Re: [TLS] DTLS 1.3 rekeying and the use of epoch values
Ilari Liusvaara <ilariliusvaara@welho.com> Sat, 09 July 2016 16:05 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A007512D56C for <tls@ietfa.amsl.com>; Sat, 9 Jul 2016 09:05:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.326
X-Spam-Level:
X-Spam-Status: No, score=-3.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4mhLIT2CpAq5 for <tls@ietfa.amsl.com>; Sat, 9 Jul 2016 09:05:48 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) by ietfa.amsl.com (Postfix) with ESMTP id 70FA812D1A1 for <tls@ietf.org>; Sat, 9 Jul 2016 09:05:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id BCB79899; Sat, 9 Jul 2016 19:05:46 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id CxM3_IUfYycg; Sat, 9 Jul 2016 19:05:46 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-177-32.bb.dnainternet.fi [87.100.177.32]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 8CD642315; Sat, 9 Jul 2016 19:05:46 +0300 (EEST)
Date: Sat, 09 Jul 2016 19:05:43 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Message-ID: <20160709160543.GA21163@LK-Perkele-V2.elisa-laajakaista.fi>
References: <577FB6EA.4070101@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <577FB6EA.4070101@gmx.net>
User-Agent: Mutt/1.6.0 (2016-04-01)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6if9TaNT3eadL9_BNoDnRsKHI9Q>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] DTLS 1.3 rekeying and the use of epoch values
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jul 2016 16:05:51 -0000
On Fri, Jul 08, 2016 at 04:21:30PM +0200, Hannes Tschofenig wrote: > Hi all, > > based on the feedback from Ilari this week I have drafted initial text > that talks about rekeying and the use of the epoch value. One maybe workable scheme that occurs to me is: Outside special epoches reserved for TLS handshaking itself (the first 4?), Both sides send using the highest epoch they have seen successful deprotection for or one bigger (both sides start at 4 at end of handshake). That would severly limit the frequency of rekeyings in fully asynchronous usage tho (but fully asynchronous usage of UDP or anything similar is probably a Bad Idea). Also, the epoch use window would be sufficiently small to allow epoch number on wire to wrap around (obviously the actual epoch number would not wrap. That is, peer that has seen epoch 65535 (0xFFFF) from peer can send at epoch 65536 (0x0000), which then can be bumped to 65537 (0x0001). -Ilari
- Re: [TLS] DTLS 1.3 rekeying and the use of epoch … Ilari Liusvaara
- [TLS] DTLS 1.3 rekeying and the use of epoch valu… Hannes Tschofenig