread-Index: AcryDATy/tY9Qn2pWE6NFJpLj9SshQ==
In-Reply-To: <4BEAFE3A.30600@pobox.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Justification
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2010 19:48:29 -0000

IMO, changing the finished calculation is a bad idea.

Its way more complex to implement than using a secure hash function.
Using a secure hash function binds securely the actual data to the finished
calculation.

I'm still not convinced we have a security problem, but no matter that,
using a secure hash is always simpler than changing the finished
calculation.

This is also why I don't like using URLs, since it increase the argument for
changing the finished calculation.

/Stefan




On 10-05-12 9:15 PM, "Michael D'Errico" <mike-list@pobox.com> wrote:

> Nicolas Williams wrote:
>> 
>> Paul Hoffman proposes an extension to add inputs to the Finished message
>> computation.  There's no objection yet to Paul's proposal on the grounds
>> you state.
> 
> Then perhaps it needs to be taken up as a WG item.
> 
>> In any case, one of the problems with the caching extension as proposed
>> result from not binding the cached objects to the Finished message,
>> which at the very least complicates the security analysis of the
>> protocol, and possibly compromises it altogether.  We MUST NOT make the
>> same mistakes we've made before.
> 
> Certainly.  I agree that using the hash value in place of the
> actual data could be a huge problem.  Putting the actual data
> into the Finished computation probably fixes it.  But the need
> to do this takes away all the enthusiasm I originally had for
> the cached-info optimization.
> 
> Mike
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls