IETF Logo Mail Archive

Re: [TLS] Fate of resumption

Joseph Salowey <joe@salowey.net> Sun, 19 October 2014 17:07 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32D761A0AF8 for <tls@ietfa.amsl.com>; Sun, 19 Oct 2014 10:07:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S9mIdGxHSlZb for <tls@ietfa.amsl.com>; Sun, 19 Oct 2014 10:07:15 -0700 (PDT)
Received: from mail-qc0-f181.google.com (mail-qc0-f181.google.com [209.85.216.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1216A1A00C6 for <tls@ietf.org>; Sun, 19 Oct 2014 10:07:14 -0700 (PDT)
Received: by mail-qc0-f181.google.com with SMTP id r5so2647850qcx.40 for <tls@ietf.org>; Sun, 19 Oct 2014 10:07:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=g0RuNDSfUl5x1elgZLfx+AIz/qjgYJVNWgucXgOuL5w=; b=Q+wnZpIK8OA+eMyOpfMIZJxxCQPfT33JNpDs2M2MivQfP3GR57AL61Z99t6d8WTLtU ncyZLyeO2F5ibugd9FTTRll8PekSWPmxiXtxePwZVWfeBlE7r+8HyRGoNLOWnDRqROt1 FIBC2IvdKaX6BuowhDhk/snQURFp3BxyzEjP4DwqtcIPE71U5ygTAnqS+6AjYgc9fW4z cFaeGxsagOWciVOFEbKi3uB6rbyBXgPDrGrRKb6BJyFOMG3vxrgRqMVayqyUTWMXvtyZ 1mWvWVsjtqkvRBNterQiHB0zV6AFP1OrxPDD+Pt2UMTLXulMVZ07LyS2TpDco4lAz01P UQjw==
X-Gm-Message-State: ALoCoQkiRpjxYlspAgVQ2he+BNnZtLIynq1POIaqJJBVwlIWaLzcGwSA61TB3VMHHLE5c28MwHch
MIME-Version: 1.0
X-Received: by 10.224.137.136 with SMTP id w8mr29455924qat.18.1413738433873; Sun, 19 Oct 2014 10:07:13 -0700 (PDT)
Received: by 10.96.166.35 with HTTP; Sun, 19 Oct 2014 10:07:13 -0700 (PDT)
X-Originating-IP: [2601:8:b300:a5:61ff:e0a3:591a:c844]
In-Reply-To: <CAKC-DJhHKWPSj9pOvDOuvtteD3VtnQDHBtckEFadasJuZG5Mog@mail.gmail.com>
References: <CABcZeBP4=aXbQSFAhh4EenwRiTrv2LP=r50VeULm4f_0RR4swA@mail.gmail.com> <CAKC-DJhHKWPSj9pOvDOuvtteD3VtnQDHBtckEFadasJuZG5Mog@mail.gmail.com>
Date: Sun, 19 Oct 2014 10:07:13 -0700
Message-ID: <CAOgPGoD5GPvz2ZBzJSgycH22BBVhQx3XVkSsfzPxfk73Azyx8A@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
To: Erik Nygren <erik+ietf@nygren.org>
Content-Type: multipart/alternative; boundary="001a11c2d7ac281f910505c9a196"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/6VB9B6SItFC7KKrWLDO9UQOW9xw
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fate of resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Oct 2014 17:07:18 -0000

+1

For the reasons Peter mentioned.  There are cases where the TLS handshake
is used as an authentication mechanism such as EAP-TLS and other TLS based
EAP mechanisms.  Many deployments rely heavily on session resumption (and
session tickets).  There are also many IoT type devices that support public
key based mechanisms and would benefit from session resumption.

Joe

On Sun, Oct 19, 2014 at 8:43 AM, Erik Nygren <erik+ietf@nygren.org> wrote:

> On Sat, Oct 18, 2014 at 12:16 PM, Eric Rescorla <ekr@rtfm.com> wrote:
>
>> I wanted to get the discussion going on whether we need resumption [0] or
>> not
>> for TLS 1.3. This may be a quick discussion as I suspect the answer is
>> yes, but I figure we should decide it rather than just assuming it.
>>
>
> +1 for leaving in resumption for TLS 1.3, for the reasons mentioned.
>
> Resumption is another part of the "istlsfastyet" story that helps in
> selling
> people on making TLS more ubiquitous, both from a performance
> and cost perspective.  Dropping it at this point might harm adoption
> of both TLS 1.3 as well as momentum towards TLS in general.
>
> (Some of the other discussions on this topic focused on best
> practices around session ticket key management.  If resumption
> is going to stick around, then ideally there should be a BCP or similar
> on sane implementation practices that do as little harm to forward secrecy
> as possible.)
>
> One other thing we may wish to consider is the relative safety
> and complexity and interactions of 0RTT vs Resumption for various
> scenarios,
> such as against replay attacks (when nonces are available and
> when they aren't available).
>
>        Erik
>
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>

v2.23.0 | Report a Bug | By Email