MAC padding (Debian Bug #390712)

[Marc Haber]

Hi,

Simon Josefsson has suggested to me (a member of the maintainer team
for Exim's packages for the Debian Operating System) that it might be
a good idea to move a technical debate from our blogs
(http://blog.zugschlus.de/archives/585-exim4-vs.-OpenSSL-vs.-GnuTLS.html,
http://blog.josefsson.org/2007/11/09/response-to-gnutls-in-exim-debate/)
to gnutls-devel as this list is a better medium for archived discussion.

I'll send a dedicated mail for each of Debian's bug reports, so that
the threads are not going to intermix.

Debian Bug #390712, http://bugs.debian.org/390712
=================================================
Simon writes:
>  Appears to be triggered by GnuTLS implementing MAC padding to solve a
>  security problem in TLS. OpenSSL reportedly does not implement the
>  same work around, and would thus appear to be vulnerable to that
>  problem.
>  Conclusion: Appears to be a ???wontfix??? bug. Personally, I think GnuTLS
>  could provide a simpler mechanism to disable MAC padding if
>  applications deem this necessary. Someone could double check how
>  important the MAC padding security concern is.

I disagree about the "wontfix" bug. We have an interoperability issue
here, where the end user notices "things work when I use OpenSSL or do
not use TLS at all, only GnuTLS breaks". In the result, the end user
will use OpenSSL or no TLS at all, which reduces GnuTLS user base and
cryptography coverage.

I would like to see a mechanism to disable MAC padding if it is really
the culprit here.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190