Also, I think if this is discussing current attacks on TLS, then it should mention Flame as an in the wild attack on MD5:
https://www.trailofbits.com/resources/flame-md5.pdf Will Sargent Consultant, Professional Services Typesafe <http://typesafe.com>, the company behind Play Framework <http://www.playframework.com>, Akka <http://akka.io> and Scala <http://www.scala-lang.org/> On Wed, Aug 13, 2014 at 11:27 AM, Watson Ladd <[email protected]> wrote: > > On Aug 13, 2014 10:30 AM, "Will Sargent" <[email protected]> > wrote: > > > > There's a typo on "Triple Hanshake" and "the are" instead of "there are". > > > > The mention of AES-GCM is only optimal if using hardware and counters > (see the router link below), otherwise the random nonce is too small. I'm > not sure if this is a practical issue for implementations. > > It is: don't use a random nonce with GCM, because it turns into an ntwice. > > > > > I would like if the implementation issues section had a section on > libraries not filtering out obsolete signature algorithms and cipher > suites, and not checking small key sizes (even on the root certificate): > > > > > http://googleonlinesecurity.blogspot.com/2013/11/a-roster-of-tls-cipher-suites-weaknesses.html > > https://wiki.mozilla.org/CA:MD5and1024 > > http://csrc.nist.gov/groups/ST/hash/policy.html > > > > Additionally, the URL to Georgiev2012 is to > http://doi.acm.org/10.1145/2382196.2382204 which is a paywalled site: it > would be more effective for readers if it pointed to the accessable URL > http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf > > > > Will Sargent > > Consultant, Professional Services > > Typesafe, the company behind Play Framework, Akka and Scala > > > > > > On Tue, Aug 12, 2014 at 1:55 PM, Yaron Sheffer <[email protected]> > wrote: > >> > >> Dear UTA folks, > >> > >> This version incorporates feedback from shortly before, during and > following the Toronto meeting. The changes are: > >> > >> o Added implementation issues ("most dangerous code"), > >> renegotiation, triple handshake. > >> > >> o Added text re: mitigation of Lucky13. > >> > >> o Added applicability to DTLS. > >> > >> Please review and comment on the list. > >> > >> Thanks, > >> Yaron > >> > >> -------- Forwarded Message -------- > >> Subject: New Version Notification for draft-ietf-uta-tls-attacks-02.txt > >> Date: Tue, 12 Aug 2014 04:25:18 -0700 > >> From: [email protected] > >> To: Yaron Sheffer <[email protected]>, Ralph Holz < > [email protected]>, Peter Saint-Andre <[email protected]>, Ralph Holz < > [email protected]>, Peter Saint-Andre <[email protected]>, Yaron Sheffer < > [email protected]> > >> > >> > >> A new version of I-D, draft-ietf-uta-tls-attacks-02.txt > >> has been successfully submitted by Yaron Sheffer and posted to the > >> IETF repository. > >> > >> Name: draft-ietf-uta-tls-attacks > >> Revision: 02 > >> Title: Summarizing Current Attacks on TLS and DTLS > >> Document date: 2014-08-12 > >> Group: uta > >> Pages: 10 > >> URL: > http://www.ietf.org/internet-drafts/draft-ietf-uta-tls-attacks-02.txt > >> Status: > https://datatracker.ietf.org/doc/draft-ietf-uta-tls-attacks/ > >> Htmlized: > http://tools.ietf.org/html/draft-ietf-uta-tls-attacks-02 > >> Diff: http://www.ietf.org/rfcdiff?url2=draft-ietf-uta-tls-attacks-02 > >> > >> Abstract: > >> Over the last few years there have been several serious attacks on > >> TLS, including attacks on its most commonly used ciphers and modes of > >> operation. This document summarizes these attacks, with the goal of > >> motivating generic and protocol-specific recommendations on the usage > >> of TLS and DTLS. > >> > >> > >> > >> > >> > >> Please note that it may take a couple of minutes from the time of > submission > >> until the htmlized version and diff are available at tools.ietf.org. > >> > >> The IETF Secretariat > >> > >> > >> > >> _______________________________________________ > >> Uta mailing list > >> [email protected] > >> https://www.ietf.org/mailman/listinfo/uta > > > > > > > > _______________________________________________ > > Uta mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/uta > > > >
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
