Re: [TLS] analysis of wider impact of TLS1.3 replayabe data

Yoav Nir <ynir.ietf@gmail.com> Sun, 13 March 2016 14:51 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C4BE12D522 for <tls@ietfa.amsl.com>; Sun, 13 Mar 2016 07:51:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vCtp6w1932gL for <tls@ietfa.amsl.com>; Sun, 13 Mar 2016 07:51:58 -0700 (PDT)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8341512D62A for <tls@ietf.org>; Sun, 13 Mar 2016 07:51:57 -0700 (PDT)
Received: by mail-wm0-x230.google.com with SMTP id l68so75858764wml.0 for <tls@ietf.org>; Sun, 13 Mar 2016 07:51:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=EM4my+z9ShiG9vITIH545SH5WNy4bnlxi+mEYxzP6QU=; b=Ml2TPToL5igunrS+9PY+5ZAZFfbTTSMVV/yynCkJHsioKT5bq+Ml0GIgkwPobqXAgc NpTm//UBsdMD7MWNCvcHbgw7bvjX/zw6r0yJrnaitebG93dcLSWiETpVTyM6/WHQC4c6 mKb8FDkNWGrDJAwb5fH32eJVA13VcnYFCDuEw63JGSaznOIclOsGqulCnx/+gqRKhiCc GoAc6zRicSTcQvXiNZHdSZxnIdQAkZWq1pXvARlLyHceQPWWB/PgY3OZXH8nVi/jd1WB Z6dYRO37BuMpW04uZq3LU0fMv29qDR41QU3mHqnB5EH3OR5n7SiOXSAYWwmYua+ZOyqp xA6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=EM4my+z9ShiG9vITIH545SH5WNy4bnlxi+mEYxzP6QU=; b=kLnAmK712ouBAFtSF3XZH2WHdLEAHZ9oZ/709fjGe9sK7Woes3u5ROvykRNe3wamL7 tDaHCdC122GH+LxdpOOQFD/V6DRmfSs9/jAjGnZfA5HG27PFs0ZZ0gtLPy/6UotqXpRR 2hKm0v7dZeU6vrnakVcWqkWD1FAtk1JBeP32SSbjHKykPehIqxvMtSF0poxew17qywVx wTjFMQFl5xdl1T1CZOZb3wKVyjTK+A4/L8n2Nrec3pXtJ1BmVQtoQhGHXmPTyHjxlGB9 WWMdnmkWwI3CDuxtkhi5AtdlSF6/BIC6dwu3kYZVXwL54V969NQrqoNiCeUprj51zkGf 0j4w==
X-Gm-Message-State: AD7BkJJJzv1nZ+6uEwfY8e0IG8ZKjN/jRiNZocRZn3kIXuu/mtuaYiNwZgQBgI2wcFoNrA==
X-Received: by 10.194.115.196 with SMTP id jq4mr19517964wjb.101.1457880716046; Sun, 13 Mar 2016 07:51:56 -0700 (PDT)
Received: from [192.168.137.65] ([109.253.145.158]) by smtp.gmail.com with ESMTPSA id t7sm18004318wjf.39.2016.03.13.07.51.53 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 13 Mar 2016 07:51:55 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <161d625768e74a519b5d820c674d00d9@usma1ex-dag1mb1.msg.corp.akamai.com>
Date: Sun, 13 Mar 2016 16:51:49 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <833DCAA1-5730-4EDD-AC17-1FEFD580B922@gmail.com>
References: <56E54B85.4050204@cs.tcd.ie> <CABcZeBNTEB4FxSN=rCZBE02UMn1kDRh83Qob5K2Yf9JTdCQP9A@mail.gmail.com> <56E5706C.4020804@cs.tcd.ie> <CABcZeBMmWG-+eN8W_0TqgtM53x8ZhK-=5TfqFpbJDx9dZGGUmw@mail.gmail.com> <56E57C0B.50802@cs.tcd.ie> <161d625768e74a519b5d820c674d00d9@usma1ex-dag1mb1.msg.corp.akamai.com>
To: Rich Salz <rsalz@akamai.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/-bCptuh_6eLiB3pb82yTjUSavKA>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] analysis of wider impact of TLS1.3 replayabe data
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Mar 2016 14:51:59 -0000

> On 13 Mar 2016, at 4:45 PM, Salz, Rich <rsalz@akamai.com>; wrote:
> 
>> I also think it is prudent to assume that implementers will turn on replayable
>> data even if nobody has figured out the consequences.
> 
> I very much agree.  Customers, particularly those in the mobile field, will look at this and say "I can avoid an extra RTT?  *TURN IT ON*" without fully understanding, or perhaps even really caring about, the security implications. 

Perhaps, and I think IoT devices are likely to do so as well.

Is OpenSSL going to implement this? Are all the browsers?

(only the first one is directed specifically at you, Rich…)

Yoav