Re: [TLS] Encrypt-then-MAC again (was Re: padding bug)

Watson Ladd <watsonbladd@gmail.com> Thu, 28 November 2013 17:15 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BDCF1AE17D for <tls@ietfa.amsl.com>; Thu, 28 Nov 2013 09:15:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BrH8sFGMHLf for <tls@ietfa.amsl.com>; Thu, 28 Nov 2013 09:15:39 -0800 (PST)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) by ietfa.amsl.com (Postfix) with ESMTP id 12EB61AE058 for <tls@ietf.org>; Thu, 28 Nov 2013 09:15:38 -0800 (PST)
Received: by mail-wi0-f177.google.com with SMTP id cc10so1109085wib.16 for <tls@ietf.org>; Thu, 28 Nov 2013 09:15:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=PONZC1vfjf6959rHp98SJRpr9gSSnf3DcXZAG8YeGyU=; b=gSHVWc7rNZyRnLv5l/P1uen+2gNFAUrbPS9efp3t1We/v2De2fTai+An0DZhawqKGz n7VUFbVkC2yJVBEpuAoV3TVx2uEywIMFWhdX8crSyfELh91HiQiaCHLuzebDVSn3TI0q yW+jCJ2yrmuRH1cc3O+Ahc/nTrVJb93W74cDo6QBTsd00iSYBcGA5fmovwpt2adSwYSe Z1/w93G8NoYbbY0h+Lln+SY3ekqhylCBPQo1mGRCWFHFccvvf3/tQROYipUHvdUMadHy b8bHdFIM14dfOlIrPyuSNnGKqcNNgJRg+MIs7eqtLsmz4IuM/HoO7v7554LO7zETy/Yv dXXg==
MIME-Version: 1.0
X-Received: by 10.180.101.230 with SMTP id fj6mr3300508wib.58.1385658937735; Thu, 28 Nov 2013 09:15:37 -0800 (PST)
Received: by 10.194.242.131 with HTTP; Thu, 28 Nov 2013 09:15:37 -0800 (PST)
In-Reply-To: <CABcZeBP77fwR8Rwv9me4PuGza7ec9cU-JbsMUOxHbpV0ULYOqA@mail.gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C7365420C29@uxcn10-6.UoA.auckland.ac.nz> <CABcZeBP77fwR8Rwv9me4PuGza7ec9cU-JbsMUOxHbpV0ULYOqA@mail.gmail.com>
Date: Thu, 28 Nov 2013 09:15:37 -0800
Message-ID: <CACsn0ckAoQeo_rP0K4XONahzXp_kxLo8LxZMv8wjxr-dL+q_=A@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset=UTF-8
Cc: "<tls@ietf.org>" <tls@ietf.org>, Peter Gutmann <p.gutmann@auckland.ac.nz>
Subject: Re: [TLS] Encrypt-then-MAC again (was Re: padding bug)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2013 17:15:41 -0000

On Thu, Nov 28, 2013 at 7:02 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> On Thu, Nov 28, 2013 at 3:32 AM, Peter Gutmann <p.gutmann@auckland.ac.nz> wrote:
>> Michael D'Errico <mike-list@pobox.com> writes:
>>
>>>In trying to figure out what's stalling the encrypt-then-mac draft
>>
>> What's stalling the draft is that the WG chairs refuse to accept it, and
>> nothing else.
>
> Peter,
>
> This topic was discussed at the TLS WG meeting in Vancouver
> (since you declined to attend, Joe Salowey provided a brief
> description of the two options). Your proposed approach
> had no support in the room. You can find the minutes here:
>
> http://tools.ietf.org/wg/tls/minutes?item=minutes-88-tls.html
>
> So, while there has been some support on the list, I don't
> believe that this supports the claim that there is rough
> consensus for this draft.
Where are the opponents on the list? Anyone can hum, but I would like
to see them
put their names and reasons down. I personally think we should have a
ciphersuitedammerung in which
everything but AES-GCM is depreciated, and adding encrypt-then-mac
isn't worth it, so I probably
would have opposed it: it adds complexity at no gain. Then again my
hopes have been crushed again and again.

But as chair you have failed consistently to ensure that the list
reflects the decision making process.
You are directly responsible for endorsing drafts with known security
issues, and have failed to articulate
a clear direction forwards for this WG. You have placed users and
their security below the convenience of vendors,
presiding over the expansion of a smorgasbord of options so that
everyone can claim to support TLS 1.2, without providing
an iota of security or interoperability. Anyone can extend TLS and get
your approval, so long as it doesn't improve
security or have a chance of actually getting used. (See SRP and PWD).
What have the past 14 years done for us in terms of improvements to TLS?
Sincerely,
Watson
>
> With that said, if you're unhappy with the performance of the
> chairs, you should reach out to the Security ADs
> (sec-ads@tools.ietf.org)
>
> Best.
> -Ekr
> [Speaking as Chair]
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin