home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: cryptography@metzdowd.com To: cryptography@metzdowd.com, gnu@toad.com In-reply-to: <CAMm+Lwgo6kY_D875X7r9dzt0W9V0G2cGwFH0pko9NeseR7AfqQ@mail.gmail.com> Date: Mon, 09 Sep 2013 20:03:02 -0700 From: John Gilmore <gnu@toad.com> Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com Phillip Hallam-Baker <hallam@gmail.com> wrote: > 5) Protocol vulnerability that IETF might have fixed but was discouraged > from fixing. By the way, it was a very interesting exercise to actually write out on graph paper the bytes that would be sent in a TLS exchange. I did this with Paul Wouters while working on how to embed raw keys in TLS (that would be authenticated from outside TLS, such as via DNSSEC). Or, print out a captured TLS packet exchange, and try to sketch around it what each bit/byte is for. The TLS RFCs, unlike most Jon Postel style RFCs, never show you the bytes -- they use a "high level description" with separate rules for encoding those descriptions on the wire. There is a LOT of known plaintext in every exchange! Known plaintext isn't the end of the world. But it makes a great crib for cryptanalysts who have some other angle to attack the system with. Systems with more known plaintext are easier to exploit than those with less. Is that why TLS has more known plaintext than average? Only the NSA knows for sure. John _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |