[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TLS] Serious crypto problem fixed by envelope HMAC methodinstead of currently used prefix

To: "'Omirjan Batyrbaev'" <batyr@xxxxxxxxxxxx>, "'EKR'" <ekr@xxxxxxxxxxxxxxxxxxxx>
Subject: RE: [TLS] Serious crypto problem fixed by envelope HMAC methodinstead of currently used prefix
From: "Jan Mikkelsen" <janm@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 21 Nov 2006 10:12:47 +1100
Cc: TLS@xxxxxxxxxxxxxx
Importance: Normal
In-reply-to: <>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Organization: Transactionware

Omirjan Batyrbaev wrote:
> >The length
> > value is explicit in the record and is used to find the >record
> > boundary (recall that TCP has no explicit record >boundaries).
> 
> Slightly OT: when client/server writes the TLS fragment 
> or/and messages the
> TCP then puts it in one TCP packet? So it becomes one TCP 
> packet per one TLS
> fragment. Is this what happens in the real world implementations?

No.

TCP provides a reliable byte stream service.  As stated in the message you
are responding to, TCP has no explicit record boundaries.  Specifically, an
implementor of any TCP based service (including TLS) should not assume that
recipient reads will match sender writes.

What happens with TCP packets depends on many variables. These are
irrelevant to TLS and are hidden by a TCP implementation.

TLS has a record layer to provide a record abstraction on top of TCP.

Regards,

Jan Mikkelsen

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Serious crypto problem fixed by envelope HMAC method instead of currently used prefix
  - From: Omirjan Batyrbaev

Prev by Date: Re: [TLS] Serious crypto problem fixed by envelope HMAC method instead of currently used prefix
Next by Date: milk route milligram-hour
Previous by thread: Re: [TLS] Serious crypto problem fixed by envelope HMAC method instead of currently used prefix
Next by thread: Re: [TLS] Serious crypto problem fixed by envelope HMAC method instead of currently used prefix
Index(es):
- Date
- Thread