Re: [TLS] TLS 1.3 Problem?
Michael D'Errico <mike-list@pobox.com> Mon, 28 September 2020 22:32 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDC5F3A0CB7 for <tls@ietfa.amsl.com>; Mon, 28 Sep 2020 15:32:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pobox.com header.b=NK4b5QWI; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=UiXTCmiT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QL37Oenz3xTJ for <tls@ietfa.amsl.com>; Mon, 28 Sep 2020 15:32:57 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 586EC3A08C1 for <tls@ietf.org>; Mon, 28 Sep 2020 15:32:56 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 42B495C0112 for <tls@ietf.org>; Mon, 28 Sep 2020 18:32:56 -0400 (EDT)
Received: from imap21 ([10.202.2.71]) by compute2.internal (MEProxy); Mon, 28 Sep 2020 18:32:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pobox.com; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=9AjqyFZxHYz3NhksIQuTR/yr4IMCwAH mNz+dM/KLKWk=; b=NK4b5QWIuUMNyR0Eh040DY/3IDRN4md/jgAFwN0WUE0PEKv A1xi4JVVMlYxyi6kMGkNjUZCnvs/Kt4BEyKeug+1C0Yv7XzmGZOBexWulu23NA9d aodi80HZudxUTuaCy/BFa0sDQ0I0UHl5n+325HYB6Ro6PJy7h04ed2XyEIRddB1R Y+TrcPrFc7LRNu3QP5hpyiYZWFoQj7yVrqLmZdk2nuqLgCwP/XmWSS+my41PZfLA wkmkwwcWVwW3dGcRSF/QhFz0xdS9El8a/i3E7R0Qo8ce4NiGwmBlZRNonF94f7kM XS1wjprBZGNbvfJR602hdinQ5RgZbGTf7P8nQxg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=9AjqyF ZxHYz3NhksIQuTR/yr4IMCwAHmNz+dM/KLKWk=; b=UiXTCmiTOmxI+6JjSLXWkf QjwIGHojYA5NBasq1TPxkbwwwrryl9e0ySabC76HcAAJa2Ij36UkpNiTiq+PbnEv E/kue3F4+tY4uGBMPor2wn9DlOAZXrOAlUL0D7Q7W/OyiqVUTxk+ciVTM7cdKs+m 3/DlgQWm4R3OqaJgaytQ2/RGnYa1IcCPBZ8RMal/8pPuIfliy4CunExBWbfvVly4 5rCfseYNv6jcwF9mkJIOlMtZchavXqofFSxvYVRMpHeVXQ2rKs/yThaxFLy0qwPy S7Er8q5EqPL7VK98OA7OdnThse1XjEhdETxYwHwJ8+hvwX6aOBXkxpccVqbnOarg ==
X-ME-Sender: <xms:l2RyX_ZPYpdjleVy8sBja3ALsMCwq4sTP2WVpUYnzANqN1AtWITBKA> <xme:l2RyX-YrcRtgbP6EYjzcHDtnD-ispJ9tlVA5GlZAOPqqZfwM_mUvx-I61Eb87sCes frzlTZ8W148nJjKUQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdejgdduudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdfoihgthhgrvghlucffkdfgrhhrihgtohdfuceomhhikhgv qdhlihhsthesphhosghogidrtghomheqnecuggftrfgrthhtvghrnhepieejueegheelgf ehtddvueetteefuefgffdvkeehteeutdekffejtedtiefggfdtnecuvehluhhsthgvrhfu ihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhikhgvqdhlihhsthesphhosg hogidrtghomh
X-ME-Proxy: <xmx:l2RyXx-tCEBDKH02HK7_-2_iNjJj7u7Q4TOHaSEoHX1RdlCPW0HfdQ> <xmx:l2RyX1r8ss7J7A3bnd5iGr_O9V5tNnf27E0pqHtzGfhcT4NOBShvbA> <xmx:l2RyX6oSKrxv_RmcSsL6AT05SjDTdaqcDqL_I1DenzMRpSpG8-Ro3w> <xmx:mGRyX32DNHh2qpJ5JXVw_Hk1pLnyaZCuO5XSpvFamrc6hhV0vrVtZA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id BC60366006F; Mon, 28 Sep 2020 18:32:47 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-355-g3ece53b-fm-20200922.004-g3ece53b9
Mime-Version: 1.0
Message-Id: <1c7e2f31-8a9e-4bd8-9e80-ab18ebeb609f@www.fastmail.com>
In-Reply-To: <AM0PR08MB37164F2D0E0CE5FB6D62D461FA350@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <0c31f2d6-5f8e-2fd6-9a1a-08b7902dd135@pobox.com> <AM0PR08MB37164F2D0E0CE5FB6D62D461FA350@AM0PR08MB3716.eurprd08.prod.outlook.com>
Date: Mon, 28 Sep 2020 18:32:26 -0400
From: Michael D'Errico <mike-list@pobox.com>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5VzxAZalYlXBluINkXhiYDLDk2E>
Subject: Re: [TLS] TLS 1.3 Problem?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2020 22:32:59 -0000
On Mon, Sep 28, 2020, at 11:07, Hannes Tschofenig wrote: > > Luckily, we don't have any angry cryptographers in this group. Were they all pushed away too? Anyway, back on the topic of stateless HelloRetryRequest, I don't see how this can work given that the client can make several modifications to the ClientHello which will invalidate the hash sent in the "cookie" (even if the client echos it back as required without modification). Is stateless HelloRetryRequest even being used? If so, how? Mike
- [TLS] TLS 1.3 Problem? Michael D'Errico
- Re: [TLS] TLS 1.3 Problem? Ben Smyth
- Re: [TLS] TLS 1.3 Problem? Michael D'Errico
- Re: [TLS] TLS 1.3 Problem? Richard Barnes
- Re: [TLS] TLS 1.3 Problem? Michael D'Errico
- Re: [TLS] HelloRetryRequest question (was Re: TLS… Michael D'Errico
- Re: [TLS] TLS 1.3 Problem? Hannes Tschofenig
- Re: [TLS] TLS 1.3 Problem? Michael D'Errico
- Re: [TLS] TLS 1.3 Problem? Watson Ladd
- Re: [TLS] TLS 1.3 Problem? Rob Sayre
- Re: [TLS] TLS 1.3 Problem? Martin Thomson
- Re: [TLS] TLS 1.3 Problem? Michael D'Errico
- Re: [TLS] TLS 1.3 Problem? Ben Smyth
- Re: [TLS] TLS 1.3 Problem? mrex
- Re: [TLS] TLS 1.3 Problem? Martin Thomson
- Re: [TLS] TLS 1.3 Problem? Michael D'Errico
- [TLS] Is stateless HelloRetryRequest worthwhile? … Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Martin Thomson
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Nico Williams
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Hannes.Tschofenig
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Salz, Rich
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Benjamin Kaduk
- [TLS] HelloRetryRequest question (was Re: TLS 1.3… Michael D'Errico
- Re: [TLS] HelloRetryRequest question (was Re: TLS… Michael D'Errico
- Re: [TLS] HelloRetryRequest question (was Re: TLS… Benjamin Kaduk
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Rob Sayre
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Salz, Rich
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Nick Harper
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- [TLS] Client attacks on stateless HRR? (was Re: I… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Nick Lamb
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Luke Curley