IETF Logo Mail Archive

Re: [TLS] Do we actually need semi-static DHE-based 0-RTT?

Dave Garrett <davemgarrett@gmail.com> Fri, 19 February 2016 22:08 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 699EA1B34E1 for <tls@ietfa.amsl.com>; Fri, 19 Feb 2016 14:08:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bcCGW06jmwKf for <tls@ietfa.amsl.com>; Fri, 19 Feb 2016 14:08:23 -0800 (PST)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 070911B349D for <tls@ietf.org>; Fri, 19 Feb 2016 14:08:23 -0800 (PST)
Received: by mail-yw0-x22f.google.com with SMTP id e63so78198139ywc.3 for <tls@ietf.org>; Fri, 19 Feb 2016 14:08:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=dQFvFDVKyWQA5fEEhburZo5sY+MCOZ6vZTBKaGyAa9M=; b=IQe858savNSpxChwEJc0JPAdjVgBvOUDvANvWyMUH5ri/TX4Vktm0d0XYH2BrQnfnm xqc/qvJwrK0GZtifCJgCHaqEiXl9z2KwXQmhyYH/MuxzDu81nNuU0/Jj2UF67irZjxrJ 7pIZsHUqmRxN9uJDbgEIczln+pjkx+E0B1Mir/xj2Cbofu+Lbwyq3B3U/QOsK8DLI/fR 1gAPsXp/LdIZw85W6CeVWkSru06gLTkan8+kYzaajVpajjfAT5bMdxkclmxhg/0iZvba 96Q2Yjygb5JXk9g/dWS7OFhqOtmN3kgz0OMeQJ3bt18k4zK5Ga18h9v6peO2jU3XAu/E ZHSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id; bh=dQFvFDVKyWQA5fEEhburZo5sY+MCOZ6vZTBKaGyAa9M=; b=L1qH3l6aNN66hGgkKxb1D2UhlmQfKIS773wKKYNvqs9Vh/DqY62fwA/jUIEOlPrkAk daTxdozpCANouR1XvhV2BknzZo3S1bQJ5WFjCYOjqalP6jI0ygFyVWKZveWEG7TBXmH9 mFLRy7ES4Kp4Pker93A4p+/Hb2r3Jd3sKoRtqpLFNooNDx4hwuEdZQOqvLRBfemZvhfA Lmp7bABgxrZmNd8odAfRqgBqEfBvnCE6pSyUIwtXAKrIYSXuixe9FzswcvlYFK49tj+J pQDTlmgHmze/XewmGdmDazXaIloSTOg5ihYmS7hz6xV96S9TP/GfaxrFzOt6a/ifUiZS JdlA==
X-Gm-Message-State: AG10YOQEVnqczfU03nLKwxts4mwoWvl3P4Nb3R1QhGECB8Zse03PZC/2UK2Wj83RVLrn6Q==
X-Received: by 10.129.80.87 with SMTP id e84mr8395971ywb.198.1455919702448; Fri, 19 Feb 2016 14:08:22 -0800 (PST)
Received: from dave-laptop.localnet (pool-71-175-20-227.phlapa.fios.verizon.net. [71.175.20.227]) by smtp.gmail.com with ESMTPSA id i67sm10152019ywf.34.2016.02.19.14.08.21 (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 19 Feb 2016 14:08:21 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Date: Fri, 19 Feb 2016 17:08:20 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CABcZeBMFE24o-F7JO8E2=xFmasR3iqabZhn6Qv4fw+ihYfTc6g@mail.gmail.com> <201602190044.23065.davemgarrett@gmail.com> <CAH9QtQGL4WuW4yrcxsE2R2Nv7h5jCzWySpP7xTD9xi4Y=bNKVA@mail.gmail.com>
In-Reply-To: <CAH9QtQGL4WuW4yrcxsE2R2Nv7h5jCzWySpP7xTD9xi4Y=bNKVA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201602191708.20869.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/2e0PdmkP3AynNCb62XCWsncyWQk>
Subject: Re: [TLS] Do we actually need semi-static DHE-based 0-RTT?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2016 22:08:24 -0000

On Friday, February 19, 2016 12:57:04 am Bill Cox wrote:
> Having two different modes to achieve basically the same
> thing in TLS 1.3 is a bad idea.

On Friday, February 19, 2016 10:01:31 am Salz, Rich wrote:
> I greatly prefer one way to do things.

I do not fundamentally disagree. I would support dropping PSK resumption in favor of using only DHE 0RTT for resumption.

With PSK resumption, as far as I know, the issue of what cipher suites to offer & use has not been settled, or at least written down in the spec. Not having to use all of the PSK suites (or non-PSK suites but actually using PSK, which could be confusing) and the PSK extension for resumption, and instead using some session ID and DHE 0RTT would be simpler and not loose capability.

I think that requiring PSK for 0RTT would significantly reduce the availability of actually using 0RTT, whilst providing no way to improve the situation over the long term. It would mean that TLS only has 0RTT resumption and not actually have any 0RTT sessions.


Dave

v2.23.0 | Report a Bug | By Email