IETF Logo Mail Archive

Re: [TLS] Resumption ticket/PSK

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 19 May 2016 20:01 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E255B12D6D3 for <tls@ietfa.amsl.com>; Thu, 19 May 2016 13:01:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fAIUm8RjW1Dd for <tls@ietfa.amsl.com>; Thu, 19 May 2016 13:01:25 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CD7212D66C for <tls@ietf.org>; Thu, 19 May 2016 13:01:25 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 69037284F26; Thu, 19 May 2016 20:01:24 +0000 (UTC)
Date: Thu, 19 May 2016 20:01:24 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20160519200124.GG3300@mournblade.imrryr.org>
References: <CAJU8_nVhM+xOnt8D8UJ8qvWUFts3s5n3gOQvJZYs=XWymfVOVQ@mail.gmail.com> <CABcZeBM8R8LC0wQfxp63BzfjRvLh4sYh4HdT5KZ8LXe2uE3GgQ@mail.gmail.com> <20160519190508.GE3300@mournblade.imrryr.org> <CAJU8_nW5jqO3DSvZZNpNQThnCb3P4bCBjE47uhjPRPB1ix6_mg@mail.gmail.com> <20160519191930.GF3300@mournblade.imrryr.org> <CAJU8_nXkSLxWJ3NdoXrqAgg3vD_mxRmGET82Di==wy9tSAewbA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAJU8_nXkSLxWJ3NdoXrqAgg3vD_mxRmGET82Di==wy9tSAewbA@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/0iLwnM3pjRgRtI9CQNBX49YxOFU>
Subject: Re: [TLS] Resumption ticket/PSK
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 20:01:27 -0000

On Thu, May 19, 2016 at 03:45:26PM -0400, Kyle Rose wrote:

> > This is only relevant to a particular type of client, and should
> > not be default protocol behaviour.
> 
> I suspect the root of arguments for/against this proposal are
> philosophical more than technical. I disagree with your contention
> above that client-behavior-only is sufficient, because my definition
> of "sufficient" includes something about resource usage on the server
> in pursuit of the privacy desires of the client, which you implicitly
> admit to below:

Well, if a client is not behind a carrier-grade NAT, it is readily
identified by its network address until it obtains a new one.  So
the tracking identifier is at layer 3 and TLS won't change that.

Nevertheless, some clients may want to attempt to gain fine-grained
protection against correlating back to back or parallel resumption
requests.  For this they'd have to ensure that all session tickets
are single use, and either perform new handshakes when increasing
the number of parallel connections to the server, or somehow obtain
more than one ticket within a single session.

The proposal is rather complex, and often still not effective.
For this reason, I'm suggesting that the complexity should not be
specified as a default behaviour.  There's a lot clients can do
unilaterally, and a new extension can be designed to close any gaps
for clients with "greater needs".

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email