Re: [Dtls-iot] TLS False Start ... Re: WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
Hannes Tschofenig <hannes.tschofenig@gmx.net> Sat, 29 November 2014 09:09 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 096DF1A01F6 for <dtls-iot@ietfa.amsl.com>; Sat, 29 Nov 2014 01:09:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4aXvxc9Z6CNE for <dtls-iot@ietfa.amsl.com>; Sat, 29 Nov 2014 01:08:59 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A4CF1A01F2 for <dtls-iot@ietf.org>; Sat, 29 Nov 2014 01:08:59 -0800 (PST)
Received: from [192.168.131.133] ([80.92.115.84]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0MMCFR-1XosCS01jp-0085Gb; Sat, 29 Nov 2014 10:08:49 +0100
Message-ID: <54798D1F.9070705@gmx.net>
Date: Sat, 29 Nov 2014 10:08:47 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
References: <6F73BAEE-5FA3-4BCA-9A28-B98E1093CB95@gmail.com> <FBB16F17-4DC5-47F1-A9DD-34A3DBCD980E@isode.com> <5478657E.4030106@gmx.net> <5478CA79.6010102@gmx.net> <1417207091.9790.1.camel@gnutls.org>
In-Reply-To: <1417207091.9790.1.camel@gnutls.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="5TQcSkScML1cxFj9TAvJ9fufdGaWXk506"
X-Provags-ID: V03:K0:xvaOko6sntdaPj0uR8+DHDY4fXC+3j8kOIKKETYUoK3L7YRmKkg l73srZjp2IyNbt9dqWhm7VlVa8tFQoObYAYj9sbBwQWz79YOrewhvJBSFcFXbvSAl1d1scI 9U5eC/ffNGopUwk73+xcblYsoIW8ssPLI+lPyT1Du/kJaz16prgangD0wXAnshY38i+MoZ/ HttgxtU3oON9YSC8qFASw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/dtls-iot/X4m44hEtZxQkx4GCBqpYuWf0sdc
Cc: Dorothy Gellert <dorothy.gellert@gmail.com>, Alexey Melnikov <alexey.melnikov@isode.com>, "dtls-iot@ietf.org" <dtls-iot@ietf.org>, Zach Shelby <Zach.Shelby@arm.com>
Subject: Re: [Dtls-iot] TLS False Start ... Re: WGLC for DTLS Profile draft: 11/11/2014 - 11/25/2014
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Nov 2014 09:09:01 -0000
Hi Nikos, when I attend the TLS interim meeting in Paris I got a different perception about the status of the TLS False Start work. First, I was told that TLS False Start is widely deployed. Second, the TLS chairs asked Bodo to resubmit his document and to push it through the standardization process. Here is a recent mail to the TLS mailing list on that topic: http://www.ietf.org/mail-archive/web/tls/current/msg14530.html Here is the recently submitted draft: http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-01 Finally, the text I propose for the DTLS profile draft recommends its usage but does not mandate the implementation nor the deployment. I did, however, had questions when reading through the draft in terms of applicability for the IoT context, which I raised on the TLS mailing list yesterday: http://www.ietf.org/mail-archive/web/tls/current/msg14787.html Ciao Hannes On 11/28/2014 09:38 PM, Nikos Mavrogiannopoulos wrote: > On Fri, 2014-11-28 at 20:18 +0100, Hannes Tschofenig wrote: >> Hi Alexey, >> >> On 11/28/2014 01:07 PM, Hannes Tschofenig wrote: >>>> In 5.1: is use of something like False Start common in IoT environment? >>>>> As it reduces number of round trips, it might be advantageous and you >>>>> should consider mentioning it. >>> Good question. I added it to the issue tracker: >>> https://tools.ietf.org/wg/dice/trac/ticket/20 >> I believe TLS False Start would be a good fit. I added a section about >> it into the draft. Here is the text: >> Based on the improvement over a full roundtrip for the full TLS/DTLS >> exchange this specification RECOMMENDS the use of the TLS False Start >> mechanism when clients send application data first. > > TLS false start is only described in an expired draft since 2010. Apart > from taking the TLS security guarantees to its limits (attacks that may > require significant online effort on TLS can be converted to off-line > attacks with false start), and having very little review from crypto > community, there is no guarantee that an IETF false start (or even an > informational RFC of the same document) would be compatible with it. So > at least a more stable reference should available before recommending it > in a standard's track document. > > regards, > Nikos > > > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot >
- [Dtls-iot] WGLC for DTLS Profile draft: 11/11/201… Dorothy Gellert
- [Dtls-iot] Revised: WGLC for DTLS Profile draft: … Dorothy Gellert
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Russ Housley
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Zach Shelby
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Carsten Bormann
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Carsten Bormann
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Russ Housley
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Stephen Farrell
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Kumar, Sandeep
- [Dtls-iot] Retransmission timeout and PSK identit… Rene Hummen
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Robert Cragie
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… John Mattsson
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Kovatsch Matthias
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Alexey Melnikov
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Rahman, Akbar
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Zach Shelby
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Zach Shelby
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Stephen Farrell
- Re: [Dtls-iot] Retransmission timeout and PSK ide… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Zach Shelby
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Stephen Farrell
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] Retransmission timeout and PSK ide… Kumar, Sandeep
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Kumar, Sandeep
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Rene Struik
- Re: [Dtls-iot] Retransmission timeout and PSK ide… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Rene Struik
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Michael Richardson
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Michael Richardson
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Ludwig Seitz
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Kovatsch Matthias
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] Retransmission timeout and PSK ide… Hannes Tschofenig
- [Dtls-iot] TLS False Start ... Re: WGLC for DTLS … Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] TLS False Start ... Re: WGLC for D… Nikos Mavrogiannopoulos
- Re: [Dtls-iot] TLS False Start ... Re: WGLC for D… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Kumar, Sandeep
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… Hannes Tschofenig
- Re: [Dtls-iot] WGLC for DTLS Profile draft: 11/11… FOSSATI, Thomas (Thomas)
- [Dtls-iot] Downgrade-SCSV ... was Re: WGLC for DT… Hannes Tschofenig
- Re: [Dtls-iot] Downgrade-SCSV ... was Re: WGLC fo… Carsten Bormann
- Re: [Dtls-iot] Downgrade-SCSV ... was Re: WGLC fo… Alexey Melnikov
- Re: [Dtls-iot] Downgrade-SCSV ... was Re: WGLC fo… Hannes Tschofenig