IETF Logo Mail Archive

Re: [core] DTLS and Epochs

Jim Schaad <ietf@augustcellars.com> Thu, 01 June 2017 17:46 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C2701294D2 for <core@ietfa.amsl.com>; Thu, 1 Jun 2017 10:46:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DnXm8VVPPYEE for <core@ietfa.amsl.com>; Thu, 1 Jun 2017 10:45:59 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8075D12EAAE for <core@ietf.org>; Thu, 1 Jun 2017 10:45:49 -0700 (PDT)
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1496339133; h=from:subject:to:date:message-id; bh=wqqFmursu2wv/oD9qt2H9pA3PPLBDFmOhIsk029VSMQ=; b=J9J1YBgQe+yBu14VRBrZQdRx+FUoCJVnD44FpYS0P+7vxSjQx1C3yzK8+fzAOcOsY7AWw+NOJ3c PGw49o/lFJ1PmrVbMsbALXcPTzkigpTOzoI63pHUbG9QWX4foIe+EELI1smjrrqQzMTs5gdn1LPLe GdfH4RUH+G0nw4T6Ew/SpGSHvQl/3M+4mKwjirJkx6CVFjDnkHuRMtwAzmOEZFhcTTi6iSJ+vlWh7 Nj4hQiEKZ9rlRjZkRIKDv8QYsGo5xbvuymOZI/X/OEwNy9C/trhu0JaD245RjwxX/oicEmgm3b6ep hZu1y0OTFtuCi3JDaoMtYArDTWoiRaBUiAow==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 1 Jun 2017 10:45:33 -0700
Received: from Hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 1 Jun 2017 10:45:28 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Carsten Bormann' <cabo@tzi.org>
CC: 'weigengyu' <weigengyu@bupt.edu.cn>, 'Klaus Hartke' <hartke@tzi.org>, core@ietf.org
References: <003501d2cd32$c4417a10$4cc46e30$@augustcellars.com> <CAAzbHvYb39cPMmw_S0eZ4RSwzzmcE7636tjyu=kyCbUtBOwb0g@mail.gmail.com> <005e01d2cd8f$ae548dc0$0afda940$@augustcellars.com> <BC45A96C78AE43AF896A65A184D287B5@WeiGengyuPC> <014601d2daf1$8f1865c0$ad493140$@augustcellars.com> <849AEC05-87E3-48A7-B5C6-E6B6C8DC98D5@tzi.org>
In-Reply-To: <849AEC05-87E3-48A7-B5C6-E6B6C8DC98D5@tzi.org>
Date: Thu, 01 Jun 2017 10:45:26 -0700
Message-ID: <015501d2dafe$dc53e640$94fbb2c0$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQDNpaiTKhTjOCugYu4GMFgItWlKOAHYofZfATwV17wCXqj8+gECJzwEAn/HMtyj0wN+sA==
X-Originating-IP: [24.21.96.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/_5w0VO3ATShVVQodMdOedolSMis>
Subject: Re: [core] DTLS and Epochs
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jun 2017 17:46:00 -0000


-----Original Message-----
From: Carsten Bormann [mailto:cabo@tzi.org] 
Sent: Thursday, June 1, 2017 9:36 AM
To: Jim Schaad <ietf@augustcellars.com>
Cc: weigengyu <weigengyu@bupt.edu.cn>; Klaus Hartke <hartke@tzi.org>; core@ietf.org
Subject: Re: [core] DTLS and Epochs

On Jun 1, 2017, at 18:10, Jim Schaad <ietf@augustcellars.com> wrote:
> 
> Please note - I did not say that the epoch was not changed, I said that it does not tell me that the epoch has changed.  From a strictly security point of view there is no reason to do so if, for example, the epoch changed just because the key was rolled over.

Right, and the question for me is:  How do we get from the overly restrictive spec in 7252 to something that is still secure and can be supported by TLS libraries that are out there.

[JLS] I believe that the only way is to do an update to 7252.  I originally thought that I would file an errata, but I do not believe that is a correct use of the errata system.  It is used for things which are unclear or technically wrong.  This is not wrong, just misguided. It might be easiest to just do a delta RFC unless there is a good number of errata that need to be rolled into an updated document.

Jim


Grüße, Carsten

v2.37.1 | Report a Bug | By Email | System Status