Re: [TLS] analysis of wider impact of TLS1.3 replayabe data

Andrei Popov <> Sun, 13 March 2016 19:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C3CEE12D73C for <>; Sun, 13 Mar 2016 12:04:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SD2D3FSarPbo for <>; Sun, 13 Mar 2016 12:04:15 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0D9C012D733 for <>; Sun, 13 Mar 2016 12:04:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=zMbbh8uWx4NoHaCBHOhIOkp59GoaEmqMoo1q8l3Bcwk=; b=LQPi0mqmqLU9WqgRJxM8ATDRbbBM5ARN4a3zOvtZ8FaSTBzKQP+Kk5cKgcodaTqNygs5Of5V0EbnAPPiqQJetHDPtxi5JL7FrkFiRoGPO1bJ7MjBpSwqKAgc7HDHoE7kaxzgjzoK/vOP7TFFqF0nKQIohlSAB0hk25DcqZ52w5Q=
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.1.434.16; Sun, 13 Mar 2016 19:04:13 +0000
Received: from ([]) by ([]) with mapi id 15.01.0434.016; Sun, 13 Mar 2016 19:04:13 +0000
From: Andrei Popov <>
To: Eric Rescorla <>, Yoav Nir <>
Thread-Topic: [TLS] analysis of wider impact of TLS1.3 replayabe data
Date: Sun, 13 Mar 2016 19:04:13 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
x-originating-ip: []
x-ms-office365-filtering-correlation-id: 537f24db-521d-4a78-9972-08d34b72449d
x-microsoft-exchange-diagnostics: 1; BLUPR03MB1393; 5:OpAwNlfjcx664GCvhtjjEukSXvXv2MlvNBcDq7iJ35SwZzSD+gaLd0K7+6HFalhetkzw7gu66r3tpC/qTu/hXmiBxX7R3ebA1X8RsbfgnOP3oeLKFfLWtWK+32mO/dmsKG5M71+b3iEw7PWZC0XMig==; 24:qyTKyEH94nS/cIUR7NuLEnMI2P48QO3TkDnODsmxeup664799y1ZVagjHQEAxtjs02L62JNHo1U/YSBJMqN9VCxqwM7E6YqLacADrVOGfUY=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB1393;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(61426038)(61427038); SRVR:BLUPR03MB1393; BCL:0; PCL:0; RULEID:; SRVR:BLUPR03MB1393;
x-forefront-prvs: 0880FB6EC1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(24454002)(377454003)(790700001)(10400500002)(586003)(122556002)(16236675004)(50986999)(3846002)(92566002)(19580395003)(6116002)(1096002)(5002640100001)(1220700001)(76176999)(106116001)(15975445007)(10290500002)(5005710100001)(5004730100002)(74316001)(77096005)(87936001)(3280700002)(66066001)(54356999)(189998001)(10090500001)(5001770100001)(2950100001)(19300405004)(11100500001)(2900100001)(2906002)(19609705001)(4326007)(102836003)(5003600100002)(86362001)(19580405001)(5008740100001)(8990500004)(81166005)(33656002)(76576001)(19625215002)(99286002)(3660700001); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB1393;; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BLUPR03MB1396B2F9A91C677F70FA3D358CB70BLUPR03MB1396namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Mar 2016 19:04:13.7812 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB1393
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] analysis of wider impact of TLS1.3 replayabe data
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 13 Mar 2016 19:04:18 -0000

What Stephen said about 0-RTT makes a lot of sense to me. However, if one major browser implements this latency reduction feature, the rest will feel compelled to do the same. And EKR’s message below indicates that at least one major browser will support 0-RTT.

From: TLS [] On Behalf Of Eric Rescorla
Sent: Sunday, March 13, 2016 9:21 AM
To: Yoav Nir <>
Subject: Re: [TLS] analysis of wider impact of TLS1.3 replayabe data

On Sun, Mar 13, 2016 at 3:51 PM, Yoav Nir <<>> wrote:

> On 13 Mar 2016, at 4:45 PM, Salz, Rich <<>> wrote:
>> I also think it is prudent to assume that implementers will turn on replayable
>> data even if nobody has figured out the consequences.
> I very much agree.  Customers, particularly those in the mobile field, will look at this and say "I can avoid an extra RTT?  *TURN IT ON*" without fully understanding, or perhaps even really caring about, the security implications.
Perhaps, and I think IoT devices are likely to do so as well.

Is OpenSSL going to implement this? Are all the browsers?

There are already patches in preparation for this for NSS and I expect Firefox to
implement it, as long as we have any indication that a reasonable numbers of
servers will accept it.


(only the first one is directed specifically at you, Rich…)