Return-Path: <prvs=5985084f24=subodh@fb.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 51C7912B049
 for <tls@ietfa.amsl.com>; Sat, 25 Jun 2016 22:34:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level: 
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01,
 RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001]
 autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
 header.d=fb.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id q58BYolBGkFm for <tls@ietfa.amsl.com>;
 Sat, 25 Jun 2016 22:34:07 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com
 [67.231.145.42])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 8A8C912B041
 for <tls@ietf.org>; Sat, 25 Jun 2016 22:34:07 -0700 (PDT)
Received: from pps.filterd (m0044010.ppops.net [127.0.0.1])
 by mx0a-00082601.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id
 u5Q5WI5Z003840; Sat, 25 Jun 2016 22:34:06 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com;
 h=from : to : cc : subject :
 date : message-id : references : in-reply-to : content-type :
 content-transfer-encoding : mime-version; s=facebook;
 bh=nBKJTJBI4iK9bss54shnkeVw2gWrN+/+e8Xo/Iz1AUQ=;
 b=DaQA5sIatv8ZtqnddHoOcugZ9ZyIrjahC4ej1AxPs2qdFB6ShCSg6gTqFjttSBWay76G
 527leecIQsQPxso1mqhtnoa8oyurauU0sJRE8SZQcaLoX438vn9kyVSclZY5F9soVT3H
 E7Osd1CfrZgFA5ulfvRLQCi48eRsr53t81k= 
Received: from mail.thefacebook.com ([199.201.64.23])
 by mx0a-00082601.pphosted.com with ESMTP id 23sn93k5nh-1
 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT);
 Sat, 25 Jun 2016 22:34:06 -0700
Received: from PRN-MBX01-4.TheFacebook.com ([169.254.3.129]) by
 PRN-CHUB09.TheFacebook.com ([fe80::b128:36fa:e69b:a338%12]) with mapi id
 14.03.0294.000; Sat, 25 Jun 2016 22:34:05 -0700
From: Subodh Iyengar <subodh@fb.com>
To: Martin Thomson <martin.thomson@gmail.com>, David Benjamin
 <davidben@chromium.org>
Thread-Topic: [TLS] Remove EncryptedExtensions from 0-RTT
Thread-Index: AQHRzQCOMM43sQV4bE6+w7g/8bWsfp/3UVcAgABEEACAAAdqAIAAYskAgAM9t8I=
Date: Sun, 26 Jun 2016 05:34:04 +0000
Message-ID: <974CF78E8475CD4CA398B1FCA21C8E995655BEB2@PRN-MBX01-4.TheFacebook.com>
References: <CABkgnnVFg2iCc8eWX40+25ATE=dAw3WmndReO0ky2j1K_soLPQ@mail.gmail.com>
 <20160623103546.GA5287@LK-Perkele-V2.elisa-laajakaista.fi>
 <CAF8qwaB6EiP-O3s+pCw9wGHvAH1iFZRQ_GbNJOXwiO2LW4iCvg@mail.gmail.com>
 <CAF8qwaA-XVz-t8G5mos4mm9LfrVjEbh1TKy8n3uKi416t7e_MA@mail.gmail.com>,
 <CABkgnnWEg31RrD+9-NJAg_R4oC9oPz4wWKFoxvhNJEi=9_o-Og@mail.gmail.com>
In-Reply-To: <CABkgnnWEg31RrD+9-NJAg_R4oC9oPz4wWKFoxvhNJEi=9_o-Og@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [192.168.52.123]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
 definitions=2016-06-26_03:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0_ecf2T6V4L1gJ-QFBRpHqEBraM>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Remove EncryptedExtensions from 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
 <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
 <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jun 2016 05:34:09 -0000

Was there a compelling reason to not just put the ticket age in the clear i=
n the CHLO field as @davidben alluded to before. It seems to make it much s=
impler in general.=0A=
=0A=
With support for multiple tickets the server could issue multiple tickets a=
t different times to make time correlation more difficult. The ticket seems=
 to be a more definitive identifier of the user than the time.=0A=
=0A=
Subodh=0A=
________________________________________=0A=
From: TLS [tls-bounces@ietf.org] on behalf of Martin Thomson [martin.thomso=
n@gmail.com]=0A=
Sent: Thursday, June 23, 2016 1:59 PM=0A=
To: David Benjamin=0A=
Cc: tls@ietf.org=0A=
Subject: Re: [TLS] Remove EncryptedExtensions from 0-RTT=0A=
=0A=
On 24 June 2016 at 01:05, David Benjamin <davidben@chromium.org> wrote:=0A=
> I don't think this matters. Just don't reuse tickets. But, if we cared, p=
er=0A=
> the "dumbest possible thing that might work" school of thought, we can=0A=
> replace XOR with addition modulo 2^32. Now ticket reuse leaks the delta=
=0A=
> between two ClientHellos, which, precision aside, was already public=0A=
> information from the receive time (with ticket as correlator). The timest=
amp=0A=
> of the ticket-minting connection is as secret as before.=0A=
=0A=
That sounds like fine reasoning to me.  XOR or addition are both easy=0A=
enough to specify.=0A=
=0A=
_______________________________________________=0A=
TLS mailing list=0A=
TLS@ietf.org=0A=
https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.ietf.org_mailman=
_listinfo_tls&d=3DCwICAg&c=3D5VD0RTtNlTh3ycd41b3MUw&r=3Dh3Ju9EBS7mHtwg-wAyN=
7fQ&m=3Dryrz7HkNEVNbEb9yKsanQ1ZrOyiVdYuv8BDMJOF55s0&s=3DftTVBbImgxjUem3AV87=
OqX3q_RKQKE1SJ7SGePOhWyc&e=3D=0A=