Re: [TLS] NIST TLS recomendations (PKCS#1 encryption attacks)

Martin Rex <martin.rex@sap.com> Tue, 28 November 2006 22:56 UTC

From: Martin Rex <martin.rex@sap.com>
Message-Id: <200611282252.XAA06938@uw1048.wdf.sap.corp>
Subject: Re: [TLS] NIST TLS recomendations (PKCS#1 encryption attacks)
To: Pasi.Eronen@nokia.com
Date: Tue, 28 Nov 2006 23:52:32 +0100
In-Reply-To: <B356D8F434D20B40A8CEDAEC305A1F2403748E4F@esebe105.NOE.Nokia.com> from "Pasi.Eronen@nokia.com" at Nov 28, 6 01:32:40 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Cc: tls@lists.ietf.org
Precedence: list
Reply-To: martin.rex@sap.com
Errors-To: tls-bounces@lists.ietf.org

Pasi.Eronen@nokia.com wrote:
> 
> I do agree that such debugging features are useful in many 
> circumstances -- but there are other channels than timing
> that may leak information. How about rephrasing this:
> 
>    "Care must also be taken to avoid leaking information about
>    the error situation via log files, or other channels."
> 
> as follows:
> 
>    "It may be useful to log the real cause of failure for
>    troubleshooting purposes; however, care must be taken to 
>    avoid leaking the information the attacker (though, e.g.,
>    timing, log files, or other channels)."

Fine with me.

               ... the information to an attacker ...
                                   
maybe.

-Martin

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

[TLS] NIST TLS recomendations Ray Perlner
[TLS] Re: NIST TLS recomendations Simon Josefsson
Re: [TLS] Re: NIST TLS recomendations Peter Gutmann
RE: [TLS] Re: NIST TLS recomendations Kemp David P.
Re: [TLS] NIST TLS recomendations Bodo Moeller
Re: [TLS] NIST TLS recomendations Bodo Moeller
Re: [TLS] Re: NIST TLS recomendations Bodo Moeller
Re: [TLS] NIST TLS recomendations Peter Gutmann
Re: [TLS] Re: NIST TLS recomendations Peter Gutmann
Re: [TLS] Re: NIST TLS recomendations Bodo Moeller
RE: [TLS] Re: NIST TLS recomendations Pasi.Eronen
Re: [TLS] Re: NIST TLS recomendations Bodo Moeller
[TLS] Re: NIST TLS recomendations Simon Josefsson
Re: [TLS] Re: NIST TLS recomendations Peter Gutmann
Re: [TLS] Re: NIST TLS recomendations Bodo Moeller
RE: [TLS] Re: NIST TLS recomendations Pasi.Eronen
RE: [TLS] Re: NIST TLS recomendations Peter Gutmann
Re: [TLS] Re: NIST TLS recomendations Bodo Moeller
[TLS] Re: NIST TLS recomendations Simon Josefsson
Re: [TLS] Re: NIST TLS recomendations Peter Gutmann
RE: [TLS] NIST TLS recomendations (IV generation) Pasi.Eronen
RE: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Pasi.Eronen
Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Martin Rex
Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Peter Gutmann
Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Bodo Moeller
Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Bodo Moeller
RE: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Pasi.Eronen
RE: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Pasi.Eronen
Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Peter Gutmann
Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Dr Stephen Henson
Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Bodo Moeller
Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Bodo Moeller
Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Steven M. Bellovin
Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Martin Rex
Re: [TLS] NIST TLS recomendations (PKCS#1 encrypt… Peter Gutmann