IETF Logo Mail Archive

Re: [TLS] Remove EncryptedExtensions from 0-RTT

Subodh Iyengar <subodh@fb.com> Sun, 26 June 2016 05:34 UTC

Return-Path: <prvs=5985084f24=subodh@fb.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51C7912B049 for <tls@ietfa.amsl.com>; Sat, 25 Jun 2016 22:34:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q58BYolBGkFm for <tls@ietfa.amsl.com>; Sat, 25 Jun 2016 22:34:07 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A8C912B041 for <tls@ietf.org>; Sat, 25 Jun 2016 22:34:07 -0700 (PDT)
Received: from pps.filterd (m0044010.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u5Q5WI5Z003840; Sat, 25 Jun 2016 22:34:06 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=facebook; bh=nBKJTJBI4iK9bss54shnkeVw2gWrN+/+e8Xo/Iz1AUQ=; b=DaQA5sIatv8ZtqnddHoOcugZ9ZyIrjahC4ej1AxPs2qdFB6ShCSg6gTqFjttSBWay76G 527leecIQsQPxso1mqhtnoa8oyurauU0sJRE8SZQcaLoX438vn9kyVSclZY5F9soVT3H E7Osd1CfrZgFA5ulfvRLQCi48eRsr53t81k=
Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 23sn93k5nh-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 25 Jun 2016 22:34:06 -0700
Received: from PRN-MBX01-4.TheFacebook.com ([169.254.3.129]) by PRN-CHUB09.TheFacebook.com ([fe80::b128:36fa:e69b:a338%12]) with mapi id 14.03.0294.000; Sat, 25 Jun 2016 22:34:05 -0700
From: Subodh Iyengar <subodh@fb.com>
To: Martin Thomson <martin.thomson@gmail.com>, David Benjamin <davidben@chromium.org>
Thread-Topic: [TLS] Remove EncryptedExtensions from 0-RTT
Thread-Index: AQHRzQCOMM43sQV4bE6+w7g/8bWsfp/3UVcAgABEEACAAAdqAIAAYskAgAM9t8I=
Date: Sun, 26 Jun 2016 05:34:04 +0000
Message-ID: <974CF78E8475CD4CA398B1FCA21C8E995655BEB2@PRN-MBX01-4.TheFacebook.com>
References: <CABkgnnVFg2iCc8eWX40+25ATE=dAw3WmndReO0ky2j1K_soLPQ@mail.gmail.com> <20160623103546.GA5287@LK-Perkele-V2.elisa-laajakaista.fi> <CAF8qwaB6EiP-O3s+pCw9wGHvAH1iFZRQ_GbNJOXwiO2LW4iCvg@mail.gmail.com> <CAF8qwaA-XVz-t8G5mos4mm9LfrVjEbh1TKy8n3uKi416t7e_MA@mail.gmail.com>, <CABkgnnWEg31RrD+9-NJAg_R4oC9oPz4wWKFoxvhNJEi=9_o-Og@mail.gmail.com>
In-Reply-To: <CABkgnnWEg31RrD+9-NJAg_R4oC9oPz4wWKFoxvhNJEi=9_o-Og@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.52.123]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-06-26_03:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0_ecf2T6V4L1gJ-QFBRpHqEBraM>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Remove EncryptedExtensions from 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jun 2016 05:34:09 -0000

Was there a compelling reason to not just put the ticket age in the clear in the CHLO field as @davidben alluded to before. It seems to make it much simpler in general.

With support for multiple tickets the server could issue multiple tickets at different times to make time correlation more difficult. The ticket seems to be a more definitive identifier of the user than the time.

Subodh
________________________________________
From: TLS [tls-bounces@ietf.org] on behalf of Martin Thomson [martin.thomson@gmail.com]
Sent: Thursday, June 23, 2016 1:59 PM
To: David Benjamin
Cc: tls@ietf.org
Subject: Re: [TLS] Remove EncryptedExtensions from 0-RTT

On 24 June 2016 at 01:05, David Benjamin <davidben@chromium.org> wrote:
> I don't think this matters. Just don't reuse tickets. But, if we cared, per
> the "dumbest possible thing that might work" school of thought, we can
> replace XOR with addition modulo 2^32. Now ticket reuse leaks the delta
> between two ClientHellos, which, precision aside, was already public
> information from the receive time (with ticket as correlator). The timestamp
> of the ticket-minting connection is as secret as before.

That sounds like fine reasoning to me.  XOR or addition are both easy
enough to specify.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=CwICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=h3Ju9EBS7mHtwg-wAyN7fQ&m=ryrz7HkNEVNbEb9yKsanQ1ZrOyiVdYuv8BDMJOF55s0&s=ftTVBbImgxjUem3AV87OqX3q_RKQKE1SJ7SGePOhWyc&e=

v2.23.0 | Report a Bug | By Email