On Aug 13, 2014 10:30 AM, "Will Sargent" <[email protected]> wrote: > > There's a typo on "Triple Hanshake" and "the are" instead of "there are". > > The mention of AES-GCM is only optimal if using hardware and counters (see the router link below), otherwise the random nonce is too small. I'm not sure if this is a practical issue for implementations.
It is: don't use a random nonce with GCM, because it turns into an ntwice. > > I would like if the implementation issues section had a section on libraries not filtering out obsolete signature algorithms and cipher suites, and not checking small key sizes (even on the root certificate): > > http://googleonlinesecurity.blogspot.com/2013/11/a-roster-of-tls-cipher-suites-weaknesses.html > https://wiki.mozilla.org/CA:MD5and1024 > http://csrc.nist.gov/groups/ST/hash/policy.html > > Additionally, the URL to Georgiev2012 is to http://doi.acm.org/10.1145/2382196.2382204 which is a paywalled site: it would be more effective for readers if it pointed to the accessable URL http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf > > Will Sargent > Consultant, Professional Services > Typesafe, the company behind Play Framework, Akka and Scala > > > On Tue, Aug 12, 2014 at 1:55 PM, Yaron Sheffer <[email protected]> wrote: >> >> Dear UTA folks, >> >> This version incorporates feedback from shortly before, during and following the Toronto meeting. The changes are: >> >> o Added implementation issues ("most dangerous code"), >> renegotiation, triple handshake. >> >> o Added text re: mitigation of Lucky13. >> >> o Added applicability to DTLS. >> >> Please review and comment on the list. >> >> Thanks, >> Yaron >> >> -------- Forwarded Message -------- >> Subject: New Version Notification for draft-ietf-uta-tls-attacks-02.txt >> Date: Tue, 12 Aug 2014 04:25:18 -0700 >> From: [email protected] >> To: Yaron Sheffer <[email protected]>, Ralph Holz <[email protected]>, Peter Saint-Andre <[email protected]>, Ralph Holz <[email protected]>, Peter Saint-Andre <[email protected]>, Yaron Sheffer <[email protected]> >> >> >> A new version of I-D, draft-ietf-uta-tls-attacks-02.txt >> has been successfully submitted by Yaron Sheffer and posted to the >> IETF repository. >> >> Name: draft-ietf-uta-tls-attacks >> Revision: 02 >> Title: Summarizing Current Attacks on TLS and DTLS >> Document date: 2014-08-12 >> Group: uta >> Pages: 10 >> URL: http://www.ietf.org/internet-drafts/draft-ietf-uta-tls-attacks-02.txt >> Status: https://datatracker.ietf.org/doc/draft-ietf-uta-tls-attacks/ >> Htmlized: http://tools.ietf.org/html/draft-ietf-uta-tls-attacks-02 >> Diff: http://www.ietf.org/rfcdiff?url2=draft-ietf-uta-tls-attacks-02 >> >> Abstract: >> Over the last few years there have been several serious attacks on >> TLS, including attacks on its most commonly used ciphers and modes of >> operation. This document summarizes these attacks, with the goal of >> motivating generic and protocol-specific recommendations on the usage >> of TLS and DTLS. >> >> >> >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> >> _______________________________________________ >> Uta mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/uta > > > > _______________________________________________ > Uta mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/uta >
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
