IETF Logo Mail Archive

Re: [TLS] DTLS 1.3

Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 06 July 2016 19:34 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 862C312D123 for <tls@ietfa.amsl.com>; Wed, 6 Jul 2016 12:34:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.82
X-Spam-Level:
X-Spam-Status: No, score=-1.82 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PpoMcJWJ7Nth for <tls@ietfa.amsl.com>; Wed, 6 Jul 2016 12:34:58 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) by ietfa.amsl.com (Postfix) with ESMTP id 2C46712D0CD for <tls@ietf.org>; Wed, 6 Jul 2016 12:34:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id BCA259C4 for <tls@ietf.org>; Wed, 6 Jul 2016 22:34:56 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id gFger-o8y6lL for <tls@ietf.org>; Wed, 6 Jul 2016 22:34:56 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-177-32.bb.dnainternet.fi [87.100.177.32]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 69034C4 for <tls@ietf.org>; Wed, 6 Jul 2016 22:34:56 +0300 (EEST)
Date: Wed, 06 Jul 2016 22:34:54 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: tls@ietf.org
Message-ID: <20160706193454.GB28197@LK-Perkele-V2.elisa-laajakaista.fi>
References: <577A38A2.2090209@gmx.net> <20160704140312.GC4287@LK-Perkele-V2.elisa-laajakaista.fi> <577ABCE2.9050409@gmx.net> <20160704204603.GA4837@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBMYQ=SWfEwFVjpmO3Pzh78VTrdqXKF26TDnSA-nR-k=rQ@mail.gmail.com> <20160704211805.GC4837@LK-Perkele-V2.elisa-laajakaista.fi> <577CFABF.4020502@gmx.net> <20160706144708.GA28022@LK-Perkele-V2.elisa-laajakaista.fi> <577D5B1B.1030609@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <577D5B1B.1030609@gmx.net>
User-Agent: Mutt/1.6.0 (2016-04-01)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1VmABNYfnJZBG38ffOb1mqL9mTI>
Subject: Re: [TLS] DTLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2016 19:34:59 -0000

On Wed, Jul 06, 2016 at 09:25:15PM +0200, Hannes Tschofenig wrote:
> > 
> > Being part of regular handshake is problematic, since those are assumed
> > to be tickets, and as such one needs the dynamic PSK key. But the dynamic
> > PSK key includes the entiere handshake up to Client Finished. And this
> > can't really be changed (or things start going badly wrong).
> > 
> > So the minimum time to send some tickets is 4th flight, whereas normal
> > handshake is only 3 flights.
> 
> Was just an idea. The TLS 1.2 ticket mechanism was also transmitted
> during the handshake.

The TLS 1.2 ticket mechanism actually did nasty things to forward secrecy.
In TLS 1.2, the ticket happens to be in 4th flight after Client Finished,
which avoids most of the problems TLS 1.3 would have with tickets in-
handshake.
 
> > Certificate requests have context identifiers...
> 
> I was more thinking about including the HandshakeType to distinguish the
> ack for a NewSessionTicket from an ack to a CertificateRequest.

Oh yes. I posted a rough sketch of such message, it had a corresponding
field...
 
> > I don't think this works, because KeyUpdate is not idempotent (causes
> > problems if reply is lost) and worse yet, because of potential desyncs
> > with the main data flow (IP packet reordering!).
> 
> Maybe it should be made idempotent...

You still have packet reordering even if it is idempotent...


-Ilari

v2.23.0 | Report a Bug | By Email