RE: [TLS] NIST TLS recomendations (IV generation)
<Pasi.Eronen@nokia.com> Tue, 21 November 2006 15:39 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GmXiO-0006Q3-LF; Tue, 21 Nov 2006 10:39:16 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GmXiN-0006Px-Jj for tls@lists.ietf.org; Tue, 21 Nov 2006 10:39:15 -0500
Received: from mgw-ext11.nokia.com ([131.228.20.170]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GmXiM-0007dj-4Y for tls@lists.ietf.org; Tue, 21 Nov 2006 10:39:15 -0500
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext11.nokia.com (Switch-3.1.10/Switch-3.1.10) with ESMTP id kALFd1gM029844; Tue, 21 Nov 2006 17:39:09 +0200
Received: from esebh103.NOE.Nokia.com ([172.21.143.33]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 21 Nov 2006 17:37:18 +0200
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh103.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 21 Nov 2006 17:37:18 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] NIST TLS recomendations (IV generation)
Date: Tue, 21 Nov 2006 17:37:21 +0200
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F24036EA3DE@esebe105.NOE.Nokia.com>
In-Reply-To: <7.0.1.0.2.20061101091038.0208f420@nist.gov>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] NIST TLS recomendations (IV generation)
Thread-Index: Acb9wgSf1EKVbyKaR12QoVxxwPw3hAPwCs4w
From: Pasi.Eronen@nokia.com
To: ray.perlner@nist.gov, tls@lists.ietf.org
X-OriginalArrivalTime: 21 Nov 2006 15:37:18.0003 (UTC) FILETIME=[ED368030:01C70D82]
X-Nokia-AV: Clean
X-Spam-Score: 0.2 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Ray Perlner wrote: > Page 20-21: Section 6.2.3.2 under IV The document specifies that the > IV SHOULD be generated by method (1) or (2) and MAY be generated by > an alternate method. There is, however, no language forbidding the > generation of IVs by a fourth unlisted method. If a fourth method is > used, the protocol will not fail but may be insecure. Therefore we > recommend adding language forbidding the use of an unlisted method > for IV generation. Actually the whole text about IVs is quite long, and contains implementation details that IMHO are likely to confuse rather than help an implementer. How about just replacing the whole text about IVs with something like this? IV The Initialization Vector (IV) MUST be chosen at random, and MUST be unpredictable. See [SP800-38A] Appendix C for RECOMMENDED methods for generating unpredictable IVs. It is critical that the IV is not sent before the entire plaintext of the record is known; otherwise it is possible for the attacker to mount the attack described in [CBCATT]. Note: In versions of TLS prior to 1.1, there was no IV field, and the last ciphertext block of the previous record (the "CBC residue") was used as the IV. This was changed to prevent the attacks described in [CBCATT]. Best regards, Pasi _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] NIST TLS recomendations Ray Perlner
- [TLS] Re: NIST TLS recomendations Simon Josefsson
- Re: [TLS] Re: NIST TLS recomendations Peter Gutmann
- RE: [TLS] Re: NIST TLS recomendations Kemp David P.
- Re: [TLS] NIST TLS recomendations Bodo Moeller
- Re: [TLS] NIST TLS recomendations Bodo Moeller
- Re: [TLS] Re: NIST TLS recomendations Bodo Moeller
- Re: [TLS] NIST TLS recomendations Peter Gutmann
- Re: [TLS] Re: NIST TLS recomendations Peter Gutmann
- Re: [TLS] Re: NIST TLS recomendations Bodo Moeller
- RE: [TLS] Re: NIST TLS recomendations Pasi.Eronen
- Re: [TLS] Re: NIST TLS recomendations Bodo Moeller
- [TLS] Re: NIST TLS recomendations Simon Josefsson
- Re: [TLS] Re: NIST TLS recomendations Peter Gutmann
- Re: [TLS] Re: NIST TLS recomendations Bodo Moeller
- RE: [TLS] Re: NIST TLS recomendations Pasi.Eronen
- RE: [TLS] Re: NIST TLS recomendations Peter Gutmann
- Re: [TLS] Re: NIST TLS recomendations Bodo Moeller
- [TLS] Re: NIST TLS recomendations Simon Josefsson
- Re: [TLS] Re: NIST TLS recomendations Peter Gutmann
- RE: [TLS] NIST TLS recomendations (IV generation) Pasi.Eronen
- RE: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Pasi.Eronen
- Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Martin Rex
- Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Peter Gutmann
- Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Bodo Moeller
- Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Bodo Moeller
- RE: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Pasi.Eronen
- RE: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Pasi.Eronen
- Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Peter Gutmann
- Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Dr Stephen Henson
- Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Bodo Moeller
- Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Bodo Moeller
- Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Steven M. Bellovin
- Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Martin Rex
- Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Peter Gutmann