IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-session-hash-04 and session resumption

David Benjamin <davidben@chromium.org> Wed, 15 April 2015 16:52 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0811C1B2DD3 for <tls@ietfa.amsl.com>; Wed, 15 Apr 2015 09:52:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DXpEYdRHeNmH for <tls@ietfa.amsl.com>; Wed, 15 Apr 2015 09:52:35 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D874D1B2DC7 for <tls@ietf.org>; Wed, 15 Apr 2015 09:52:22 -0700 (PDT)
Received: by oiko83 with SMTP id o83so30311244oik.1 for <tls@ietf.org>; Wed, 15 Apr 2015 09:52:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=5eq5ALqEwgk3esoN90lSgWQYhqtkIuRLK7KYUh4958k=; b=IP0cIQyGUoMB9yiMKD2l+GfpQjOHS4hYFcwPPD76vkw5nPDBS6sR9xYeJgIJncbodx rNRAU8ZIgQCFWSyDgf6MqeLuI39NXH8kUMXTDD/w8h0Z3Aug9x2RsVHD8p7eQDJbshIM 95SzBfxcD2dtVjiBtfZonBv9SffEauUkK2qgc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=5eq5ALqEwgk3esoN90lSgWQYhqtkIuRLK7KYUh4958k=; b=dteIhTdubpccqhBXvKPKj5tDPacQdDf0biH1YpFz3ElT3FyqRiCwNJikicqR+YDrR0 Fpnf475us8NXaPB14iGjDIkEyJFHOijMxsuzax93WLvm6O6T1ZKdsV4gMjw5yEI39lIM Cah2gEmZj1TvA3lrEAsr31ondYR6irlht6oYr5MmP4UGemzo/VnV92Q7OfhpEgamWPtv R/CAwrcp6AQi6g8EFpCH+Qh2ftkmIkgIwet7oqgFcriExc0rBqAbVU0XL6T+faYAcael JPz+sME6Kdj0CCPMaRMAq8nc2oq/I37G9VnurjnBjDjjqITuYZVy7uYGjwFvNrssNtWj vqCA==
X-Gm-Message-State: ALoCoQl1Ka2oThgmT3QMAzaBOed0uwY47J8z87bPTI0EpBlqXt7Gg/RUbPir4Vf4RywqZTERzm0c
X-Received: by 10.43.72.138 with SMTP id yo10mr32856598icb.69.1429116741654; Wed, 15 Apr 2015 09:52:21 -0700 (PDT)
MIME-Version: 1.0
References: <20150415015313.357751B28A@ld9781.wdf.sap.corp> <53BB8A96-8CFE-4275-9562-336D60B567B3@gmail.com> <56BA5F9C-E1CE-402F-831C-0D3AF3D336AE@gmail.com> <CABkgnnXKU0nMQpgeUdVTTUY1K-m3_geeDO0a+0sk966X6HyxBw@mail.gmail.com>
In-Reply-To: <CABkgnnXKU0nMQpgeUdVTTUY1K-m3_geeDO0a+0sk966X6HyxBw@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Wed, 15 Apr 2015 16:52:20 +0000
Message-ID: <CAF8qwaBiTUwBG2bfrTscztouRi8qaOka5i0o1QLUc_9bjq5rSQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>, Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Content-Type: multipart/alternative; boundary="001a11c204febaba6c0513c62bd7"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/2LVPzAzT0q3jIqYB-yoTX2mkYSQ>
Cc: "tls@ietf.org" <tls@ietf.org>, Bill Cox <waywardgeek@google.com>
Subject: Re: [TLS] draft-ietf-tls-session-hash-04 and session resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 16:52:37 -0000

On Wed, Apr 15, 2015 at 12:40 PM Martin Thomson <martin.thomson@gmail.com>
wrote:

> On 15 April 2015 at 00:38, Karthikeyan Bhargavan
> <karthik.bhargavan@gmail.com> wrote:
> > I guess my question is whether “SHOULD perform a full handshake” is
> strong enough,
> > leaving the server the option of aborting the handshake, or is MUST
> preferable
> > as a clearer indication to implementers?
>
>
> This is fine with me.  Though I think David's concerns are worth
> taking into account.  You might instead say:
>
>    Instead, it MUST either perform a full handshake or abort the
> connection.
>
> That leaves plenty of options open.
>
> Given that this only arises if you have a busted client, we shouldn't
> worry too much about which option people take.  If this were an
> expected situation somehow, I'd be arguing more strongly for the full
> handshake option.
>

Not necessarily; it can also occur if the server changes configuration to
add EMS support. Server deployments may not necessarily flush their session
cache across upgrades (perhaps you configured SSLSessionTicketKeyFile in
Apache to share your session cache between machines). It would be nice if
they did, but not everyone running a server will know the nitty gritty
details of what the latest software update included and the interactions
with protocol subtleties.

I agree it's not likely to be very common, so it's not actually that big a
deal. But this is a case where the safer option is clear and not actually
more complex, so the spec should nudge implementers toward that one.

(From experience, interop problems around session resumption are a headache
to diagnose and reason about. I prefer to actively avoid introducing them
where possible.)

David

v2.23.0 | Report a Bug | By Email