Re: [TLS] Current TLS 1.3 state?
Sam Scott <sam.scott89@gmail.com> Wed, 05 April 2017 08:44 UTC
Return-Path: <sam.scott89@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09C31129420 for <tls@ietfa.amsl.com>; Wed, 5 Apr 2017 01:44:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RbwDbcsPKlSj for <tls@ietfa.amsl.com>; Wed, 5 Apr 2017 01:44:51 -0700 (PDT)
Received: from mail-wr0-x243.google.com (mail-wr0-x243.google.com [IPv6:2a00:1450:400c:c0c::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65FB7128CDC for <tls@ietf.org>; Wed, 5 Apr 2017 01:44:51 -0700 (PDT)
Received: by mail-wr0-x243.google.com with SMTP id w43so837752wrb.1 for <tls@ietf.org>; Wed, 05 Apr 2017 01:44:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:cc:from:message-id:date:mime-version :in-reply-to:content-transfer-encoding; bh=pHxPPWrLsGGqCbYCRwV5TDNFI/XSWyWP6flY0PCXPbI=; b=c4H5ooMz1cVKOCBn/hZQfh6zBy9aE7wBb29XxU6I54vlKjlgIZwMViz8sh1ORkuOXQ lptpL6nrIuyYdwZggls6ge+0aNXpywUbuP6HwpnPiEUTiXTU5LJMp5It1gBX31218HKx EdLgzWU/jAusqpZ/fUc0aJnmEzDFycKHFy8ZyyfQIVXiUqx4A9x2VWiwV3zsFX6Mx5yA xZdQrNm6G8FqmH7d52Hr4qd/Fk46204STtz2rY5B3SrLjYWRU5vG/C+QzAmXxTnOysRi ras+zJAe3fcq4jCGh01eQucrZyg6zau90nNQ7gvT1nto9Vl80OsvwJwD+hPllOi1R/KW bJvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :mime-version:in-reply-to:content-transfer-encoding; bh=pHxPPWrLsGGqCbYCRwV5TDNFI/XSWyWP6flY0PCXPbI=; b=JyZUORJ9JCANXu7KVaMKwezNZ8OcAYOkZIOUldb83udAwj/AWkWi6wxoftMLBc+hGt hhgLUyTSX2V7X1Y4bdsyK47mQKhHCJwxYFKTURZYY9p1Tp/RFNONO+puDFlX74/Cxm8e REIvODRyK8Lh0zl/U+t97H6w5KdT5+Y8fAQ94kynDcgEmZUWDPcprpMxqvX5/0NkRxW8 MtzrWkTfTBuQarbmx6qoSZvbse4J2t68xZYSwBeVVjaLQAASWt9Fy1oS8fxmLVKGbIGX I9xAWct74R7SZ3hbdkwhiL/HCcXz/zcXFtUuC4j3e1IlSbpzWrR5JFtqjb3rcHQbmClG JZLA==
X-Gm-Message-State: AFeK/H2pI0vRNvghmlwDucyyBBhO2X1Yi1gUYvAfe5Wz7T34XIr1SQvVOBF6s3oL/9UyuQ==
X-Received: by 10.223.135.13 with SMTP id a13mr24551669wra.87.1491381889910; Wed, 05 Apr 2017 01:44:49 -0700 (PDT)
Received: from ?IPv6:2a02:c7d:c81a:df00:7e7a:91ff:fe9e:8149? ([2a02:c7d:c81a:df00:7e7a:91ff:fe9e:8149]) by smtp.gmail.com with ESMTPSA id j32sm25209059wre.7.2017.04.05.01.44.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Apr 2017 01:44:49 -0700 (PDT)
To: tls@ietf.org
References: <CACsn0ck2LVSf0eMR4wuabmPxKO7WSPgrVg2+ROkSPDtOwBF8ww@mail.gmail.com> <CABcZeBPFMcoP3Dse5W3F48jWP4oFEsgU1cR2eSx8kvfvao5Amg@mail.gmail.com>
From: Sam Scott <sam.scott89@gmail.com>
Message-ID: <4d42ad93-4dd4-99af-f90b-0ab61021bcfb@gmail.com>
Date: Wed, 05 Apr 2017 09:44:47 +0100
MIME-Version: 1.0
In-Reply-To: <CABcZeBPFMcoP3Dse5W3F48jWP4oFEsgU1cR2eSx8kvfvao5Amg@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-LocEERHXzHHJ2flHQySQ40YnYU>
Subject: Re: [TLS] Current TLS 1.3 state?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Apr 2017 08:44:53 -0000
> I don't know what the state of the various modelling efforts is, > though I imagine > this will be a topic at TLS:DIV at the end of the month. We did > discuss the various > cryptographic changes in -20 (specifically the extra key derive stages > and the > handshake hash reification) with a number of cryptographers before > incorporating. > Perhaps some of the analytic groups on-list would care to comment? From our* point of view we're pretty happy with the current state of the spec. Our initial results confirm that TLS achieves the core security properties (secrecy and authentication). More specifically, we prove an absence of attacks against those properties in our model. We're currently waiting for the last version of the spec to be finalised so that we can make a more definitive statement and share our final results. Although we do not expect our analysis to be affected by the recent changes to the spec, we will still need to update our model and re-prove everything, which is quite time consuming. We will be talking at TLS:DIV so can share more then, including what is and isn't captured by our model. * Us being the Tamarin team: Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe.
- [TLS] Current TLS 1.3 state? Watson Ladd
- Re: [TLS] Current TLS 1.3 state? Eric Rescorla
- Re: [TLS] Current TLS 1.3 state? Sam Scott
- Re: [TLS] Current TLS 1.3 state? Karthikeyan Bhargavan
- Re: [TLS] Current TLS 1.3 state? Benjamin Kaduk
- Re: [TLS] Current TLS 1.3 state? Ilari Liusvaara
- Re: [TLS] Current TLS 1.3 state? Colm MacCárthaigh