[TLS] TLS False Start
Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 28 November 2014 19:36 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92CAF1A00D6 for <tls@ietfa.amsl.com>; Fri, 28 Nov 2014 11:36:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ICE1Q80IA3_s for <tls@ietfa.amsl.com>; Fri, 28 Nov 2014 11:36:30 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDC0F1A00D0 for <tls@ietf.org>; Fri, 28 Nov 2014 11:36:29 -0800 (PST)
Received: from [192.168.131.133] ([80.92.115.84]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0Ljqgb-1YRZEP2RD7-00bsFj; Fri, 28 Nov 2014 20:36:24 +0100
Message-ID: <5478CEB7.2020206@gmx.net>
Date: Fri, 28 Nov 2014 20:36:23 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: "<tls@ietf.org>" <tls@ietf.org>, bmoeller@acm.org
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="o3i1CU67SftptW0fEXXiwQL24naJaWg1x"
X-Provags-ID: V03:K0:Q+hZAZNpbtV6ZLsZlHGyl9FfN8iDd4YTf+S34nL7LKSXbVRJXvg LNA7O3ZU+RbsePW2DBE681C8t//FPX3PgW/GL7onpx1wqwodzgJkuZijWsVQFZclZHp/uHz HYTQar5hMlB/LmotUo+1EIcB+SWmANZJwVPZUcDwBqBWdJxPSDxSdfnsEpCY+HVpvn8gm1d 7JDIE8LNo78Hzj/qyMtaQ==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/2bcyGLpL_ngTyo2Jc6RGg4jARog
Subject: [TLS] TLS False Start
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2014 19:36:31 -0000
Hi Bodo, Hi all, I read through <draft-bmoeller-tls-falsestart-01>. The document is well written but I have a few questions. There are various conditions specified when the TLS False Start mechanism is fit for use. I believe there is room for improvement regarding the way how these conditions are formulated. At the moment, they are more written as examples rather than a list of security properties. I am worried that many of the provided examples will be outdated fairly soon as algorithms continuously evolve. For example, you say that AES-GCM is OK. You cite the key length and I guess you are also including the current state of security analysis of the given cipher in that consideration. Would it be OK to use AES-CCM with False Start? I think so. Then, you list a couple of key exchange methods (DHE_RSA, ECDHE_RSA, DHE_DSS, ECDHE_ECDSA), which you consider being fit for TLS False Start. You indicate that an ephemeral DH exchange is need and I was wondering why this is the case? Why isn't a "normal" DH not acceptable? Would a ciphersuite like TLS_PSK_WITH_AES_128_CCM_8 be acceptable since it does not use a public key based ciphersuite and it also does not use an ephemeral Diffie-Hellman exchange. Finally, you list "client certificate types". As someone who is interested in the PSK case I am wondering whether you would consider PSK ciphersuites as acceptable as well. With the indicated criteria it is a bit hard to tell. Ciao Hannes
- [TLS] TLS False Start Hannes Tschofenig