> -----Original Message----- > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Bryan A Ford > Sent: Sunday, December 06, 2015 1:22 AM > To: tls@ietf.org > Subject: Re: [TLS] Analysis of encrypting the headers - what is the length > > On 12/4/15 9:56 PM, Jim Schaad wrote: > > I will start by re-iterating my initial position that I would prefer > > that the DTLS and TLS analysis is going to be the same in terms of > > masking the header information. So I decided to do some thought > > experiments about what happens if the length were to be encrypted and > > how many different situations does this not appear to help the situation. > > Why are you fixated on enumerating different situations where encrypting > headers doesn't help, while completely ignoring situations where it can help? > You could draw up an infinite list of scenarios in both categories. No security > provision will address every possible attack scenario - padding definitely doesn't > either! - but both header encryption and padding are complementary provisions > that each make attacks more difficult for attackers in different ways.
Having a solid idea of what the limitations of a solution are can be extremely helpful in trying to determine if the solution solves the problem as presented. My understanding of the problem that you are trying to solve is to hid the length of the data by encrypting it. Knowing when this does and does not work is part and parcel of trying to do the evaluation of a solutions effectiveness and then being able to do an evaluation of the benefits and costs of such a solution. It might be helpful to have a more formal set of situations where the solution works so that it can be compared. If the solution of encrypting the header requires additional tactics as well, then it should be well understood that the encryption solution is, in itself, insufficient. Doing so would also allow for a better understanding of what other solutions can be used to address the same, or similar, problems potentially without the same costs. The question of whether padding does or does not solve the problem depends to a large extend on what the attack model you are using is. If the attack model requires that you know the exact length of the data involved, then doing a simple padding with random lengths of data, or padding out to a fixed boundary does solve the problem entirely. If the attack model is based on distinguishing very large and very small blocks of data, then padding can solve this by making all responses pad out to a very large size. Again one needs to look at the costs of this as always sending a large amount of data in response, most of which is padding, presents a problem for the network and potentially the devices sending and receiving the data (power consumption). One therefore needs to do tradeoffs of the solution vs the problems. I am assuming that your attack model more closely follows the first one presented, but given that you have never stated it in any sort of formal language that is at best a wild guess on my part. Jim > > B _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
