Re: [TLS] Rizzo claims implementation attach, should be interesting

Nico Williams <> Wed, 21 September 2011 02:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6A00B21F8BE8 for <>; Tue, 20 Sep 2011 19:38:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.653
X-Spam-Status: No, score=-2.653 tagged_above=-999 required=5 tests=[AWL=-0.676, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WNp1v2AhM2sB for <>; Tue, 20 Sep 2011 19:38:42 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id E861821F8BDC for <>; Tue, 20 Sep 2011 19:38:42 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 5B5F0202018 for <>; Tue, 20 Sep 2011 19:41:10 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s=; b=ynZCMxuOVRp973h4IW9X8a90g9+p2pD1V9zr6ULyEz/v k81uWcZKCHupP4sXpo32in672VpEXI/qFYfqBtfwwlNWCwXMUOyCuUMmEV5HCtts bqRRha5Q86k/GRKLIwpCi1JQhVQg6quKRU3lJKht0JgAU9IYeVvwXy63n7QY4Ws=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s=; bh=MMObEYnDUZuBQDN0m9tAJq26rlQ=; b=TynmyZFk0sR mQgeJvwvbg7pPleR0ner8SQVFMGgXt1oYkIjKv6q6T4Z1OHnmBhCaxMMldR6J+vt GzMRJFVGQ6D3sC1bPp6Qvp9HfQ+t8cJ9Tl5zmJ4PVY/UeIwguusTL2w2mBdziCz8 d98h0IXz0ycmu9W/ALawCVdVM6kSJ0tE=
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id 3329B202017 for <>; Tue, 20 Sep 2011 19:41:10 -0700 (PDT)
Received: by pzk37 with SMTP id 37so895284pzk.9 for <>; Tue, 20 Sep 2011 19:41:09 -0700 (PDT)
MIME-Version: 1.0
Received: by with SMTP id g1mr578913pbk.399.1316572869946; Tue, 20 Sep 2011 19:41:09 -0700 (PDT)
Received: by with HTTP; Tue, 20 Sep 2011 19:41:09 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Tue, 20 Sep 2011 21:41:09 -0500
Message-ID: <>
From: Nico Williams <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [TLS] Rizzo claims implementation attach, should be interesting
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 21 Sep 2011 02:38:43 -0000

On Tue, Sep 20, 2011 at 8:42 PM, Martin Rex <> wrote:
> But that would also suggest that BEAST is not attacking the
> Cookie from the Server response, but instead the cookie from a
> client request.  (If the browser automatically inserts the cookie into
> arbitrary requests issued by the attackers malware, then this would
> mean that a serious Cross-Site-Request-Forgery problem in the browser
> is a prerequisite for the BEAST attack to succeed.

It's almost certainly the case that BEAST works by adding an IMG
element to a page where one of its scripts can run, with the IMG
referring to a resource on the service that the attacker wants to
steal cookies to, with the script and the eavesdropper working to
attack the GET of the IMG src to extract any cookies from the GET
request.  At least that's how I imagine it to work.  So, yes, that
would be the client request that's getting attacked.

We'll find out soon enough.