Re: [TLS] What would make TLS cryptographically better for TLS 1.3

Nikos Mavrogiannopoulos <nmav@gnutls.org> Fri, 01 November 2013 19:09 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4436811E811D for <tls@ietfa.amsl.com>; Fri, 1 Nov 2013 12:09:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eaOcZvSJ2ZAZ for <tls@ietfa.amsl.com>; Fri, 1 Nov 2013 12:09:42 -0700 (PDT)
Received: from mail-ee0-x233.google.com (mail-ee0-x233.google.com [IPv6:2a00:1450:4013:c00::233]) by ietfa.amsl.com (Postfix) with ESMTP id 61C5311E80DE for <tls@ietf.org>; Fri, 1 Nov 2013 12:09:42 -0700 (PDT)
Received: by mail-ee0-f51.google.com with SMTP id d41so2144078eek.24 for <tls@ietf.org>; Fri, 01 Nov 2013 12:09:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:openpgp:content-type :content-transfer-encoding; bh=mEBpZprfE7m5TRbKLqm0hvikprsjQlYuRAq+Nn6gaS0=; b=F6cv3lOkCkiBuOzivuirHeUephts/Ku7YrCNj8am0rJMuc9ypEIjALkjm+kdO0k8a/ RZmEMeTVnJ8RzBAqXt2grOPPXf3uNLVs7D/zGO9n6ROuEuNpTvSkSsP9wPf3LoYoA0m4 0vroHna1dBS3nkOlvsjHIzrQ9nsZ0TcY/pDcrxDWvuTMjTjqJAXQJvoZeX7yclHfo/Ne xvbi7HPGVRv/axdcHLrqjmJ/vGfr63IpZmZgqoIcID+YXF+WOkZauQ4FtQ8HsnfhdK9P bq3f5hkDVOxz3nEiQGrvnhPcamCBtdZX3CSryzYY5YgtLj0AGYVVtM5sZiumXiFCJGHh vfiQ==
X-Received: by 10.14.246.11 with SMTP id p11mr4677366eer.9.1383332981605; Fri, 01 Nov 2013 12:09:41 -0700 (PDT)
Received: from [10.100.2.17] (ip-62-245-100-42.net.upcbroadband.cz. [62.245.100.42]) by mx.google.com with ESMTPSA id a6sm11124766eei.10.2013.11.01.12.09.40 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 01 Nov 2013 12:09:41 -0700 (PDT)
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Message-ID: <5273FC73.8010303@gnutls.org>
Date: Fri, 01 Nov 2013 20:09:39 +0100
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131005 Icedove/17.0.9
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <CACsn0cnS7LWo+AN1maw-KYGhWXY1BLNPNOjiL-Y3UU3zG-Je_Q@mail.gmail.com> <20131031230955.GB32733@gmail.com>
In-Reply-To: <20131031230955.GB32733@gmail.com>
X-Enigmail-Version: 1.5.1
OpenPGP: id=96865171
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] What would make TLS cryptographically better for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2013 19:09:43 -0000

On 11/01/2013 12:09 AM, Nico Williams wrote:
> 
> My list:
> 
>  - It should be deployable, that's first; in particular, it needs to be
>    deployable with ECDH PFS key exchanges.

(unrelated) It would actually be nice to have a wiki for anyone to add
his wish list there.


>  - Renegotiation should be replaced with an NPN-like extension that
>    provides privacy to the TLS client principal name.

I don't think anyone can avoid renegotiation. Since the TLS packet
counters are 64-bit (and more importantly in DTLS 48-bits), one cannot
avoid renegotiation to reset the counters.

(nevertheless, all the practical VPNs I've seen using TLS, don't use
renegotiation, they just re-establish the session).

regards,
Nikos