[kitten] Fwd: Last Call: <draft-ietf-tls-session-hash-04.txt> (Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension) to Proposed Standard
Benjamin Kaduk <kaduk@MIT.EDU> Mon, 30 March 2015 23:11 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9F551A8890 for <kitten@ietfa.amsl.com>; Mon, 30 Mar 2015 16:11:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j4z1eWtU4qni for <kitten@ietfa.amsl.com>; Mon, 30 Mar 2015 16:11:05 -0700 (PDT)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) by ietfa.amsl.com (Postfix) with ESMTP id A50F81A886A for <kitten@ietf.org>; Mon, 30 Mar 2015 16:11:05 -0700 (PDT)
X-AuditID: 12074422-f79cb6d000000d7b-2f-5519d808516d
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id C8.39.03451.908D9155; Mon, 30 Mar 2015 19:11:05 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id t2UNB4H3009522 for <kitten@ietf.org>; Mon, 30 Mar 2015 19:11:04 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t2UNB2H3016852 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <kitten@ietf.org>; Mon, 30 Mar 2015 19:11:04 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t2UNB22l015807; Mon, 30 Mar 2015 19:11:02 -0400 (EDT)
Date: Mon, 30 Mar 2015 19:11:01 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: kitten@ietf.org
Message-ID: <alpine.GSO.1.10.1503301910010.22210@multics.mit.edu>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrIIsWRmVeSWpSXmKPExsUixG6nrst5QzLU4OoEdoujm1exODB6LFny kymAMYrLJiU1J7MstUjfLoErY+f2w+wF7UIVMyb/ZWxgvMTXxcjJISFgIvGuZxILhC0mceHe erYuRi4OIYHFTBKvPu5ghHCOM0ocnnsHKnODSeJ2w3QmCKeBUaJvSR8TSD+LgLbE7Dvb2EBs NgEViZlvNoLZIgLCEru3vmMGaRAWWMkocaCxlRUkwSvgKPGk4Qg7iC0qoCOxev8UFoi4oMTJ mU/AbGYBLYnl07exTGDkm4UkNQtJagEj0ypG2ZTcKt3cxMyc4tRk3eLkxLy81CJdU73czBK9 1JTSTYzgkHJR2sH486DSIUYBDkYlHl6HeolQIdbEsuLK3EOMkhxMSqK89w9IhgrxJeWnVGYk FmfEF5XmpBYfYpTgYFYS4fXcCpTjTUmsrEotyodJSXOwKInzbvrBFyIkkJ5YkpqdmlqQWgST leHgUJLgXXQNqFGwKDU9tSItM6cEIc3EwQkynAdoeCZIDW9xQWJucWY6RP4Uo6KUOG80SEIA JJFRmgfXC4v5V4ziQK8I8yqDVPEA0wVc9yugwUxAg0+vEgcZXJKIkJJqYJw1J6Z7X+ED+Zmd yn9tojVvfd+8L9WiwKMqccfWWd07ps+/4jbDvO7093aDf5Eid2wzLnB8XKYmMHnS9LRXITxv BJi3mivP5bI8eyT3Q79w/M+4FLnDsTNKj7TyHCrL/LFBZnb2zq6LBQ8V65umrWOo19gl8VZh vuKiBD7G/QJZ3wpLM+RK7imxFGckGmoxFxUnAgBTdDjt1AIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/vL3C2h2zII8_46zl8Zcg1mpq_FQ>
Subject: [kitten] Fwd: Last Call: <draft-ietf-tls-session-hash-04.txt> (Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension) to Proposed Standard
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Mar 2015 23:11:08 -0000
I believe this document is the TLS session hash we had discussed with regards to the GSS-API channel bindings. -Ben ---------- Forwarded message ---------- Date: Mon, 30 Mar 2015 10:58:58 -0400 From: The IESG <iesg-secretary@ietf.org> Reply-To: ietf@ietf.org To: IETF-Announce <ietf-announce@ietf.org> Cc: tls@ietf.org Subject: Last Call: <draft-ietf-tls-session-hash-04.txt> (Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension) to Proposed Standard The IESG has received a request from the Transport Layer Security WG (tls) to consider the following document: - 'Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension' <draft-ietf-tls-session-hash-04.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-04-13. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Transport Layer Security (TLS) master secret is not cryptographically bound to important session parameters such as the server certificate. Consequently, it is possible for an active attacker to set up two sessions, one with a client and another with a server, such that the master secrets on the two sessions are the same. Thereafter, any mechanism that relies on the master secret for authentication, including session resumption, becomes vulnerable to a man-in-the-middle attack, where the attacker can simply forward messages back and forth between the client and server. This specification defines a TLS extension that contextually binds the master secret to a log of the full handshake that computes it, thus preventing such attacks. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-tls-session-hash/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-tls-session-hash/ballot/ No IPR declarations have been submitted directly on this I-D. ID-NITs says this uses "NOT RECOMMENDED" but that that's not called out as a term. We'll fix that.
- [kitten] Fwd: Last Call: <draft-ietf-tls-session-… Benjamin Kaduk