[TLS] Adding an additional step to exporters
Martin Thomson <martin.thomson@gmail.com> Fri, 24 February 2017 04:30 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1FCB129512 for <tls@ietfa.amsl.com>; Thu, 23 Feb 2017 20:30:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w_nYMoH65S4C for <tls@ietfa.amsl.com>; Thu, 23 Feb 2017 20:30:35 -0800 (PST)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24E7F12950E for <tls@ietf.org>; Thu, 23 Feb 2017 20:30:35 -0800 (PST)
Received: by mail-qk0-x22d.google.com with SMTP id s186so10142102qkb.1 for <tls@ietf.org>; Thu, 23 Feb 2017 20:30:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=d7vaest5aiLtU7695/9BDAZ7ziaUhiClA8YCTVelDLc=; b=RGe8+l+/j1ytotF7qKhm3Ni0l3UXijiRUm3PS6Jpl48yWq72mUllP8BpGJqH+5h8s2 qIS/rxL8EY05wUGaaEjLF1Jg2rZzy/pwzlhrn4MNQ286cnEDE6vXkICcZaBFFwMAWEzt KK3g1OBpv3D0G8vwEzqqt14oFoDKbq7IxFxfdCi0WDAeNYp5ECZOwPVSRmTnp7B1t8qG 5l0Rr4iHOGsOPztzrSXDBpvLFqRleZJy+5J1GzYDAVv4stJcFj7fAmvUSKMGH63pBTyf qNBcx0nimQMeJ8l6afS+KdHEAkNccQvD7yk69aOs9Mvs4ZbNlUtx3Plleim6VVlfywRE u2kA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=d7vaest5aiLtU7695/9BDAZ7ziaUhiClA8YCTVelDLc=; b=M6g1Il7Jtq3ewNyYIKN1VgXhcQmZc5H9x7aWj1+btf26ZvctUZKfM+xWeR0IXHzCBr Yf22L85dnkuzNP4reNIoRFD803d/t+E8orPLHv2Fcy82kAIEtjzQ3OLHBL3kfSXP5Hq/ SyEMW83iqGTCW+U1oepKQrw2dGnO/0IUc69FuayeJ+xVCKZJ5SyHmkikVyA/T6k5PH90 j4G7roy9GSc0LXqTpo7dxbzgzVNBDQd5e2pLOlWTcgyRj2/S65yjxKSWamzsG7SdA9sN jnZzPTtZUK25viS00ozJaRAYqUuj2owlikR1lpglupUE5XnDaAMjn02xiCjMA9r0VYvh 5mHg==
X-Gm-Message-State: AMke39nxXyqzwgQmHZ9f0h2VytzRxDaqu11w2Mym81D6lDGeiOTLRpXvicQQepDO9lPEiRna+Kc2/qRHeZSIwg==
X-Received: by 10.55.200.217 with SMTP id t86mr729800qkl.5.1487910634027; Thu, 23 Feb 2017 20:30:34 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Thu, 23 Feb 2017 20:30:33 -0800 (PST)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 24 Feb 2017 15:30:33 +1100
Message-ID: <CABkgnnVo0gU=jaR-qV4hypmsjVW6Vdu1RizVD0OPh0ry6vzKfQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/30VBKpvhEqlwDBePQndKy7bd_7s>
Subject: [TLS] Adding an additional step to exporters
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2017 04:30:36 -0000
https://github.com/tlswg/tls13-spec/pull/882 contains the longer description. In short, the existence of an exporter secret threatens the forward secrecy of any exported secret. This is a problem for QUIC and is likely to be a more general problem. The proposed fix is small: separate exporters into two steps (extract+expand) where the first step allows for separation based on exporter type and the second on context. That allows an endpoint to keep separate secrets for each exporter type and discard those that it no longer needs, thus gaining forward secrecy if it likes.
- [TLS] Adding an additional step to exporters Martin Thomson
- Re: [TLS] Adding an additional step to exporters Sean Turner
- Re: [TLS] Adding an additional step to exporters Felix Günther
- Re: [TLS] Adding an additional step to exporters Martin Thomson
- Re: [TLS] Adding an additional step to exporters Ilari Liusvaara
- Re: [TLS] Adding an additional step to exporters Hugo Krawczyk
- Re: [TLS] Adding an additional step to exporters Ilari Liusvaara
- Re: [TLS] Adding an additional step to exporters Martin Thomson
- Re: [TLS] Adding an additional step to exporters Martin Thomson