I am sorry for misunderstanding.
I would like to suggest an addtion of "The Lucky Thirteen attack can be
mitigated by using authenticated encryption like AES-GCM [RFC5288] and
encrypt-then-mac [I-D.ietf-tls-encrypt-then-mac] instead of
MAC-then-encrypt." into the end of section 2.3 in
draft-ietf-uta-tls-attacks-01.
Modified section 2.3 is as follow.
--
2.3. Lucky Thirteen
A consequence of the MAC-then-encrypt design in all current versions
of TLS is the existence of padding oracle attacks [Padding-Oracle].
A recent incarnation of these attacks is the Lucky Thirteen attack
[CBC-Attack], a timing side-channel attack that allows the attacker
to decrypt arbitrary ciphertext. The Lucky Thirteen attack can be
mitigated by using authenticated encryption like AES-GCM [RFC5288]
and encrypt-then-mac [I-D.ietf-tls-encrypt-then-mac] instead of
MAC-then-encrypt.
--
[RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois
Counter Mode (GCM) Cipher Suites for TLS", RFC 5288,
August 2008.
[I-D.ietf-tls-encrypt-then-mac] P. Gutmann, "Encrypt-then-MAC for TLS
and DTLS", draft-ietf-tls-encrypt-then-mac-02 (work in progress), June
2014.
Best,
Kohei KASAMATSU
(2014/07/14 20:30), Leif Johansson wrote:
>
> No I was asimg you to suggest a concrete change to the draft - this helps the
> author move things along.
>
>> 14 jul 2014 kl. 11:10 skrev "Kohei Kasamatsu"
>> <[email protected]>:
>>
>>
>>> Could you suggest a couple of lines of text?
>>
>> I understood that what you say is to show resource which explains AEAD
>> and encrypt-then-mac are countermeasure of lucky 13.
>>
>> It is shown in Use Authenticated Encryption of section 7 in "Lucky
>> Thirteen: Breaking the TLS and DTLS Record Protocols" [1]
>>
>> [1] http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
>>
>> Best,
>> Kohei KASAMATSU
>>
>> (2014/07/14 17:11), Leif Johansson wrote:
>>>
>>>
>>>
>>>>
>>>> But draft-ietf-uta-tls-bcp-01 uses AEAD as the countermeasure of Lucky
>>>> 13. So I think that it is kind to write the fact that Lucky 13 can be
>>>> protected by encrypt-then-mac or AEAD in draft-ietf-uta-tls-attacks.
>>>
>>> Could you suggest a couple of lines of text?
>>
>>
>
> _______________________________________________
> Uta mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/uta
>
--
Kohei KASAMATSU
NTT Software Corporation
TEL: +81 45 212 7908 FAX: +81 45 212 9800
E-mail: [email protected]
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
