Re: [TLS] WGLC for draft-ietf-tls-cross-sni-resumption

Carrick Bartle <cbartle891@icloud.com> Wed, 11 August 2021 20:59 UTC

Return-Path: <cbartle891@icloud.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74BFD3A24F4 for <tls@ietfa.amsl.com>; Wed, 11 Aug 2021 13:59:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.849
X-Spam-Level:
X-Spam-Status: No, score=-1.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bwqlor9Yrj3r for <tls@ietfa.amsl.com>; Wed, 11 Aug 2021 13:59:01 -0700 (PDT)
Received: from mr85p00im-zteg06011501.me.com (mr85p00im-zteg06011501.me.com [17.58.23.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D8C73A24E2 for <tls@ietf.org>; Wed, 11 Aug 2021 13:59:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1628715540; bh=24at6Anq2GBtO92aPhsgk6tbD052jC5/L/0NtkHRp/I=; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; b=VsBqi6SqSh9+OVwiLU31t/jqqYIiowQkKbeCE+iJXC4TEClbRxtRE3I/DAYU3dV89 JgUsL9urT0wsuhN4k4TJQLGsek3ofnE96b15fy846xTPs8csN9Js6dp08/wS7EGfQ7 8tPnYX6bk2GPYeWTKaB64vUH9sV23bSdbDgKTydSaEhPyc6fFgCvpfAbh86OVz+AzN jJuPy9F8VUTO4tZY2QsDryrSw/i7ZOCOTbw/4YyFkdvNOSddIEJsEexLZH+CzgYkBY wTkMwgUfijVp4WZvseFcw6qMMz1IK5dX6gUqCN/KmvIeCwDmyP4GMfgERCcNmb0/R4 JY02RbFt9NGEw==
Received: from smtpclient.apple (unknown [17.11.99.8]) by mr85p00im-zteg06011501.me.com (Postfix) with ESMTPSA id 7FE1D2A069F; Wed, 11 Aug 2021 20:58:56 +0000 (UTC)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.43\))
From: Carrick Bartle <cbartle891@icloud.com>
In-Reply-To: <8d260f7a-7cbe-4980-9ed2-0120764fc476@www.fastmail.com>
Date: Wed, 11 Aug 2021 13:58:54 -0700
Cc: "TLS@ietf.org" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9F2E90F8-3461-4D71-A3E7-A3A9FC5DA8E7@icloud.com>
References: <0ad354da-5300-4b48-8925-f7ab18cdf235@www.fastmail.com> <8d260f7a-7cbe-4980-9ed2-0120764fc476@www.fastmail.com>
To: Christopher Wood <caw@heapingbits.net>
X-Mailer: Apple Mail (2.3654.80.0.2.43)
X-Proofpoint-Virus-Version: =?UTF-8?Q?vendor=3Dfsecure_engine=3D1.1.170-22c6f66c430a71ce266a39bfe25bc?= =?UTF-8?Q?2903e8d5c8f:6.0.391,18.0.790,17.0.607.475.0000000_definitions?= =?UTF-8?Q?=3D2021-08-11=5F07:2021-08-11=5F01,2021-08-11=5F07,2020-04-07?= =?UTF-8?Q?=5F01_signatures=3D0?=
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 clxscore=1015 adultscore=0 malwarescore=0 spamscore=0 suspectscore=0 phishscore=0 bulkscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2108110143
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1-EbNvY-DN8kqtTFq4rv94OqOQc>
Subject: Re: [TLS] WGLC for draft-ietf-tls-cross-sni-resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Aug 2021 20:59:21 -0000

>  Notably, it still relies on the server certificate being re-validated against the new SNI at the
>  session resumption time.

Where is this specified? I can't find it in RFC 8446. (Sorry if I missed it.)

>  However, in the absence of additional signals, it discourages using a session ticket when the SNI value > does not match ([RFC8446], Section 4.6.1), as there is normally no reason to assume that all servers
> sharing the same certificate would also share the same session keys.

It'd be helpful to describe under what circumstances there is reason to assume that servers that share the same certificate also share the same session keys (and are able to take advantage of cross-SNI resumption).


> On Jul 30, 2021, at 6:57 PM, Christopher Wood <caw@heapingbits.net> wrote:
> 
> Given the few responses received thus far, we're going to extend this WGLC for another two weeks. It will now conclude on August 13.
> 
> Best,
> Chris, for the chairs
> 
> On Fri, Jul 16, 2021, at 4:55 PM, Christopher Wood wrote:
>> This is the working group last call for the "Transport Layer Security 
>> (TLS) Resumption across Server Names" draft, available here:
>> 
>>    https://datatracker.ietf.org/doc/draft-ietf-tls-cross-sni-resumption/
>> 
>> Please review this document and send your comments to the list by July 
>> 30, 2021. The GitHub repository for this draft is available here:
>> 
>>    https://github.com/vasilvv/tls-cross-sni-resumption
>> 
>> Thanks,
>> Chris, on behalf of the chairs
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls