Re: [TLS] Call for Consensus on removal of renegotiation

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 25 June 2014 18:47 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55BDC1B2E1A for <tls@ietfa.amsl.com>; Wed, 25 Jun 2014 11:47:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U8F5F4wHLWaw for <tls@ietfa.amsl.com>; Wed, 25 Jun 2014 11:47:26 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 195EF1B2E1D for <tls@ietf.org>; Wed, 25 Jun 2014 11:47:26 -0700 (PDT)
Received: from [10.70.10.68] (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id CF887F984 for <tls@ietf.org>; Wed, 25 Jun 2014 14:47:23 -0400 (EDT)
Message-ID: <53AB192F.2040001@fifthhorseman.net>
Date: Wed, 25 Jun 2014 14:47:11 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Icedove/30.0
MIME-Version: 1.0
To: "<tls@ietf.org>" <tls@ietf.org>
References: <44DA5A30-015D-40F3-90CA-F15076891BBC@cisco.com>
In-Reply-To: <44DA5A30-015D-40F3-90CA-F15076891BBC@cisco.com>
X-Enigmail-Version: 1.6+git0.20140323
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="kTSKiBd5Ruko2c3WwWq3hAPuVBWPKs6E8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/2Uyoi_pQJg1nns0gb4mTB5NbdxI
Subject: Re: [TLS] Call for Consensus on removal of renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jun 2014 18:47:29 -0000

On 06/25/2014 02:34 PM, Joseph Salowey (jsalowey) wrote:
> We would like to see if there is consensus on removing renegotiation in TLS 1.3.  We had rough consensus at the interim to remove renegotiation. Please state your position by indicating preference for one of the following (we will have a separate consensus call to decide on rekey approach). 
> 
> 1. Do you favor removing renegotiation from TLS 1.3 either with or without an additional facility for rekey?
> 2. Are you in favor of not removing renegotiation regardless of the addition of a separate rekey facility?

If we're supposed to select either 1 or 2, i wouldn't feel comfortable
with either one.

If we aren't providing an additional facility for re-keying, then i am
not OK with removing renegotiation.  TLS needs a way for high-traffic,
longstanding connections to stay up without "dead air" (as i think Sean
called it earlier).  So i can't choose (1).

OTOH, if we have a separate rekey facility, i think that the semantics
of TLS will be clearer (easier for application developers to understand
and work with; easier for cryptanalysts to evaluate) if we get rid of
renegotiation.  So i can't choose (2).

Maybe this question needs to be re-framed, or we need an option 0?

	--dkg