Re: [TLS] [xLS 1.3: cookie] - DTLS queries

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 21 April 2017 07:44 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D74681294F4 for <tls@ietfa.amsl.com>; Fri, 21 Apr 2017 00:44:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.9
X-Spam-Level:
X-Spam-Status: No, score=-4.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G8jtxGnWFinu for <tls@ietfa.amsl.com>; Fri, 21 Apr 2017 00:44:50 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E63B12947C for <tls@ietf.org>; Fri, 21 Apr 2017 00:44:49 -0700 (PDT)
Received: from [192.168.91.191] ([195.149.223.176]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0M1VlJ-1c87hQ0tSb-00tWmT; Fri, 21 Apr 2017 09:44:41 +0200
To: Benjamin Kaduk <bkaduk@akamai.com>, Mark Dunn <mark.dunn@objectiveintegration.uk>
References: <16998c3d-4de6-7c88-d8a3-6d6193326500@objectiveintegration.uk> <CABcZeBMcz8A=Q7E2d6iu2p-uajPoPFDDECBaFfXuQyZgSsEa4A@mail.gmail.com> <d8b589c7-2765-11e4-7514-14f5b16e7162@objectiveintegration.uk> <3ad253be-6298-6adc-ed08-4ce113763840@gmx.net> <652e33d7-cb5a-2ce1-f7cc-34c57128d660@akamai.com>
Cc: "tls@ietf.org" <tls@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <ccc40ab8-5d49-9427-c117-03a3b47c9038@gmx.net>
Date: Fri, 21 Apr 2017 09:44:38 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <652e33d7-cb5a-2ce1-f7cc-34c57128d660@akamai.com>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="M2aGBEHABU4i9ej7Nujol29iQrd2WCqup"
X-Provags-ID: V03:K0:RQlU2sFEeEsoXgfex9IC/Xom3cAT7XWPBnwbO8G/6Xl3E0SBXgW 6jFnMEin6CSWZIKfRrfhHFHkuk596gh5NbK4xpHzPyhgF3xFb2jWYMDP6jBP8w053OGUkYV 0q8Po4nhinbF0M8WgV8u6iLtlXFGJmWPdjx5+rOA6i69ll48u1vCEhn3b9cknEMe2PkC5Os yFmWf5SrRF/jkBRqEAfww==
X-UI-Out-Filterresults: notjunk:1;V01:K0:EvmC6QiNgBU=:Q6QugcOk4RV0v2RvZIy/el pm426QqPOzXB+9voiQq+lYutavEXI+e460jn0n6qzVCJSjh3dMwsM8n99zX9BA0Y24qw6+hz2 xIrgZNQphzOeMYuB5E+yFMAJ3sHIMVQ0QuTr87WJgqbAEBIFs0dH6U8nlZwp5v7liJzfdJONw Z7Fn0ef5Cliqft+VNkYZH53obRmYkGc9qeL0qVwfEo9MeQop0iCFvahHhJ8hj7bI2hwcaLlpa zXmxbHSamqMPSxaATeQxunu0cxKu6zW64rVBUz6XDFIYOI8jfQrl9FHltPv8crwyQTOGBa//M euaxgtRN/LrdatQNzUxIYxCBM5CytrTfFK1DQlCk7ktmsf//cuBwRRD5xp0ZPF2FGGVpEZDeR VJVbMkM/iTozStJ4D692iqic1aokpUBvxcCrichW8z8LdMMC34Gh8fDDSuhi8Ldf503OzQ0iw O/9ahsS16P3wMC1SGCr0cLO1MxYJp2a4X4alddSX05tqNzdf28647AFFDsQsDjFvFaAi78LZC VcYuvha8i1lSTpeOtDtXrJJ9cpW85fRRidj+pqypnqH2VmFDpb1A1clb6Qv11a8tF9h2RZlO3 f8hm3orSQRL3205+UtKpsS6J11a+IcKi+jygT1gHr3BpIi27T/2JmvPoRU9s65bws0TwXYogP NbIiqwPpg9Flho20HQwdZ3vqIIrYB9mRnDcP/vk2pjaw/S7Uoy0gwnVP4dMY/nC8gtaS1bpJE VekGW2g6ohYtnpRQnXPI0QZV0SFY9aII7eBkFZX0TXVFn/QWgc31Z0BUEXY=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-ff4Zvh26jFg5iwhcD1uUqdvi0o>
Subject: Re: [TLS] [xLS 1.3: cookie] - DTLS queries
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 07:44:52 -0000

Hi Ben,

thanks for your remark.
I don't think that this is an issue in DTLS since the epoch field
provides additional information to properly select the correct key.

Ciao
Hannes

On 04/20/2017 04:34 PM, Benjamin Kaduk wrote:
> On 04/20/2017 01:22 AM, Hannes Tschofenig wrote:
>>
>> On 04/19/2017 07:07 PM, Mark Dunn wrote:
>>>
>>> I understand an HRR cookie should cause an extra round trip, but in this
>>> case because of
>>>         "DTLS servers SHOULD perform a cookie exchange whenever a new
>>> handshake is being performed"
>>> And
>>>         "Early data is not permitted after HelloRetryRequest."
>>> This results in 2-RTT as the default case, is this what you intended?
>> This is a very good observation. I added an issue to the tracker about
>> this question:
>> https://github.com/tlswg/tls13-spec/issues/972
>>
>> It would be good to have a justification for this restriction and it
>> would be worthwhile to re-consider it in the DTLS specification since
>> the use of HRRs will be common with connection-less transport protocols.
> 
> Note that we currently document sending HRR as a way for a server to
> reject early data without having to do trial decryption to determine the
> end of early data (since the outer content-type is meaningful for the
> ClientHello2).  I expect there will be some situations where servers do
> not want to implement trial decryption, so removing this functionality
> without replacement seems ill-advised.
> 
> -Ben