Re: [TLS] Issue 15: Mandate protection against CBC mode timing attack

To: Ben Laurie <benl at google.com>
Subject: Re: [TLS] Issue 15: Mandate protection against CBC mode timing attack
From: Bodo Moeller <bmoeller at acm.org>
Date: Sun, 3 Jun 2007 21:59:02 +0200
Cc: tls at ietf.org
In-reply-to: <1b587cab0706031023n2085a090sa005aad0353515c4@mail.gmail.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070603145222.40A7833C4B@delta.rtfm.com> <1b587cab0706031023n2085a090sa005aad0353515c4@mail.gmail.com>
User-agent: Mutt/1.5.9i

On Sun, Jun 03, 2007 at 10:23:09AM -0700, Ben Laurie wrote:
> On 6/3/07, Eric Rescorla <ekr at networkresonance.com> wrote:

>> http://www3.tools.ietf.org/wg/tls/trac/ticket/15
>>
>> NIST's comments suggest that the defense suggested in 6.2.3.2
>> should be  mandatory. My argument is that hardware systems may
>> operate in fixed time or otherwise be safe and so we shouldn't
>> mandate any particular defense.

> Perhaps we should mandate it for implementations that are vulnerable?

That's exactly what the current I-D does: "MUST ensure that record
processing time is essentially the same whether or not the padding is
correct", and "[i]n general, the best way to do this is ...".
I don't see any reason to change the wording, so:

>> Proposed resolution: leave as-is.


Bodo


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- [TLS] Issue 15: Mandate protection against CBC mode timing attack
  - From: Eric Rescorla
- Re: [TLS] Issue 15: Mandate protection against CBC mode timing attack
  - From: Ben Laurie

Prev by Date: Re: [TLS] Short Ephermal Diffie-Hellman keys
Next by Date: Re: [TLS] Issue 16: Alert clarifications
Previous by thread: Re: [TLS] Issue 15: Mandate protection against CBC mode timing attack
Next by thread: [TLS] Issue 16: Alert clarifications
Index(es):
- Date
- Thread

Re: [TLS] Issue 15: Mandate protection against CBC mode timing attack

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.