Re: Apple goto fail - lessons that should be learned

["David A. Wheeler" <dwheeler () dwheeler com>]

On Wed, 26 Nov 2014 21:01:09 +0100, Hanno Böck <hanno () hboeck de> wrote:
> I've written something similar on POODLE (and BERserk), not sure if I
> posted this here before:
> https://blog.hboeck.de/archives/858-Dancing-protocols,-POODLEs-and-other-tales-from-TLS.html
>
> Not surprisingly I come to somewhat similar conclusions (protocol
> downgrade protection, encrypt-then-mac etc.)

Excellent!  I've added a citation from my POODLE paper to your post.

> But the most important conclusion from POODLE is imho: Be very careful
> with implementing workarounds for broken hard/software - and don't do
> them if they compromise security.

Agreed.  It's going to be hard to do that in practice, I fear.
Thankfully, it looks like SSLv3 will disappear, reducing the pressure to do that
for TLS.  That will help.

--- David A. Wheeler