[TLS] Re: [EXTERNAL] Re: Disallowing reuse of ephemeral keys
Andrei Popov <Andrei.Popov@microsoft.com> Thu, 12 December 2024 18:10 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8626C14F69A for <tls@ietfa.amsl.com>; Thu, 12 Dec 2024 10:10:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.253
X-Spam-Level:
X-Spam-Status: No, score=-2.253 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MJfOBw1QB3Il for <tls@ietfa.amsl.com>; Thu, 12 Dec 2024 10:10:59 -0800 (PST)
Received: from CH4PR04CU002.outbound.protection.outlook.com (mail-northcentralusazon11023141.outbound.protection.outlook.com [40.107.201.141]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35430C14F5FE for <tls@ietf.org>; Thu, 12 Dec 2024 10:10:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lGJEQJyMNu8+gLtIaKAnEhEZuSOWsmJi/Ov/p+69LYcR00rCqJHwz9KnoPmNEbIV1DvKYXtJtNxMbpAkEQE46+AhfNULOfxRHDZo6vkcnxHFMcryQJfG+CY2P2WxU4XTwaPks3qgG1ZjMtOdJl+5xfB8IIYHCJ0rfVDDEDlZ/l1sYJXMpiqIAnW9Svey/5fL6p5qXrkCKH5ESD9cb+oEQGgVbBYdYC6G/3rsqoEtF0owVZ8Vdes6ZnbvqXD0J0B9WGATahDWwcpjcnxPRKViP5j8CuBwZdpNzTQjk49R3zvb34IaUWK5Aeaa12JfKQ0uKR9N7C0rNCGwEBX4FChjmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qHM7EGOIbpZ+BFvqhwlI0MHwADT0zWgIIBratLChnpE=; b=Ab9F4cDJRoFkiW8oJnlLqc/t42rnTwBTC+dQvO8eaQGxx2GEuHFlVhcgLP2hjbMEsOmRIehVC5DAwIYR1RScFIJn/8zwOq5E/FtGdExT/FN+kiFpZ9DcFe9u5i21qxwqxvIDDWvqxPF5i9NMYAb21BG0EOosDvRw1rJAyrS1uni885GgPx8Uuqy9Zp41rxMViSDdPbXv1qsGVqy5zmJ33nNUG6a4bgtwbWJIpGHcu5fwOl+146AbDJG1qEpkdZ7HkvghGwtcADJoVoMAMvuhM8z8UwuTXvEQivNUlGMmkHwRjiE/pKOKcjj1DIS0Qk+NeuL2fMKeis3p+FaDyJ84Ew==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qHM7EGOIbpZ+BFvqhwlI0MHwADT0zWgIIBratLChnpE=; b=OB9wTGXJw3EUsy5xDCl24T/GWlXNnW7lwCjUaU79EFpQvdcCacI03qsacfvMe9Aymz/dpibnf9oFu8NrjguIJS1pvbHRAYlQrBA4JEhAokgX3p1h1IrvXeplu26jqi/clcchkBELGd66yBYUxqPdm4nIIlW+9LLTs+9ay76BP3A=
Received: from LV8PR21MB4158.namprd21.prod.outlook.com (2603:10b6:408:268::11) by LV2PR21MB3278.namprd21.prod.outlook.com (2603:10b6:408:170::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8272.4; Thu, 12 Dec 2024 18:10:57 +0000
Received: from LV8PR21MB4158.namprd21.prod.outlook.com ([fe80::102d:8d6b:5022:9d9f]) by LV8PR21MB4158.namprd21.prod.outlook.com ([fe80::102d:8d6b:5022:9d9f%4]) with mapi id 15.20.8272.000; Thu, 12 Dec 2024 18:10:57 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Russ Housley <housley@vigilsec.com>, Joe Salowey <joe@salowey.net>
Thread-Topic: [EXTERNAL] [TLS] Re: Disallowing reuse of ephemeral keys
Thread-Index: AQHbTL1x60v1h5egNUSzKClEEcSE2bLi6Ltg
Date: Thu, 12 Dec 2024 18:10:56 +0000
Message-ID: <LV8PR21MB4158CEABE28A5068931F32788C3F2@LV8PR21MB4158.namprd21.prod.outlook.com>
References: <CAOgPGoCHnXZzzoAFT8GGmByr=7y1j5wM3ptPc4_JBF3FhtVNmQ@mail.gmail.com> <58BD40A7-CDD1-4EFB-9914-1902A68C13EC@vigilsec.com>
In-Reply-To: <58BD40A7-CDD1-4EFB-9914-1902A68C13EC@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=d10de177-a900-4cee-a3eb-0c9a6caf8123;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-12-12T18:10:20Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LV8PR21MB4158:EE_|LV2PR21MB3278:EE_
x-ms-office365-filtering-correlation-id: 8dd65acb-6809-4ada-8ce7-08dd1ad8535a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|7053199007|8096899003|38070700018;
x-microsoft-antispam-message-info: trYcLJxYYYmDK8xeB1B+4naEg9rDxXdm48y6mLWg4tZE8+DSWamVBXI0ORpJtBRmih9qJVlMCsMbHcMzv3PGOMJt9Dg3e1mv6454PE2gsZZgFxflzQ6nUD5ARLZxQtmr161itUeiZmnQJR8Y5eN9WRF40ghQ+LC28mugs8V72Ta2+zXJSqX5ZLblydUOiZOeHeZ7Nq7GGIioAkMwvblOskl0RzoSB+aWmkDkh16T/qnoOrlDiSZtustsHF+rtkg2mf4XhqhfxCSp3YNGmc8yRIf9tfaxkr0dP6xToJ1o+T/9uUgSGgpGrE9dHV70xN9Y6mkwWI+PRB+KXbGdmjuFpV35G27hK9QRQxULmHcFJ5UND4d7gdkf3ASyTVvvCJH1kGzoRZLA39PFu4/xoqX3YWh/GWQLi8/3TOCHKCJZHTsn8E8iDTPeGttEfgkEpz2ga3aO/TMjAIFXTf4HQcN6IgUia5JPqoSZPaBAkgGXvjlKw7o9trNkRS0sjFXuljXa+rQTenJBoxmiukRAQiqrqrxjukFNHt6/+JV9gvwVPfijOZ8HPYtlnKD20inbTmn9da2DxpygWuid8+0c0S/hjWK6z9JB3m31FhvLBasO5+HK1SDE3vdxAzv8XKvw52owyHdfgqvGhB/pPajpFAhbzFaFjFxbcWsHTsUWJNJAVHX1dzoDQnK6K+5Jmu2BIL+ylLJrFkZ03DqdEtXOITeMoITFnrJMnMJvdA1ygxpBraQ/O5PFA2WHqtM0+hje2AdLjnra+b1p6E20uJH3FccNEaAwM0Cq+4aYBGFZlqqxGldo3whTF6KlbG/o/lVT/1YMF1KxEc7LWVzRVzMDkat57J6XhZ1n5FrOM+zyEIcJCbV7Smrpr2Q3Kjk5w8juv3orslvFtsisRykZISQXXX0FnsSM0H+PvUZQYrzLE5cEx8Y2oXGyIsXZzYnIbdNAE4ogN+ARHA4W8kjVaeVdAzPQQgZ3j0JDwvbCG3s4r813fmW9xOgj3sPcYOCyZ40EojwWURGYf9gfhy6Lk8eTTCkSxBiwMG41fs4U0+1r+rmGQ1916cSUioQaFhVKJF9hGiiPLBSWY1V925itVz+foI3R6w/tlv35byv0n521OOp3+y0xS0dPePvr3KvhCRnemMr9B8drU6m0j3yIacJHZC8jxdyMbKTGTyiI1zCElAcuOvRmW/SaUyxl5WS2pMRzJNyr4hs3mwlyDLpSjp5//5E8AeADD2acSk6p3633VMOEOKcG3EIzyazUbGBK6Tjszq/UwX/PiyJhzBUue6lorkqWZxJlvT4APZlxL4TXcmDtzVDjvxN8u0eTfDxAHzKzxmgB+dxKsHfYxlXf3WH5J7nsdIgNRD5Y+ki0749fYHE1tionxYYeg2LMFN8PAmgWV+7cFWutNCyHTygJ8praZ+vvfGY5jEBzgELA6SUZ2Qv4u8LTciB/aEfbPl9Pt1RHnScI
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR21MB4158.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(7053199007)(8096899003)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 1T6KE5sINe9OU2PL08kgZzc1tgJFa5UDbnLKOTqIs0j5QkL1lqj9q+Untccv/A4v9ouY47Y5ENnJr4kP5OB+Znm0opSj5z85wM4dYFcsm3s5y6/LoJv7P5wFu16PgcKhFoJUpTb8aQtFM4wYWgVZGEz9Ra1kkffQ06TUjQ5INrrwVB5k4vTCRPPmY/a3sRsOReJLukXLJ66Lhv69+5Eve/vV8pI36I2bmORtKOqvZN5GPZOEq6U5jDv+TQdC+CVYZigOB02qKzqxe2Tq26CmfNWWFQGvHAYL9/ZWR15UHv2M7cmQW5fPrQtQZaT4J+JWv4PvHZvNIbwR5/vLEmpArMbLQgif55fztzK1DzB9/FepK7EOZ4/YDIu2E4Ym7z/ohJKqNARprXhXwbH+MYNtO3zSXU0OkI/7s4yMWgQT28kcWyhye49k92yi/ca8MYvOKrTXzfgvnnnTE5ue4TYq7tZjRSye/FmKLT5Fh/UuOS15eJX8IsrNKU0a2RJbS26wnSBmGcvSWVHETtnIB5tY1nKgTX7oin1xIMNlIjGTHq6DuD7G647njuK9WkyOhTAZBReOYC+YXaM2xj2avldjckZPLIfQfXBZc2tnuSG8135O72xlXaNwNfzLeKjRfyLQBKvp2afAOZGnORO3pAhV9F+n0SBEjh0SWlWdTtiEhoBf0mGWGwDkgu68sXOhFx2+1oUgS53UbBGNy1NZ0NxIsnjVoIm+hVybB7Jg/FAztD1Ldh+XZDycnA1M3No/0RbgC9nuhwIlNtiTsgKFqS2D2qVc9++9Qqy8EX1RBLruKmkmA2XpTxzezOBWVHErFPeolAZ5uV1TEMkIWsTGGrExMSZtAScoPT+Qaffq+g5oZHIXbGkjeCN4b91EZh4nulhLpCQpTb+uCdgvssi+qNpf7PmjbUZ/q8otRWjHjtaAicKQn9v7ba02ZHR3RmJ+mejrhe8vIA3WTPYHoP7ZYJN6Lmv6uI+v+5/RSyGVZ9QJkoUVUdyz1GgBMm4E2tB8m+tLjoHllPlvxlRM5vBoCxBT8hQE78a/4mXCGc9w0s1PFFWk62r3Fj2kgXMJl/FzU+r8IQGwwdI/Qm3ttvn/EJyP4pJGkhL3IqB234W7sWctZu+JkA42Cn8b+IgE59foAk8uA9GoyqTKLLz8YuPkI3nrU/nexWIYNqcoICxxe2rJJf9R3I1i4EXsOfs2np0eY4k0VDfq6gO0oh9x78EaDHeaN/FCaBaEtIc9YtTt4coXCVCsqfkigUKNDo60yhpPl3miwynuj7fM/JEm6gWzSCirMx8lAk617GJ2Z6FjKDd/21YWD3jBDec+tdSLEWhF8P4VaoYTViTxKsGaCZMB9pJ50TFxZ1dj3o/YFFH/rL8uaM1PoVdkxKsPUgOnONe+uMs84ICruGoWa9Zvgtzr3U6uKsKwqdUH2dUbrkQsE9b8hJGSCllST/dBpccNIA8JpSddkAdJwVnmrOVNEzwuR3a8z/Cklao9h91lauwUEvwlGOaT/LPqL0//YUZoG+StZcAgF7jwuWXBBLjHTVXUR0iG0L0U6JMSpsfuka9WFKECPfH62FTkf3sX3O9Gz3qQ24sr
Content-Type: multipart/alternative; boundary="_000_LV8PR21MB4158CEABE28A5068931F32788C3F2LV8PR21MB4158namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LV8PR21MB4158.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8dd65acb-6809-4ada-8ce7-08dd1ad8535a
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Dec 2024 18:10:56.9743 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: U2a8l5On0le00YSMu+85eE8UbXpvzEfpDn7vtBGQkNZ9/aWcUKgX/d1TFdI8KnmKNy1JJKSgYbZyh6q6RpF/1g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR21MB3278
Message-ID-Hash: F6WRP46XMS325EN5UTYOUCSMFJJ3UC3T
X-Message-ID-Hash: F6WRP46XMS325EN5UTYOUCSMFJJ3UC3T
X-MailFrom: Andrei.Popov@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF TLS <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [EXTERNAL] Re: Disallowing reuse of ephemeral keys
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6TseFnsL-oV9UNnWaN41eCEcJbo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
+1 in favor of option1. Cheers, Andrei From: Russ Housley <housley@vigilsec.com> Sent: Thursday, December 12, 2024 9:43 AM To: Joe Salowey <joe@salowey.net> Cc: IETF TLS <tls@ietf.org> Subject: [EXTERNAL] [TLS] Re: Disallowing reuse of ephemeral keys I prefer option 1. Russ On Dec 12, 2024, at 12:35 PM, Joseph Salowey <joe@salowey.net<mailto:joe@salowey.net>> wrote: Currently RFC 8446 (and RFC8446bis) do not forbid the reuse of ephemeral keys. This was the consensus of the working group during the development of TLS 1.3. There has been more recent discussion on the list to forbid reuse for ML-KEM/hybrid key exchange. There are several possible options here: 1. Keep things as they are (ie. say nothing, as was done in previous TLS versions, to forbid the reuse of ephemeral keys) - this is the default action if there is no consensus 1. Disallow reuse for specific ciphersuites. It doesn’t appear that there is any real difference in this matter between MLKEM/hybrids and ECDH here except that there are many more ECDH implementations (some of which may reuse a keyshare) 1. Update 8446 to disallow reuse of ephemeral keyshares in general. This could be done by revising RFC 8446bis or with a separate document that updates RFC 8446/bis We would like to know if there are folks who think the reuse of keyshares is important for HTTP or non-HTTP use cases. Thanks, Joe, Deirdre and Sean
- [TLS] Re: Disallowing reuse of ephemeral keys Richard Barnes
- [TLS] Re: Disallowing reuse of ephemeral keys Russ Housley
- [TLS] Re: Disallowing reuse of ephemeral keys Filippo Valsorda
- [TLS] Re: Disallowing reuse of ephemeral keys Richard Barnes
- [TLS] Re: [EXTERNAL] Re: Disallowing reuse of eph… Andrei Popov
- [TLS] Re: [EXTERNAL] Re: Disallowing reuse of eph… Christian Huitema
- [TLS] Re: Disallowing reuse of ephemeral keys Eric Rescorla
- [TLS] Re: [EXTERNAL] Re: Disallowing reuse of eph… Andrei Popov
- [TLS] Re: Disallowing reuse of ephemeral keys Peter Gutmann
- [TLS] Re: Disallowing reuse of ephemeral keys Thom Wiggers
- [TLS] Re: Disallowing reuse of ephemeral keys Bas Westerbaan
- [TLS] Re: Disallowing reuse of ephemeral keys Loganaden Velvindron
- [TLS] Re: [EXTERNAL] Disallowing reuse of ephemer… Alicja Kario
- [TLS] Re: Disallowing reuse of ephemeral keys Martin Thomson
- [TLS] Re: [EXTERNAL] Disallowing reuse of ephemer… Scott Fluhrer (sfluhrer)
- [TLS] Re: [EXTERNAL] Disallowing reuse of ephemer… Richard Barnes
- [TLS] Re: [EXTERNAL] Disallowing reuse of ephemer… Scott Fluhrer (sfluhrer)
- [TLS] Re: Disallowing reuse of ephemeral keys Scott Fluhrer (sfluhrer)
- [TLS] Re: [EXTERNAL] Disallowing reuse of ephemer… Dang, Quynh H. (Fed)
- [TLS] Re: [EXTERNAL] Re: Disallowing reuse of eph… Andrei Popov
- [TLS] Re: Disallowing reuse of ephemeral keys Stephen Farrell
- [TLS] Re: [EXTERNAL] Re: Disallowing reuse of eph… Viktor Dukhovni
- [TLS] Re: [EXTERNAL] Re: Disallowing reuse of eph… Sophie Schmieg
- [TLS] Re: Disallowing reuse of ephemeral keys Joseph Salowey
- [TLS] Re: [EXTERNAL] Re: Disallowing reuse of eph… John Mattsson
- [TLS] Disallowing reuse of ephemeral keys Joseph Salowey
- [TLS] Re: [EXTERNAL] Disallowing reuse of ephemer… Richard Barnes
- [TLS] Re: [EXTERNAL] Re: Disallowing reuse of eph… Joseph Birr-Pixton
- [TLS] Re: [EXTERNAL] Re: Disallowing reuse of eph… Eric Rescorla
- [TLS] Re: Disallowing reuse of ephemeral keys D. J. Bernstein