[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TLS] Record layer padding

To: <1.41421@xxxxxxxxx>
Subject: RE: [TLS] Record layer padding
From: <Pasi.Eronen@xxxxxxxxx>
Date: Fri, 25 Jan 2008 20:05:01 +0200
Cc: tls@xxxxxxxxxxxxxx
In-reply-to: <a10b0c8a0801250829k390588afv9095e975c90de683@xxxxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <a10b0c8a0801242017y7ce85cden8bc0a4272d7d9f44@xxxxxxxxxxxxxx> <B356D8F434D20B40A8CEDAEC305A1F240528D5BA@xxxxxxxxxxxxxxxxxxxxxx> <a10b0c8a0801250829k390588afv9095e975c90de683@xxxxxxxxxxxxxx>
Thread-index: Achfb4IVwEIs+BoSSCW5DVywHHeM2AAC+Rsw
Thread-topic: [TLS] Record layer padding

JCA (1.41421@xxxxxxxxx) wrote:

>     Thanks, that clarifies it. In fact, on rereading the relevant part
> of the spec that seems to be implied. I would also seem to be implied
> that one is free to add as many padding blocks as one wishes (and fit
> the bill,) provided the padding length is less than 256 bytes, right?

Yes.

> Even more: If I am understand it correctly, implementations are
> encouraged to do so in order to foil traffic analysis-based cracking
> attempts.

Well, "encouraged" is perhaps an overstatement: as far as I know,
most existing TLS implementations don't this. (When some versions
of GnuTLS shipped with this feature enabled, it was discovered
that Symbian TLS implementation didn't like receiving that 
extra padding -- a bug that hadn't been discovered in probably 5+
years, suggesting that nobody else sends such records. There were
some messages on the list back in November, I think.)

> > > Also, what happens to record layers put together before
> > > encryption kicks in? Is one supposed not to use the padding length
> > > byte at all?  That's what I would do myself but, again, I am not
> > > sure.
> >
> > Each TLS record is encrypted separately, and the padding_length
> > byte is present in each of them. (If you e.g. combine several
> > handshake messages in one TLS record -- well, that's done
> > before the record layer, so it's just one record then.)
> 
>    Hmm.... I am not sure I follow here. My understanding is that all
> TLS data will be exchanged encapsulated within TLS record
> layers. From this it would seem that messages in the same record
> must be either encrypted or unencrypted, but not both. That is, what
> one encrypts (or not) are whole records, not individual
> messages. And analogously for the MAC computation. Is this what the
> spec means?

Yes, you encrypt and MAC whole records, not individual messages.
But the relationship between records and e.g. TLS handshake messages
is loose: one TLS handshake message can be split to multiple records,
and one record can contain more than one handshake message.

>    To answer my own question, again on rereading the spec my take is
> that unencrypted records are just records encrypted with the Null
> cipher - which, according to the spec (and just like stream ciphers)
> does not require padding, and therefore no padding length byte.

Yes, you're right -- unencrypted records don't have the padding length
byte, because they don't use the GenericBlockCipher structure.

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- [TLS] Re: Record layer padding
  - From: Simon Josefsson

References:
- [TLS] Record layer padding
  - From: JCA
- RE: [TLS] Record layer padding
  - From: Pasi.Eronen
- Re: [TLS] Record layer padding
  - From: JCA

Prev by Date: Re: [TLS] Record layer padding
Next by Date: [TLS] I-D ACTION:draft-ietf-tls-rfc4346-bis-08.txt
Previous by thread: Re: [TLS] Record layer padding
Next by thread: [TLS] Re: Record layer padding
Index(es):
- Date
- Thread