Re: [Uta] Fwd: New Version Notification for draft-ietf-uta-tls-attacks-02.txt

[Yaron Sheffer]

Hi Will,

I think FLAME should be out of scope, because it is an attack on PKI 
rather than SSL. Besides, MD5 has been beaten to death elsewhere.

Also, a recommendation on GCM nonce usage belongs to the BCP draft and 
not to this one.

Other than that, I am fine with your comments.

Thanks,
        Yaron

On 08/13/2014 09:58 PM, Will Sargent wrote:
Also, I think if this is discussing current attacks on TLS, then it
should mention Flame as an in the wild attack on MD5:

https://www.trailofbits.com/resources/flame-md5.pdf

Will Sargent
Consultant, Professional Services
Typesafe <http://typesafe.com>, the company behind Play Framework
<http://www.playframework.com>, Akka <http://akka.io> and Scala
<http://www.scala-lang.org/>


On Wed, Aug 13, 2014 at 11:27 AM, Watson Ladd <watsonbl...@gmail.com
<mailto:watsonbl...@gmail.com>> wrote:


    On Aug 13, 2014 10:30 AM, "Will Sargent" <will.sarg...@typesafe.com
    <mailto:will.sarg...@typesafe.com>> wrote:
     >
     > There's a typo on "Triple Hanshake" and "the are" instead of
    "there are".
     >
     > The mention of AES-GCM is only optimal if using hardware and
    counters (see the router link below), otherwise the random nonce is
    too small. I'm not sure if this is a practical issue for
    implementations.

    It is: don't use a random nonce with GCM, because it turns into an
    ntwice.


     >
     > I would like if the implementation issues section had a section
    on libraries not filtering out obsolete signature algorithms and
    cipher suites, and not checking small key sizes (even on the root
    certificate):
     >
     >
    
http://googleonlinesecurity.blogspot.com/2013/11/a-roster-of-tls-cipher-suites-weaknesses.html
     > https://wiki.mozilla.org/CA:MD5and1024
     > http://csrc.nist.gov/groups/ST/hash/policy.html
     >
     > Additionally, the URL to Georgiev2012 is to
    http://doi.acm.org/10.1145/2382196.2382204 which is a paywalled
    site: it would be more effective for readers if it pointed to the
    accessable URL http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
     >
     > Will Sargent
     > Consultant, Professional Services
     > Typesafe, the company behind Play Framework, Akka and Scala
     >
     >
     > On Tue, Aug 12, 2014 at 1:55 PM, Yaron Sheffer
    <yaronf.i...@gmail.com <mailto:yaronf.i...@gmail.com>> wrote:
     >>
     >> Dear UTA folks,
     >>
     >> This version incorporates feedback from shortly before, during
    and following the Toronto meeting. The changes are:
     >>
     >>    o  Added implementation issues ("most dangerous code"),
     >>       renegotiation, triple handshake.
     >>
     >>    o  Added text re: mitigation of Lucky13.
     >>
     >>    o  Added applicability to DTLS.
     >>
     >> Please review and comment on the list.
     >>
     >> Thanks,
     >>         Yaron
     >>
     >> -------- Forwarded Message --------
     >> Subject: New Version Notification for
    draft-ietf-uta-tls-attacks-02.txt
     >> Date: Tue, 12 Aug 2014 04:25:18 -0700
     >> From: internet-dra...@ietf.org <mailto:internet-dra...@ietf.org>
     >> To: Yaron Sheffer <yaronf.i...@gmail.com
    <mailto:yaronf.i...@gmail.com>>, Ralph Holz <h...@net.in.tum.de
    <mailto:h...@net.in.tum.de>>, Peter Saint-Andre <i...@stpeter.im
    <mailto:i...@stpeter.im>>, Ralph Holz <h...@net.in.tum.de
    <mailto:h...@net.in.tum.de>>, Peter Saint-Andre <i...@stpeter.im
    <mailto:i...@stpeter.im>>, Yaron Sheffer <yaronf.i...@gmail.com
    <mailto:yaronf.i...@gmail.com>>
     >>
     >>
     >> A new version of I-D, draft-ietf-uta-tls-attacks-02.txt
     >> has been successfully submitted by Yaron Sheffer and posted to the
     >> IETF repository.
     >>
     >> Name:           draft-ietf-uta-tls-attacks
     >> Revision:       02
     >> Title:          Summarizing Current Attacks on TLS and DTLS
     >> Document date:  2014-08-12
     >> Group:          uta
     >> Pages:          10
     >> URL:
    http://www.ietf.org/internet-drafts/draft-ietf-uta-tls-attacks-02.txt
     >> Status: https://datatracker.ietf.org/doc/draft-ietf-uta-tls-attacks/
     >> Htmlized: http://tools.ietf.org/html/draft-ietf-uta-tls-attacks-02
     >> Diff: http://www.ietf.org/rfcdiff?url2=draft-ietf-uta-tls-attacks-02
     >>
     >> Abstract:
     >>    Over the last few years there have been several serious
    attacks on
     >>    TLS, including attacks on its most commonly used ciphers and
    modes of
     >>    operation.  This document summarizes these attacks, with the
    goal of
     >>    motivating generic and protocol-specific recommendations on
    the usage
     >>    of TLS and DTLS.
     >>
     >>
     >>
     >>
     >>
     >> Please note that it may take a couple of minutes from the time
    of submission
     >> until the htmlized version and diff are available at
    tools.ietf.org <http://tools.ietf.org>.
     >>
     >> The IETF Secretariat
     >>
     >>
     >>
     >> _______________________________________________
     >> Uta mailing list
     >> Uta@ietf.org <mailto:Uta@ietf.org>
     >> https://www.ietf.org/mailman/listinfo/uta
     >
     >
     >
     > _______________________________________________
     > Uta mailing list
     > Uta@ietf.org <mailto:Uta@ietf.org>
     > https://www.ietf.org/mailman/listinfo/uta
     >



_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta