Re: [TLS] Connection ID Draft
Eric Rescorla <ekr@rtfm.com> Sat, 14 October 2017 20:40 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C99A513300C for <tls@ietfa.amsl.com>; Sat, 14 Oct 2017 13:40:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.091
X-Spam-Level:
X-Spam-Status: No, score=0.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3iyb1DaOBzxv for <tls@ietfa.amsl.com>; Sat, 14 Oct 2017 13:40:53 -0700 (PDT)
Received: from mail-qt0-x231.google.com (mail-qt0-x231.google.com [IPv6:2607:f8b0:400d:c0d::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFEB813209C for <tls@ietf.org>; Sat, 14 Oct 2017 13:40:53 -0700 (PDT)
Received: by mail-qt0-x231.google.com with SMTP id n61so25246074qte.10 for <tls@ietf.org>; Sat, 14 Oct 2017 13:40:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=YomW38q5Cx0ThguPgHyEv6GAk/+AfXOjUcedrrvSbzM=; b=MI8LmWyyOCloYD7CKoBGcZUpWFTVkshqTWsyeLDgleAArxxoETV9kk44iPR5O2W/2v 92CHiCzNSTJBTGs1mDyTytFLql74mimjIilqq7WgxuFdO1LMgffiit4LdIogOHoH4Bmn gRAPrYyQfhxjHL9NW0FNmnCeY++UCtaZrn+vDjZyAycJ3i5kBvX4Jk7uOLhTQidqtbbN Vr8J9U/BXXXWVHfw1gH482xrsdIctO8lTBsNXhCf1FXq52wo/XFvySw9/iZ7//ejuX3N WT8VFOAQv+YaJku0V9M1DRgyPcOf7C1gQ8IYcTgzkvwGRO7qPqXE2V0a05eVOVCX/OlA vGwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=YomW38q5Cx0ThguPgHyEv6GAk/+AfXOjUcedrrvSbzM=; b=kEWEIS7Xm1Yi5wXdiiQ+TDCAaqsf30FJCeqvhAb9c8NvIUuqaKGVe6gCmBHHfFPwQp wo7nqp3c/OOjGQcKA+zKGycjtgH/3hAu5oIAcpOOgdpBvA6EMpQm042laqjPaS4FFu89 yQZ4GCepOMjSDTxegQghKNkQSyNkQ9DVzjp1mWyDIEVlo1HTro7jRJhok38GCfrmHg0Z 2XOCXb4rH7BMAui/yjil53E9m+RX7PkpdNHbAU316/6+XmJ5fXVlgqdn1KHlj6uSUU0D c9YEwIWRVakF54DARsh4OLE0/dhpSlFn0nOweXjlFXuC8dV2bftzq1P9QfflrA+BPIwo +pkw==
X-Gm-Message-State: AMCzsaXJxLqsg6yu9WyYeT/2rwML2DSOGbGfaJJCv9oBFE+2BqV5UgWq 9+A3N10xpbiTY7qyK8nr8syaDsEhInveCmpVJFrXaA==
X-Google-Smtp-Source: AOwi7QBkzVfKSO0L3DDnU5Ef6SAc8xgqTm5Q1jGQY8TPnVZuHu3BHYIELjton1G/8K4uYh+B7O9Ezk5oWAQqJg93L74=
X-Received: by 10.129.108.3 with SMTP id h3mr3398250ywc.327.1508013652715; Sat, 14 Oct 2017 13:40:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.75.194 with HTTP; Sat, 14 Oct 2017 13:40:12 -0700 (PDT)
In-Reply-To: <6622cfac-e989-f3c6-8832-12799efe28f1@akamai.com>
References: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com> <6622cfac-e989-f3c6-8832-12799efe28f1@akamai.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 14 Oct 2017 13:40:12 -0700
Message-ID: <CABcZeBNU-inGM-3U0rF=k-DRYGyBKZ735x5eD3AEGm_oj7oCJg@mail.gmail.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a114d9a28163f2b055b87ca3d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0mIGvCn15qxChmabpcEan8tiO1A>
Subject: Re: [TLS] Connection ID Draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Oct 2017 20:40:56 -0000
On Sat, Oct 14, 2017 at 9:54 AM, Benjamin Kaduk <bkaduk@akamai.com> wrote: > On 10/12/2017 06:13 PM, Eric Rescorla wrote: > > Hi folks, > > I have just posted a first cut at a connection ID draft. > https://tools.ietf.org/html/draft-rescorla-tls-dtls-connection-id-00 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Drescorla-2Dtls-2Ddtls-2Dconnection-2Did-2D00&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=CDf7zAKso3W-qOi8wQqK6uWaBGWhWCn6w5Q5gFHEjUY&s=1hkGM7Hn4fhvL0vEqnLxYGyRwan9tjm4IICGPgXS4eo&e=> > > Comments welcome. > > > I see it already got some good comments, so I'll try to stick to just new > ones. > > Since a participant that wants to make use of DTLS CIDs might expect to > talk to many peers, some of which do and some of which do not support the > CID extension, it seems like the participant might want to always use the > same cid_length for all its peers that support CIDs, to ease the parsing > decision and CID lookup process, and we could mention this expectation. Or > am I missing some reason why the CID would be easy to pick out of the > ciphertext otherwise? > No, I think that's a good suggestion. PR Welcome :) In the security/privacy considerations: > > An on-path adversary, who is able to observe the DTLS 1.2 protocol > exchanges between the DTLS client and the DTLS server, is able to > link the initial handshake to all subsequent payloads carrying the > same connection id pair (for bi-directional communication). > > My first time reading this I thought that the text was only claiming that linkability was possible if the initial handshake was observed, which is not really needed. It might be better to avoid mentioning the handshake at all and just say that the attacker is able to link all observed payloads carrying the same connection id pair as being exchanges between the same client and server. > > Yeah, that seems like a good point. -Ekr > -Ben > >
- [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Nikos Mavrogiannopoulos
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Hannes Tschofenig
- Re: [TLS] Connection ID Draft Eric Rescorla
- [TLS] 答复: Connection ID Draft yinxinxing
- [TLS] 答复: Connection ID Draft yinxinxing
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- [TLS] 答复: Connection ID Draft yinxinxing
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- [TLS] 答复: 答复: Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Benjamin Kaduk
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Christian Huitema
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Nikos Mavrogiannopoulos
- Re: [TLS] Connection ID Draft Simon Bernard
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Benjamin Kaduk
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Simon Bernard