[TLS] Issue #12: RSA/DSA/DH timing attacks
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[TLS] Issue #12: RSA/DSA/DH timing attacks
http://www3.tools.ietf.org/wg/tls/trac/ticket/12
TLS 1.2 already requires some sort of defense against timing
analysis on RSA. It is known that timing analysis is possible
against DSA but I know of no published defense against it
other than fixed-length computations. (As opposed to the
blinding defense for RSA).
In San Diego, I asked Tim of NIST knew of one but haven't
heard back.
I'd like to put this to bed. I suggest that unless someone comes
up with a defense suggestion by Chicago we simply say that this
is an issue with DSA implementations and suggest fixed-length
computations as a possible defense. Comments?
-Ekr
_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
