IETF Logo Mail Archive

RE: [TLS] NIST TLS recomendations (IV generation)

<Pasi.Eronen@nokia.com> Tue, 21 November 2006 15:39 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GmXiO-0006Q3-LF; Tue, 21 Nov 2006 10:39:16 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GmXiN-0006Px-Jj for tls@lists.ietf.org; Tue, 21 Nov 2006 10:39:15 -0500
Received: from mgw-ext11.nokia.com ([131.228.20.170]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GmXiM-0007dj-4Y for tls@lists.ietf.org; Tue, 21 Nov 2006 10:39:15 -0500
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext11.nokia.com (Switch-3.1.10/Switch-3.1.10) with ESMTP id kALFd1gM029844; Tue, 21 Nov 2006 17:39:09 +0200
Received: from esebh103.NOE.Nokia.com ([172.21.143.33]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 21 Nov 2006 17:37:18 +0200
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh103.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 21 Nov 2006 17:37:18 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] NIST TLS recomendations (IV generation)
Date: Tue, 21 Nov 2006 17:37:21 +0200
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F24036EA3DE@esebe105.NOE.Nokia.com>
In-Reply-To: <7.0.1.0.2.20061101091038.0208f420@nist.gov>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] NIST TLS recomendations (IV generation)
Thread-Index: Acb9wgSf1EKVbyKaR12QoVxxwPw3hAPwCs4w
From: Pasi.Eronen@nokia.com
To: ray.perlner@nist.gov, tls@lists.ietf.org
X-OriginalArrivalTime: 21 Nov 2006 15:37:18.0003 (UTC) FILETIME=[ED368030:01C70D82]
X-Nokia-AV: Clean
X-Spam-Score: 0.2 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Ray Perlner wrote:
> Page 20-21: Section 6.2.3.2 under IV The document specifies that the
> IV SHOULD be generated by method (1) or (2) and MAY be generated by
> an alternate method. There is, however, no language forbidding the
> generation of IVs by a fourth unlisted method. If a fourth method is
> used, the protocol will not fail but may be insecure. Therefore we
> recommend adding language forbidding the use of an unlisted method
> for IV generation.

Actually the whole text about IVs is quite long, and contains
implementation details that IMHO are likely to confuse rather than
help an implementer.

How about just replacing the whole text about IVs with something
like this?

   IV

       The Initialization Vector (IV) MUST be chosen at random, and
       MUST be unpredictable. See [SP800-38A] Appendix C for
       RECOMMENDED methods for generating unpredictable IVs.

       It is critical that the IV is not sent before the entire
       plaintext of the record is known; otherwise it is possible for
       the attacker to mount the attack described in [CBCATT].

       Note: In versions of TLS prior to 1.1, there was no IV field,
       and the last ciphertext block of the previous record (the "CBC
       residue") was used as the IV. This was changed to prevent the
       attacks described in [CBCATT].

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email