Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback
Kohei Kasamatsu <kasamatsu.kohei@po.ntts.co.jp> Mon, 14 July 2014 12:22 UTC
Return-Path: <kasamatsu.kohei@po.ntts.co.jp>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D45371A03CA for <uta@ietfa.amsl.com>; Mon, 14 Jul 2014 05:22:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.043
X-Spam-Level:
X-Spam-Status: No, score=-0.043 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GQcb-p2RyVdt for <uta@ietfa.amsl.com>; Mon, 14 Jul 2014 05:22:53 -0700 (PDT)
Received: from mail12.ics.ntts.co.jp (mail12.ics.ntts.co.jp [210.232.35.65]) by ietfa.amsl.com (Postfix) with ESMTP id 611BD1A0397 for <uta@ietf.org>; Mon, 14 Jul 2014 05:22:53 -0700 (PDT)
Received: from sadoku34.silk.ntts.co.jp (sadoku34 [10.7.18.34]) by mail12.ics.ntts.co.jp (8.14.4/8.14.4/NTTSOFT) with ESMTP id s6ECMoVK021046; Mon, 14 Jul 2014 21:22:50 +0900 (JST)
Received: (from root@localhost) by sadoku34.silk.ntts.co.jp (8.13.8/NTTSOFT) id s6ECMof1000316; Mon, 14 Jul 2014 21:22:50 +0900 (JST)
Received: from ccmds32.silk.ntts.co.jp [10.107.0.32] by sadoku34.silk.ntts.co.jp with SMTP id XAA00315; Mon, 14 Jul 2014 21:22:50 +0900
Received: from mail147.silk.ntts.co.jp (ccmds32.silk.ntts.co.jp [127.0.0.1]) by ccmds32.silk.ntts.co.jp (8.14.3/8.14.3) with ESMTP id s6ECMnWJ005387; Mon, 14 Jul 2014 21:22:49 +0900
Received: from mail147.silk.ntts.co.jp (localhost.localdomain [127.0.0.1]) by mail147.silk.ntts.co.jp (8.14.5/8.14.5/NTTSOFT) with ESMTP id s6ECMnDu031672; Mon, 14 Jul 2014 21:22:49 +0900
Received: from ccmds32 (mail145.silk.ntts.co.jp [10.107.0.145]) by mail147.silk.ntts.co.jp (8.14.5/8.14.5/NTTSOFT) with SMTP id s6ECMn2O031669; Mon, 14 Jul 2014 21:22:49 +0900
Message-ID: <53C3CB70.7000106@po.ntts.co.jp>
Date: Mon, 14 Jul 2014 21:22:08 +0900
From: Kohei Kasamatsu <kasamatsu.kohei@po.ntts.co.jp>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Leif Johansson <leifj@sunet.se>
References: <CA+cU71nE==UneZFK4a7z69Z5HjFb8VZo8GJtRbPmhKE2cen4Yg@mail.gmail.com> <53842A4F.2030109@net.in.tum.de> <5384E954.7030204@gmail.com> <CA+cU71=jWySHqj8QSDpiMk0T84iC3+OZUr18Vp3fCkJfuC66ew@mail.gmail.com> <53C33770.1020205@po.ntts.co.jp> <CACsn0cmg4tZzGb8KbLhOvdqD7gi_12Z6t_hpoXNCTKfwAHj1eA@mail.gmail.com> <53C36FC9.3060008@po.ntts.co.jp> <643E9900-43A1-4145-BC34-8407F3AAF47E@sunet.se> <53C39E23.8080205@po.ntts.co.jp> <AD889525-F027-4626-AED7-A2E0DF0141C1@sunet.se>
In-Reply-To: <AD889525-F027-4626-AED7-A2E0DF0141C1@sunet.se>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-CC-Mail-RelayStamp: CC-Mail-V4.3-Client
X-CC-Mail-RelayStamp: CC-Mail-V4.3-Server
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/WUiTQ7-NQBastGECLVmatIZDr3I
Cc: Ralph Holz <holz@net.in.tum.de>, Watson Ladd <watsonbladd@gmail.com>, "uta@ietf.org" <uta@ietf.org>, Tom Ritter <tom@ritter.vg>, Yaron Sheffer <yaronf.ietf@gmail.com>
Subject: Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jul 2014 12:22:55 -0000
I am sorry for misunderstanding. I would like to suggest an addtion of "The Lucky Thirteen attack can be mitigated by using authenticated encryption like AES-GCM [RFC5288] and encrypt-then-mac [I-D.ietf-tls-encrypt-then-mac] instead of MAC-then-encrypt." into the end of section 2.3 in draft-ietf-uta-tls-attacks-01. Modified section 2.3 is as follow. -- 2.3. Lucky Thirteen A consequence of the MAC-then-encrypt design in all current versions of TLS is the existence of padding oracle attacks [Padding-Oracle]. A recent incarnation of these attacks is the Lucky Thirteen attack [CBC-Attack], a timing side-channel attack that allows the attacker to decrypt arbitrary ciphertext. The Lucky Thirteen attack can be mitigated by using authenticated encryption like AES-GCM [RFC5288] and encrypt-then-mac [I-D.ietf-tls-encrypt-then-mac] instead of MAC-then-encrypt. -- [RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois Counter Mode (GCM) Cipher Suites for TLS", RFC 5288, August 2008. [I-D.ietf-tls-encrypt-then-mac] P. Gutmann, "Encrypt-then-MAC for TLS and DTLS", draft-ietf-tls-encrypt-then-mac-02 (work in progress), June 2014. Best, Kohei KASAMATSU (2014/07/14 20:30), Leif Johansson wrote: > > No I was asimg you to suggest a concrete change to the draft - this helps the author move things along. > >> 14 jul 2014 kl. 11:10 skrev "Kohei Kasamatsu" <kasamatsu.kohei@po.ntts.co.jp>: >> >> >>> Could you suggest a couple of lines of text? >> >> I understood that what you say is to show resource which explains AEAD >> and encrypt-then-mac are countermeasure of lucky 13. >> >> It is shown in Use Authenticated Encryption of section 7 in "Lucky >> Thirteen: Breaking the TLS and DTLS Record Protocols" [1] >> >> [1] http://www.isg.rhul.ac.uk/tls/TLStiming.pdf >> >> Best, >> Kohei KASAMATSU >> >> (2014/07/14 17:11), Leif Johansson wrote: >>> >>> >>> >>>> >>>> But draft-ietf-uta-tls-bcp-01 uses AEAD as the countermeasure of Lucky >>>> 13. So I think that it is kind to write the fact that Lucky 13 can be >>>> protected by encrypt-then-mac or AEAD in draft-ietf-uta-tls-attacks. >>> >>> Could you suggest a couple of lines of text? >> >> > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta > -- Kohei KASAMATSU NTT Software Corporation TEL: +81 45 212 7908 FAX: +81 45 212 9800 E-mail: kasamatsu.kohei@po.ntts.co.jp
- [Uta] Real draft-ietf-uta-tls-bcp Feedback Tom Ritter
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Ralph Holz
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Salz, Rich
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Ralph Holz
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Salz, Rich
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Yaron Sheffer
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Yaron Sheffer
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Salz, Rich
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Yaron Sheffer
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Tom Ritter
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Benjamin Black
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Benjamin Black
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Ralph Holz
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Kohei Kasamatsu
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Watson Ladd
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Kohei Kasamatsu
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Leif Johansson
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Kohei Kasamatsu
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Leif Johansson
- Re: [Uta] Real draft-ietf-uta-tls-bcp Feedback Kohei Kasamatsu