[TLS] FYI, a subverted implementation attack against TLS at ia.cr/2020/1452

Dear TLS list, FYI, ICYMI, Berndt et al. describe a subverted implementation attack against TLS https://eprint.iacr.org/2020/1452 I just noticed this report today and don't remember seeing it mentioned on the TLS list already. It seems to be worth at least considering. A summary and brief disc

[TLS] =?UTF-8?Q?Re:__FYI, _a_subverted_implementation_attack_against_TLS_a?= t ia.cr/2020/1452

I don't think that this is a particularly important result. The formalism is perhaps valuable, but the intuition is not novel: if you control an endpoint and it can send messages, those messages can contain information. There are far too many places in almost any protocol where information can

Re: [TLS] FYI, a subverted implementation attack against TLS a t ia.cr/2020/1452

On 8/26/21 at 6:01 PM, m...@lowentropy.net (Martin Thomson) wrote: That Signal was hard is interesting, but I don't think that the authors were sufficiently creative. They say "these low-bandwidth attacks cannot be used to leak the short-term, ephemeral keys", but I don't think that is true a