[TLS] Re: I-D Action: draft-ietf-tls-extended-key-update-08.txt
Eric Rescorla <ekr@rtfm.com> Fri, 16 January 2026 00:33 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BF296A855DC9 for <tls@mail2.ietf.org>; Thu, 15 Jan 2026 16:33:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i0G7TNngKeO8 for <tls@mail2.ietf.org>; Thu, 15 Jan 2026 16:33:09 -0800 (PST)
Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 67722A855DBF for <tls@ietf.org>; Thu, 15 Jan 2026 16:33:09 -0800 (PST)
Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-79088484065so16197377b3.1 for <tls@ietf.org>; Thu, 15 Jan 2026 16:33:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1768523583; cv=none; d=google.com; s=arc-20240605; b=JEMEIi8/CaMOQTVvsKfNTvXgNUyILS8wBWyXr5Tk6Xf7hAOLF3+Mo0bLY+nKkhkfwA +maAh7pJRMkcaahoHUYxF/n3Az3lzRpFm6nfUhT+E/cp0vU+i2hi8bYIuN403X4l8AH2 rHv7egNBMK40B6Kf+xR4cgxOEOVephldrYCPA9xFv7ETsr9iY3kHN33EFijAP1K/LabV mtLjyi4gDdLdLEvh2iEGREwHzIb6DDyM0rxyB+Et3Ojrx5+nF6xe7DY1XHqgG1tLtnXV +uWTpL+lDNjwesOHopV3mCguY/c4AzgoYJIkcOhkyDSyxUGQEifPFJqf97IyVNXaocgp k/pw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=MIWME4uXipD/Ryco4NNbMYdr04FCX9mFBA6habyb8NA=; fh=XpwJ+wJoDZJOx01qWFMr+dfcDq/b0taPgAUFkVCrSjg=; b=EXfXOROyrjbdetJ2dCioevVgFX0OC0pVlknb0xrfjaecgwRyrtCRw/7jLCYZNlLIo7 kh9BPesU70ZaEePYlE9q5Q/GbgrczjXLb9Nbjwcw3PItYB1IQXC6kzmDWIqUEuxCkrXm zlWefxznksrHbtj8w5jUejq0Nif5q03vE2MQ/esMm5wSu8nm+tdMISw+wCiiiNDtdFGp WIxeZPQwPvXAuO5hUP9sBI6PZDqkY8xYY2OZByCgQ/wMeqEbYaLjLwVTbK7MVaC27XG2 1UoSH4fFdivnhY4PSmikWy3XJiTF8UVg5oCFL3CXOYBP5pbCp4ul/f+kQfIUr1zy8Gp7 K9WA==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1768523583; x=1769128383; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=MIWME4uXipD/Ryco4NNbMYdr04FCX9mFBA6habyb8NA=; b=Y6oKXYjfI0PjT41tno9qi9n9qoNZYhtYcE3hOLxgAYkszXgMvGiWL2V7zSR1DPKz7v BARQTM5AUDbyUiyhuFtEfjI5fSQEVe9pXM13gl0ZrHrJ9McRvvor3axngqeTR49niTpl eV4GsKeF5izFP976FI7skd9KYp8SyvYYCuFRe16GNo67fN6gKGASWMW2yP2zCqBmGXeD 2QYDxe5hjHvuCkyb2umEz+NvfGl0IWvB9/Mek2/EKufFomR/xailY0w7LMbyQevc0Tsp om7QroEW7nmq3kkiIaE2KylEiCzTFP8c8yxrCO0DB/XjacObNjcUjB01XHm2XoUmA9Ki Wsiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768523583; x=1769128383; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=MIWME4uXipD/Ryco4NNbMYdr04FCX9mFBA6habyb8NA=; b=gIxx+tHRhvMnzZCv+/1MmTXQGGED28R880HaiBbIZ3+vp4dog9p54bbBUK6VWk5MOH ZHSW9x3203+/CvIlFGPaghHaOw1AmzedtFEVHRkQVfQNeHTe5dtdKrWlaFMp7w/ypcJ+ Vg6FfVwuCmkQTL4TqaICH+xB+18Tu/62Ge+bUDNzrHPKtJIgzES4uVVwAeHD6acolQOm jNldck4D6HghsU160D23zbT6SpSEGsk+531Y4un/BcR9/CWWLfe0YaNFdBq13xgiW5GV DgzJtnskmbLMaymkCPlbJMF/APUoN2MZaVchDX+YUDsgK49LVAUkDezmMnen9ridDJXi hd2A==
X-Gm-Message-State: AOJu0Yz2KB2m29pLPNflwH40ZSCHWp5Hhs+yQUmR5heKb+guu29IXTWb koQ4yV3+gkGjsYIdqgw6LEl5tqerSB9cGp9gzrJ2GHZgIEGFcA1lxaYAIMQqfgA1lH8Dg0Zf1HL D0K25S1b7VARkERov2JXI5h0HiwFmO46yJYdz7WF89bVkWZZ0mNBO
X-Gm-Gg: AY/fxX6U+Ih6KLjBe0TK4HP7rWeeac8mutFYA06U4PxUHiAUznDUDaKqMGtxnleSDur vmuxzLwLyIbeKK+IbXsfGwHXf0S0mhuJ6qTyGOIlIMXDa+/TZq/tQrGf3pLu/wIOEhB+ibBVHo3 AmYiOGqHj7iOJYbttX+68oUNNpey5uwlYTMQTg6VVyiLyDAliwzXnt+XG7FOnWhWm7cjcjAR6c7 80QPG/REc3Ca+cLuHlH3qLdN9YhfPDZ+NzNYL5I5EiozPAK96rM58WVkjF/HJGkjEsoTQ8S+0NF uK/KavLAjL6b/UMQRGmBGtUqX8ZH3UBBb1BzXluUJovXiETfPE4pF8RIqTNzvzuZaQHF5i/WOw1 FcFG9jQrExA==
X-Received: by 2002:a05:690c:45c9:b0:78c:27df:c56d with SMTP id 00721157ae682-793c53f82f1mr27483557b3.61.1768523582775; Thu, 15 Jan 2026 16:33:02 -0800 (PST)
MIME-Version: 1.0
References: <176836813587.1015520.4874430095863350470@dt-datatracker-5656579b89-r5kdq> <c4860814-2c36-d553-b4e8-bf67eb344138@nohats.ca>
In-Reply-To: <c4860814-2c36-d553-b4e8-bf67eb344138@nohats.ca>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 15 Jan 2026 16:32:26 -0800
X-Gm-Features: AZwV_QiyuxUV4Lq2MlwDSBEFfSQaWyi6QNzyxNK5A6udIJmKPX0m5QlvUhkFEFI
Message-ID: <CABcZeBNMeNdsCw7VFV7xLU7Y0xAAi+UoZK0n-iMG-Eup6WVmdQ@mail.gmail.com>
To: Paul Wouters <paul=40nohats.ca@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000edb4fd0648767bae"
Message-ID-Hash: XH57UPDMC2DTXHTTWQPSHEPQCL4JF6AT
X-Message-ID-Hash: XH57UPDMC2DTXHTTWQPSHEPQCL4JF6AT
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: I-D Action: draft-ietf-tls-extended-key-update-08.txt
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/3jNiaiESIwiXSvbwd7xK7oMUg2s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hi Paul, This seems like it could have some unintended consequences in terms of nonorthogonality. Specifically, this extension only works with an asymmetric exchange, so if we made the change you indicate it would have the result that you could do an attestation update with an asymmetric exchange but not a hash ratchet. That might be OK, but it's a bit odd.... -Ekr On Thu, Jan 15, 2026 at 4:24 PM Paul Wouters <paul= 40nohats.ca@dmarc.ietf.org> wrote: > On Tue, 13 Jan 2026, internet-drafts@ietf.org wrote: > > > To address this, this specification defines an extended key update > > mechanism that performs a fresh Diffie-Hellman exchange within an > > active session, thereby ensuring post-compromise security. By > > forcing attackers to exfiltrate new key material repeatedly, this > > approach mitigates the risks associated with static key compromise. > > Regular renewal of session keys helps contain the impact of such > > compromises. The extension is applicable to both TLS 1.3 and DTLS > > 1.3. > > It would be useful, if we are changing KeyUpdate anyway, to also generally > allow some other TLS Extensions to send a message here. One can think > of attestation refreshing being one obvious use case here. > > Paul > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org >
- [TLS] I-D Action: draft-ietf-tls-extended-key-upd… internet-drafts
- [TLS] Re: I-D Action: draft-ietf-tls-extended-key… Paul Wouters
- [TLS] Re: I-D Action: draft-ietf-tls-extended-key… Eric Rescorla