Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS

2017-12-14 Thread Yoav Nir
> On 15 Dec 2017, at 3:05, Colm MacCárthaigh wrote: > > > > On Thu, Dec 14, 2017 at 5:01 PM, Hanno Böck > wrote: > On Thu, 14 Dec 2017 16:45:57 -0800 > Colm MacCárthaigh > wrote: > >

Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS

2017-12-14 Thread Colm MacCárthaigh
On Thu, Dec 14, 2017 at 5:01 PM, Hanno Böck wrote: > On Thu, 14 Dec 2017 16:45:57 -0800 > Colm MacCárthaigh wrote: > > > But what would that look like? What would we do now, in advance, to > > make it easy to turn off AES? For example. > > I think this is the

Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS

2017-12-14 Thread Hanno Böck
On Thu, 14 Dec 2017 16:45:57 -0800 Colm MacCárthaigh wrote: > But what would that look like? What would we do now, in advance, to > make it easy to turn off AES? For example. I think this is the wrong way to look at it. From what I'm aware nobody is really concerned about

Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS

2017-12-14 Thread Colm MacCárthaigh
Bringing this back to TLS-WG territory. Deprecating algorithms is hard work and can take a long time. Having been through MD5, RC4, 3DES, SHA1 deprecations and CBC de-prioritisations, it was a lot of work and network effects work against rapid changes. What else could we be doing here? One option

Re: [TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS

2017-12-14 Thread Watson Ladd
Let's not forget defense 0: migrating away from broken algorithms (which means turning them off). The fact that we didn't switch MTI away from RSA encryption in TLS 1.1 after these attacks were disclosed, or even in TLS 1.2, means that we've got a very long time before some sites can turn off

[TLS] A closer look at ROBOT, BB Attacks, timing attacks in general, and what we can do in TLS

2017-12-14 Thread Colm MacCárthaigh
TLS folks, A few weeks ago the s2n team got a mail from US CERT asking us to take a look for any Bleichenbacher attack issues and get to back to them. We didn't have any issues (thankfully!), but it was a good opportunity for us to review how we defend against BB and other related attacks. The

Re: [TLS] I-D Action: draft-ietf-tls-certificate-compression-01.txt

2017-12-14 Thread Ilari Liusvaara
On Tue, Dec 12, 2017 at 06:43:19PM -0600, Martin Thomson wrote: > On Tue, Dec 12, 2017 at 6:32 PM, Victor Vasiliev wrote: > > https://github.com/tlswg/certificate-compression/pull/8 > > That's a lot cleaner. Thanks. Some minor quibbles, but I like this > construction far