Re: [TLS] OPTLS: Signature-less TLS 1.3
Watson Ladd <watsonbladd@gmail.com> Wed, 05 November 2014 17:56 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3A9F1A9041 for <tls@ietfa.amsl.com>; Wed, 5 Nov 2014 09:56:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_15=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l6A-z1JRgppO for <tls@ietfa.amsl.com>; Wed, 5 Nov 2014 09:56:51 -0800 (PST)
Received: from mail-yh0-x231.google.com (mail-yh0-x231.google.com [IPv6:2607:f8b0:4002:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAA6B1A906D for <tls@ietf.org>; Wed, 5 Nov 2014 09:56:50 -0800 (PST)
Received: by mail-yh0-f49.google.com with SMTP id t59so573815yho.36 for <tls@ietf.org>; Wed, 05 Nov 2014 09:56:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=4KZ3OJUnJLUQXKixcNa17wWQOekv0slTEQKyXBim2Ec=; b=FKXy5ENGjjgnsyp0hGMmG9mqg49CZvbdIFDTg4d9XgAMbs8Qd6gBQpUtobi+4GJnTb gjNtCklM8GI4dBCXuEMMy+LjcDTG3apaP/OiuGjbFx39Xp5tbXh1R8tXucmwemZvTdBE gkdiszgFMMyNBKAMY8+G9TmWcILs5bNo8cZIPn435TWghNFssXAbSSDnGfauhRbZfa6S UGYOFMNZdoHfhqc2N6wcjvKzqMD9lESyBSNKNUIVIVhBDFm2pylLibVu3kHGl7PQFsQK AWUJWxQEbA8X9HO+EJdLt7gdK+3AhDxqnQiHIfAQ7NMbg0cqMxF4gfc6hxOfnpDp9ele 3zpQ==
MIME-Version: 1.0
X-Received: by 10.170.87.7 with SMTP id e7mr6333030yka.126.1415210210192; Wed, 05 Nov 2014 09:56:50 -0800 (PST)
Received: by 10.170.195.203 with HTTP; Wed, 5 Nov 2014 09:56:50 -0800 (PST)
Received: by 10.170.195.203 with HTTP; Wed, 5 Nov 2014 09:56:50 -0800 (PST)
In-Reply-To: <CAK3OfOg5050v1sYH5o6rdLTT+_wLZ5R_b4yh7ZMPN=2NQ5W9wA@mail.gmail.com>
References: <CADi0yUObKsTvF6bP=SxAwYA05odyWdzR1-sWutrDLUeu+VJ1KQ@mail.gmail.com> <CABcZeBNQBC1XXFR5sGo=V8WmxmL5thaBpeHSasy3SordbqNRTQ@mail.gmail.com> <CADi0yUMM6C=NpvFsc67J6Dc6uEO3OZ490tFWhAYmD362mC+D4A@mail.gmail.com> <CABcZeBNKpTMg+xhMK5TnO_W99MotoPw+_m9yrTqTUSwqyPpUPA@mail.gmail.com> <CACsn0cnkRZ5ZzX0bHfVFsvsrNoJxU2Txs0O2YW386fsg9GF1vQ@mail.gmail.com> <CABcZeBMQc5Mb_FK3davMxi0oBgzawqCMaYp1DqGYgg3nEHYHHw@mail.gmail.com> <CADi0yUOZ8LqsJbTTZmYL6XgrTjWvTMqvFMd7euzv+xQPU9vPJg@mail.gmail.com> <CABkgnnV1jcdXeZJ5BwZB1sM7xwuJt9Q3UUujTgddjC3sHDJxpA@mail.gmail.com> <CAK3OfOg5050v1sYH5o6rdLTT+_wLZ5R_b4yh7ZMPN=2NQ5W9wA@mail.gmail.com>
Date: Wed, 05 Nov 2014 09:56:50 -0800
Message-ID: <CACsn0ckjVDVcPokGPqFBtKC8uoMd+2m4Gp6xbVDfuq05dfz6Xg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: multipart/alternative; boundary="001a113a8c04dc741e0507204d83"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/34N6vGwdQjLuX-jxaTKRURj80yo
Cc: tls@ietf.org
Subject: Re: [TLS] OPTLS: Signature-less TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Nov 2014 17:56:56 -0000
On Nov 5, 2014 9:51 AM, "Nico Williams" <nico@cryptonector.com> wrote: > > On Wed, Nov 5, 2014 at 11:45 AM, Martin Thomson > <martin.thomson@gmail.com> wrote: > > On 5 November 2014 08:27, Hugo Krawczyk <hugo@ee.technion.ac.il> wrote: > >> The issue of validity period of the static key g^s is not different than > >> that of a regular certificate except that the server can choose a shorter > >> validity period for g^s than the one for the certificate. That is, if the > >> client's clock is skewed by Delta and the validity of g^s is up to time T, > >> the client will accept g^s till time T+Delta. Similarly, if the certificate > >> expires at time T', the client will accept it until T'+Delta. In either > >> case, if T<T' the client will accept g^s for less time than it would accept > >> the certificate. > > > > I think that the core concern is that Delta is basically unbounded in > > some implementations (see [1]). > > > > [...] > > > > [1] https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf > > Perhaps we should pin latest datetime advertised by the server for > which other things are being pinned. This would prevent time travel > into the past. Time travel into the far future is, presumably, not > that big a deal, even with pinning, because server operators will > strive to make sure that doesn't happen. Or kernels can set the flag that stops this from being possible. We should note the issue, and, as with randomness, let the vendors solve it. For a problem solved by a configuration change, we are spending a lot of time on it. Sincerely, Watson Ladd > > Nico > -- > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Rene Struik
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Rene Struik
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Eric Rescorla
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Eric Rescorla
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Ilari Liusvaara
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Eric Rescorla
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Eric Rescorla
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Eric Rescorla
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Manuel Pégourié-Gonnard
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Eric Rescorla
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Eric Rescorla
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Eric Rescorla
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hanno Böck
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Peter Gutmann
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Martin Thomson
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Eric Rescorla
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Martin Thomson
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Eric Rescorla
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Martin Thomson
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Andy Lutomirski
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Andy Lutomirski
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Daniel Kahn Gillmor
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Daniel Kahn Gillmor
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Martin Thomson
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Daniel Kahn Gillmor
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Martin Thomson
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Eric Rescorla
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Yoav Nir
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Daniel Kahn Gillmor
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Yoav Nir
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Daniel Kahn Gillmor
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Yoav Nir
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Nico Williams
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Salz, Rich
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Watson Ladd
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Salz, Rich
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Dan Brown
- Re: [TLS] OPTLS: Signature-less TLS 1.3 Hugo Krawczyk