Re: [TLS] Encrypt-then-MAC again (was Re: padding bug)
Watson Ladd <watsonbladd@gmail.com> Thu, 28 November 2013 17:15 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BDCF1AE17D for <tls@ietfa.amsl.com>; Thu, 28 Nov 2013 09:15:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BrH8sFGMHLf for <tls@ietfa.amsl.com>; Thu, 28 Nov 2013 09:15:39 -0800 (PST)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) by ietfa.amsl.com (Postfix) with ESMTP id 12EB61AE058 for <tls@ietf.org>; Thu, 28 Nov 2013 09:15:38 -0800 (PST)
Received: by mail-wi0-f177.google.com with SMTP id cc10so1109085wib.16 for <tls@ietf.org>; Thu, 28 Nov 2013 09:15:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=PONZC1vfjf6959rHp98SJRpr9gSSnf3DcXZAG8YeGyU=; b=gSHVWc7rNZyRnLv5l/P1uen+2gNFAUrbPS9efp3t1We/v2De2fTai+An0DZhawqKGz n7VUFbVkC2yJVBEpuAoV3TVx2uEywIMFWhdX8crSyfELh91HiQiaCHLuzebDVSn3TI0q yW+jCJ2yrmuRH1cc3O+Ahc/nTrVJb93W74cDo6QBTsd00iSYBcGA5fmovwpt2adSwYSe Z1/w93G8NoYbbY0h+Lln+SY3ekqhylCBPQo1mGRCWFHFccvvf3/tQROYipUHvdUMadHy b8bHdFIM14dfOlIrPyuSNnGKqcNNgJRg+MIs7eqtLsmz4IuM/HoO7v7554LO7zETy/Yv dXXg==
MIME-Version: 1.0
X-Received: by 10.180.101.230 with SMTP id fj6mr3300508wib.58.1385658937735; Thu, 28 Nov 2013 09:15:37 -0800 (PST)
Received: by 10.194.242.131 with HTTP; Thu, 28 Nov 2013 09:15:37 -0800 (PST)
In-Reply-To: <CABcZeBP77fwR8Rwv9me4PuGza7ec9cU-JbsMUOxHbpV0ULYOqA@mail.gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C7365420C29@uxcn10-6.UoA.auckland.ac.nz> <CABcZeBP77fwR8Rwv9me4PuGza7ec9cU-JbsMUOxHbpV0ULYOqA@mail.gmail.com>
Date: Thu, 28 Nov 2013 09:15:37 -0800
Message-ID: <CACsn0ckAoQeo_rP0K4XONahzXp_kxLo8LxZMv8wjxr-dL+q_=A@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "<tls@ietf.org>" <tls@ietf.org>, Peter Gutmann <p.gutmann@auckland.ac.nz>
Subject: Re: [TLS] Encrypt-then-MAC again (was Re: padding bug)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2013 17:15:41 -0000
On Thu, Nov 28, 2013 at 7:02 AM, Eric Rescorla <ekr@rtfm.com> wrote: > On Thu, Nov 28, 2013 at 3:32 AM, Peter Gutmann <p.gutmann@auckland.ac.nz> wrote: >> Michael D'Errico <mike-list@pobox.com> writes: >> >>>In trying to figure out what's stalling the encrypt-then-mac draft >> >> What's stalling the draft is that the WG chairs refuse to accept it, and >> nothing else. > > Peter, > > This topic was discussed at the TLS WG meeting in Vancouver > (since you declined to attend, Joe Salowey provided a brief > description of the two options). Your proposed approach > had no support in the room. You can find the minutes here: > > http://tools.ietf.org/wg/tls/minutes?item=minutes-88-tls.html > > So, while there has been some support on the list, I don't > believe that this supports the claim that there is rough > consensus for this draft. Where are the opponents on the list? Anyone can hum, but I would like to see them put their names and reasons down. I personally think we should have a ciphersuitedammerung in which everything but AES-GCM is depreciated, and adding encrypt-then-mac isn't worth it, so I probably would have opposed it: it adds complexity at no gain. Then again my hopes have been crushed again and again. But as chair you have failed consistently to ensure that the list reflects the decision making process. You are directly responsible for endorsing drafts with known security issues, and have failed to articulate a clear direction forwards for this WG. You have placed users and their security below the convenience of vendors, presiding over the expansion of a smorgasbord of options so that everyone can claim to support TLS 1.2, without providing an iota of security or interoperability. Anyone can extend TLS and get your approval, so long as it doesn't improve security or have a chance of actually getting used. (See SRP and PWD). What have the past 14 years done for us in terms of improvements to TLS? Sincerely, Watson > > With that said, if you're unhappy with the performance of the > chairs, you should reach out to the Security ADs > (sec-ads@tools.ietf.org) > > Best. > -Ekr > [Speaking as Chair] > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Peter Gutmann
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Eric Rescorla
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Watson Ladd
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Juho Vähä-Herttua
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Bodo Moeller
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Bodo Moeller
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Juho Vähä-Herttua
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Robert Ransom
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Watson Ladd
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Juho Vähä-Herttua
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Taylor Hornby
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Watson Ladd
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Alfredo Pironti
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Paterson, Kenny
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Alfredo Pironti
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Watson Ladd
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Alfredo Pironti
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Wan-Teh Chang
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Paterson, Kenny
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Nikos Mavrogiannopoulos
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Paterson, Kenny
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Watson Ladd
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Martin Rex
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Peter Gutmann
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Peter Gutmann
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Peter Gutmann
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Peter Gutmann
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Trevor Perrin
- Re: [TLS] Encrypt-then-MAC again (was Re: padding… Watson Ladd