IETF Logo Mail Archive

Re: [TLS] Renegotiation: trying to summarize

Martin Thomson <martin.thomson@gmail.com> Fri, 20 June 2014 16:21 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B08AE1B2860 for <tls@ietfa.amsl.com>; Fri, 20 Jun 2014 09:21:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5-mbcQGYN6_T for <tls@ietfa.amsl.com>; Fri, 20 Jun 2014 09:21:40 -0700 (PDT)
Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D425C1B2858 for <tls@ietf.org>; Fri, 20 Jun 2014 09:21:39 -0700 (PDT)
Received: by mail-wi0-f180.google.com with SMTP id hi2so1112224wib.7 for <tls@ietf.org>; Fri, 20 Jun 2014 09:21:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=dF99EpO0aL/h94ce3NSnwV+qJ/tCwnF2O/4qLOELpeo=; b=PiUT4r4USmDIVdKcJgWes04MeWYJZ4r9ez9QFdoKu4BZ07XovetqmQ9I2eoR9/WFDI 83uNFVCzrrWa0aZpj0tbwcYdmWO+Ac9Jzg4IubnKeA/9mCx6OLqzAgzZ8HFIb2wG/mAm 1GMe50vBkJMJq2XFS+Ac8MpjsFm0zbGVjiGRdiXM13ptN4Ie9wk6DuuJpbv+Cs3bHvpy /ub6Ygy0WpOVkuXzSyWenMPwv2zlOQt9pAHJkE/aRqVrSuUGH6roy9a4ZWs6OKlxzgtT Dvf0CDUI9o+Ano3N6tDYsXdyecRQt5Auubhx9o0v6yF7oCSVYE124jB5Op/AAwvOXPpW 2gkA==
MIME-Version: 1.0
X-Received: by 10.180.19.233 with SMTP id i9mr5440559wie.38.1403281298348; Fri, 20 Jun 2014 09:21:38 -0700 (PDT)
Received: by 10.194.51.134 with HTTP; Fri, 20 Jun 2014 09:21:38 -0700 (PDT)
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C7181E9EA8A8@USMBX1.msg.corp.akamai.com>
References: <CABkgnnU+9mBdqffcbrmcghH9b3cb_Qh2R-XGWSu6MwB-0y99Lg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7181E9EA8A8@USMBX1.msg.corp.akamai.com>
Date: Fri, 20 Jun 2014 09:21:38 -0700
Message-ID: <CABkgnnUZNG+mKBeAHfiyLw_nZf7b0fRWRV3-dHGonB-OLYk6+w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/5R5WdDg_sVw7i81LBzD8MmPx20Q
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Renegotiation: trying to summarize
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jun 2014 16:21:41 -0000

On 19 June 2014 19:25, Salz, Rich <rsalz@akamai.com> wrote:
> I don't see how #3 "rejects that thesis."  Actually, looking at your note I would disagree with all of your characterization.  To me, #3 says that change is a problem, so explicitly start a new session if you want to change things.
>
>> Some have suggested that it be phrased in API terms as a new connection, that the application needs to request a new connection to get the handshake to happen.  In others, this is just a different spin on renegotiation, with a little dead air while everything is changed out.  In the latter case, I don't see how this is any different to retaining renegotiation.  The former seems like an optimization of #1.
>
> I was thinking that since the TCP(whatever) connecdtion was open, both client and server would already "know" who was on the other side, and if the restarted connection ended up with different identities (on either side), it could signal an error to the application.  Or, either side MAY send an alert if the identity is "unexpected" or different. Maybe that's a SHOULD or even a MUST. Also, for I'd expect that the client could now use the 0RT since it has the server's DH key.


That's detail that wasn't clear.  So the idea is that only some
properties would be effectively immutable, and that immutability is
enforced by the stack.  Identity seems like an obvious candidate for
immutability, but that would prevent the spontaneous client
authentication use case.  We'd need careful rules around what can
change, what requires an alert, and what causes the connection to
abort.

I'll note that 0RTT could reduce the amount of dead air, but not
entirely eliminate it.  Server initiated restarts (as opposed to
renegotiation) would lose time if they had to stop sending at that
point.  And for clients, we currently have a limitation with the 0RTT
handshake in that the first flight of data needs to be entirely
contained in the encrypted ClientHello extension.  You can't trickle
data out without risking an explosion from non-1.3 servers.
Obviously, you know that the server talks 1.3, so maybe we can have
different logic here to allow for regular data to flow...  You see
where I'm going?

v2.23.0 | Report a Bug | By Email