IETF Logo Mail Archive

Re: [TLS] OPTLS: Signature-less TLS 1.3

Watson Ladd <watsonbladd@gmail.com> Wed, 05 November 2014 17:56 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3A9F1A9041 for <tls@ietfa.amsl.com>; Wed, 5 Nov 2014 09:56:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_15=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l6A-z1JRgppO for <tls@ietfa.amsl.com>; Wed, 5 Nov 2014 09:56:51 -0800 (PST)
Received: from mail-yh0-x231.google.com (mail-yh0-x231.google.com [IPv6:2607:f8b0:4002:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAA6B1A906D for <tls@ietf.org>; Wed, 5 Nov 2014 09:56:50 -0800 (PST)
Received: by mail-yh0-f49.google.com with SMTP id t59so573815yho.36 for <tls@ietf.org>; Wed, 05 Nov 2014 09:56:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=4KZ3OJUnJLUQXKixcNa17wWQOekv0slTEQKyXBim2Ec=; b=FKXy5ENGjjgnsyp0hGMmG9mqg49CZvbdIFDTg4d9XgAMbs8Qd6gBQpUtobi+4GJnTb gjNtCklM8GI4dBCXuEMMy+LjcDTG3apaP/OiuGjbFx39Xp5tbXh1R8tXucmwemZvTdBE gkdiszgFMMyNBKAMY8+G9TmWcILs5bNo8cZIPn435TWghNFssXAbSSDnGfauhRbZfa6S UGYOFMNZdoHfhqc2N6wcjvKzqMD9lESyBSNKNUIVIVhBDFm2pylLibVu3kHGl7PQFsQK AWUJWxQEbA8X9HO+EJdLt7gdK+3AhDxqnQiHIfAQ7NMbg0cqMxF4gfc6hxOfnpDp9ele 3zpQ==
MIME-Version: 1.0
X-Received: by 10.170.87.7 with SMTP id e7mr6333030yka.126.1415210210192; Wed, 05 Nov 2014 09:56:50 -0800 (PST)
Received: by 10.170.195.203 with HTTP; Wed, 5 Nov 2014 09:56:50 -0800 (PST)
Received: by 10.170.195.203 with HTTP; Wed, 5 Nov 2014 09:56:50 -0800 (PST)
In-Reply-To: <CAK3OfOg5050v1sYH5o6rdLTT+_wLZ5R_b4yh7ZMPN=2NQ5W9wA@mail.gmail.com>
References: <CADi0yUObKsTvF6bP=SxAwYA05odyWdzR1-sWutrDLUeu+VJ1KQ@mail.gmail.com> <CABcZeBNQBC1XXFR5sGo=V8WmxmL5thaBpeHSasy3SordbqNRTQ@mail.gmail.com> <CADi0yUMM6C=NpvFsc67J6Dc6uEO3OZ490tFWhAYmD362mC+D4A@mail.gmail.com> <CABcZeBNKpTMg+xhMK5TnO_W99MotoPw+_m9yrTqTUSwqyPpUPA@mail.gmail.com> <CACsn0cnkRZ5ZzX0bHfVFsvsrNoJxU2Txs0O2YW386fsg9GF1vQ@mail.gmail.com> <CABcZeBMQc5Mb_FK3davMxi0oBgzawqCMaYp1DqGYgg3nEHYHHw@mail.gmail.com> <CADi0yUOZ8LqsJbTTZmYL6XgrTjWvTMqvFMd7euzv+xQPU9vPJg@mail.gmail.com> <CABkgnnV1jcdXeZJ5BwZB1sM7xwuJt9Q3UUujTgddjC3sHDJxpA@mail.gmail.com> <CAK3OfOg5050v1sYH5o6rdLTT+_wLZ5R_b4yh7ZMPN=2NQ5W9wA@mail.gmail.com>
Date: Wed, 05 Nov 2014 09:56:50 -0800
Message-ID: <CACsn0ckjVDVcPokGPqFBtKC8uoMd+2m4Gp6xbVDfuq05dfz6Xg@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: multipart/alternative; boundary="001a113a8c04dc741e0507204d83"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/34N6vGwdQjLuX-jxaTKRURj80yo
Cc: tls@ietf.org
Subject: Re: [TLS] OPTLS: Signature-less TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Nov 2014 17:56:56 -0000

On Nov 5, 2014 9:51 AM, "Nico Williams" <nico@cryptonector.com> wrote:
>
> On Wed, Nov 5, 2014 at 11:45 AM, Martin Thomson
> <martin.thomson@gmail.com> wrote:
> > On 5 November 2014 08:27, Hugo Krawczyk <hugo@ee.technion.ac.il> wrote:
> >> The issue of validity period of the static key g^s is not different
than
> >> that of a regular certificate except that the server can choose a
shorter
> >> validity period for g^s than the one for the certificate. That is, if
the
> >> client's clock is skewed by Delta and the validity of g^s is up to
time T,
> >> the client will accept g^s till time T+Delta. Similarly, if the
certificate
> >> expires at time T', the client will accept it until T'+Delta. In either
> >> case, if T<T' the client will accept g^s for less time than it would
accept
> >> the certificate.
> >
> > I think that the core concern is that Delta is basically unbounded in
> > some implementations (see [1]).
> >
> > [...]
> >
> > [1]
https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf
>
> Perhaps we should pin latest datetime advertised by the server for
> which other things are being pinned.  This would prevent time travel
> into the past.  Time travel into the far future is, presumably, not
> that big a deal, even with pinning, because server operators will
> strive to make sure that doesn't happen.

Or kernels can set the flag that stops this from being possible. We should
note the issue, and, as with randomness, let the vendors solve it.

For a problem solved by a configuration change,  we are spending a lot of
time on it.

Sincerely,
Watson Ladd
>
> Nico
> --
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email