Re: [TLS] TLS-OBC and channel-bound cookies as a new TLS CB type (Re: TLS-OBC proposal)
Dirk Balfanz <balfanz@google.com> Thu, 08 September 2011 21:20 UTC
Return-Path: <balfanz@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 76A7721F8B1B for <tls@ietfa.amsl.com>;
Thu, 8 Sep 2011 14:20:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.768
X-Spam-Level:
X-Spam-Status: No, score=-105.768 tagged_above=-999 required=5 tests=[AWL=0.208,
BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UnV07s3ktunX for
<tls@ietfa.amsl.com>; Thu, 8 Sep 2011 14:20:48 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by
ietfa.amsl.com (Postfix) with ESMTP id 37F0721F8B23 for <tls@ietf.org>;
Thu, 8 Sep 2011 14:20:48 -0700 (PDT)
Received: from hpaq5.eem.corp.google.com (hpaq5.eem.corp.google.com
[172.25.149.5]) by smtp-out.google.com with ESMTP id p88LMcQe007414 for
<tls@ietf.org>; Thu, 8 Sep 2011 14:22:38 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta;
t=1315516958; bh=24uJhSy8B4d2+B5e4OPEO04B/4Q=;
h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type;
b=O1shf/6FZfCTNHMm04DRLbYtxeEoSwKvsaX69acC0nGALryo16YU2stDZYjpijZwc
bFdxt4DdElfSYel540RCA==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns;
h=dkim-signature:mime-version:in-reply-to:references:date: message-id:subject:from:to:cc:content-type:x-system-of-record;
b=EalUqUQ2MKvjCzvVjFBbr4OXTwPXYC4thcNc8NSq2Ohc51Zc0F2CPtOi85fS7Lvz5
rWpKqe8h9a18c08TwplSQ==
Received: from qwb7 (qwb7.prod.google.com [10.241.193.71]) by
hpaq5.eem.corp.google.com with ESMTP id p88LJbTc022001 (version=TLSv1/SSLv3
cipher=RC4-SHA bits=128 verify=NOT) for <tls@ietf.org>;
Thu, 8 Sep 2011 14:22:36 -0700
Received: by qwb7 with SMTP id 7so581599qwb.33 for <tls@ietf.org>;
Thu, 08 Sep 2011 14:22:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type; bh=3CXh2nqphvjal5uIIG45I+61zRlEhXAt3sYWiGksWnc=;
b=oTBH0+gaozAOHWIuVLX4oKUc4GwHIcR0GKRxOgacRhBEWHuLoGn1wnEFDkKBTbjOu6
vJ895zcYfeRdYNHm8UhQ==
Received: by 10.229.231.149 with SMTP id jq21mr938799qcb.243.1315516954441;
Thu, 08 Sep 2011 14:22:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.231.149 with SMTP id jq21mr938794qcb.243.1315516954094;
Thu, 08 Sep 2011 14:22:34 -0700 (PDT)
Received: by 10.229.56.8 with HTTP; Thu, 8 Sep 2011 14:22:34 -0700 (PDT)
In-Reply-To: <CAK3OfOi4p9fYgODZG6mn0u3YdZb_Nzh0_dZ0fDiGJYRRjVqi7g@mail.gmail.com>
References: <CAK3OfOi4p9fYgODZG6mn0u3YdZb_Nzh0_dZ0fDiGJYRRjVqi7g@mail.gmail.com>
Date: Thu, 8 Sep 2011 14:22:34 -0700
Message-ID: <CADHfa2DB=k0R93v50vJrhugvET5bnyXe9pYEvpug+HGHSJhVoA@mail.gmail.com>
From: Dirk Balfanz <balfanz@google.com>
To: Nico Williams <nico@cryptonector.com>
Content-Type: multipart/alternative; boundary=0016e64ea93ebeaddc04ac74a8e0
X-System-Of-Record: true
Cc: tls@ietf.org
Subject: Re: [TLS] TLS-OBC and channel-bound cookies as a new TLS CB type (Re:
TLS-OBC proposal)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2011 21:20:49 -0000
On Thu, Sep 8, 2011 at 12:47 PM, Nico Williams <nico@cryptonector.com>wrote;wrote: > One way to think about what you're proposing is this: you're proposing > a new TLS session identification and resumption facility and a new > channel binding type whose CB data that are unique for each session > but the same for all connections in that session. > > The session ID here would be the client's ephemeral (private key > thrown away between sessions) self-signed cert. > > Session resumption here would come in two forms: proper TLS session > resumption, and new TLS sessions using an existing OBC. For the > latter case there'd be neither server-side state nor state cookies -- > clever! > > A digest of an OBC would be the CB data for the new CB type. > Yes, exactly! I try to say as much here: http://www.browserauth.net/channel-bound-cookies (look for my mention of RFC 5929). > > I find your idea very clever. > > The only downside is that we'd need two additional PK operations for > all full handshakes. > Well, if you define "session" as something that survives full new handshakes, I guess. I would still call it a new "session", but the same "channel", but at this time we're mincing words... > > Note that we could instead use a new TLS CB type named, say, > tls-session-unique, defined as follows: the CB data will be as for > tls-unique for a TLS session's full handshake. This would avoid the > need to negotiate the use/non-use of OBC, and it'd avoid the need to > add a pair of PK operations. But it'd also make the system more > dependent on TLS session resumption. I suspect that given a choice of > "more PK ops" vs "session resumption becomes more important" then > people will prefer the former. > > Note too that what you propose fits RFC 5056 just fine. Yes, I noticed that, too. Dirk. > We could and > should register a new CB type for OBC if OBC progresses. > > Nico > -- >
- [TLS] TLS-OBC and channel-bound cookies as a new … Nico Williams
- Re: [TLS] TLS-OBC and channel-bound cookies as a … Dirk Balfanz
- Re: [TLS] TLS-OBC and channel-bound cookies as a … Nico Williams