Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt
Nikos Mavrogiannopoulos <nmav@gnutls.org> Wed, 16 May 2012 20:01 UTC
Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 767AA21F861C for <tls@ietfa.amsl.com>; Wed, 16 May 2012 13:01:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bRW8vU1g4ujB for <tls@ietfa.amsl.com>; Wed, 16 May 2012 13:01:53 -0700 (PDT)
Received: from mail-ee0-f44.google.com (mail-ee0-f44.google.com [74.125.83.44]) by ietfa.amsl.com (Postfix) with ESMTP id 99BE821F85E6 for <tls@ietf.org>; Wed, 16 May 2012 13:01:53 -0700 (PDT)
Received: by eekd4 with SMTP id d4so359553eek.31 for <tls@ietf.org>; Wed, 16 May 2012 13:01:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; bh=MwVNneylJ5RqJZUakxOl/uqZyimcqejRqDJh0lIHaFs=; b=nN5QxHb1qlI8AgMwlThyvubZLZAZ0EinmFpGfKr6SjIjvwh/bChqYVzZSVvRNeq8vC PNcxWbkzmCK5f1RZnTIOSzsk5skUZ6ND/UiG+QIcqvZmoic2wdG3LO+yJxw5VITbgZbT 1UEjddYcC4ITsIjQ9ubK6JnctWZBTlbpFOWTU4ioBPp/yftOTUil95sQ/WKqrSaSxvBO QW/e7YPE+Rz8NK7WGrV5J8cf+ahkXTIQ/Tfr0KJR/QYElidDWaJBChZLnZRvamr3Si8S jHu6UTDSXab3mALDjqeS0ww6Tk7LU7xPyu22NZKkEfup42RcyDAA7z49whaDE7EhUTKL Z4rA==
Received: by 10.213.113.8 with SMTP id y8mr1751733ebp.101.1337198512811; Wed, 16 May 2012 13:01:52 -0700 (PDT)
Received: from [10.100.2.14] (d51A49E78.access.telenet.be. [81.164.158.120]) by mx.google.com with ESMTPS id z5sm17400495eem.3.2012.05.16.13.01.51 (version=SSLv3 cipher=OTHER); Wed, 16 May 2012 13:01:52 -0700 (PDT)
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Message-ID: <4FB407AA.7050400@gnutls.org>
Date: Wed, 16 May 2012 22:01:46 +0200
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.3) Gecko/20120329 Icedove/10.0.3
MIME-Version: 1.0
To: tls@ietf.org
References: <4FA401F7.5060003@extendedsubset.com> <CABcZeBP=09qyD4Nuw_i-7yM9EPzZY_sPm8jVcjTneJPknP1Lug@mail.gmail.com>
In-Reply-To: <CABcZeBP=09qyD4Nuw_i-7yM9EPzZY_sPm8jVcjTneJPknP1Lug@mail.gmail.com>
X-Enigmail-Version: 1.4.1
OpenPGP: id=96865171
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 20:01:54 -0000
On 05/16/2012 07:54 PM, Eric Rescorla wrote: > - You can fingerprint the server actively cheaply, so hiding that > information from a passive attacker doesn't buy you much. You cannot always fingerprint the server cheaply. What if the server presents different identities depending on where you connect from? In that case passive protection of the server credentials is an advantage. > - Fingerprinting the client is often possible if it does > any HTTP at all (just based on the client's HTTP headers). > Moreover, the cipher suite list is one of the most > powerful fingerprinting tools and that lives in > ClientHello, not ClientHello2. > This leaves us with SNI and the client's certificate. SNI can often be Also SRP and PSK usernames. > Finally, we have the client certificate. The idea of protecting the > client certificate has been discussed many times over the years, most > recently in Paris. However, given the extremely low use of client > certificates, the rather significant level of changes to the > protocol to protect it, and the fact that all the proposed changes > are vulnerable to active attack, these proposals seem of limited > value. Interestingly this proposal isn't vulnerable to active attacks. The client only sends its certificate, encrypted, after the server has presented a signed serverkeyexchange. If the client verifies that serverkeyexchange on reception he can be sure that the only the legitimate server knows the key to read it. In any case certificates, and usernames typically contain e-mails and that makes them a prime target for eavesdropping. Thus even protection against passive attacks is an interesting property for several use-cases. > I don't see that this draft has a significantly different cost/benefit > tradeoff. It's true that it protects more than the certificate, > but (a) it still doesn't protect against active attack (b) most > of the data it protects can be inferred by other means and (c) > it does a lot more damage to the TLS state machine in the process. I believe (a) isn't true. (c) is an unfortunate side-effect and by checking the EH protocol closely, several things could be simplified if TLS had privacy features designed in from the beginning. My opinion is that a redesign of TLS is needed to account for privacy as this draft does. I see this draft being as the first steps for TLS 1.3 which should include privacy protection by default. Dismissing it without suggesting an alternative plan seems like a step backwards for TLS and privacy. regards, Nikos
- [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Adam Langley
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Michael D'Errico
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Michael D'Errico
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Paul Hoffman
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Michael D'Errico
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Paul Hoffman
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Michael D'Errico
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Paul Hoffman
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Mohamad Badra
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Paul Hoffman
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Mohamad Badra
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Mohamad Badra
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Stephen Farrell
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Paul Hoffman
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- [TLS] draft-ray-tls-encrypted-handshake-00.txt Peter Sylvester
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Peter Sylvester
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Martin Rex
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Peter Saint-Andre
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Peter Sylvester
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Tom Ritter
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Adam Langley
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray