IETF Logo Mail Archive

Re: [TLS] Connection ID Draft

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 22 October 2017 15:50 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2232E1399C6 for <tls@ietfa.amsl.com>; Sun, 22 Oct 2017 08:50:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jLEe_yczv4FE for <tls@ietfa.amsl.com>; Sun, 22 Oct 2017 08:50:18 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 413DC1399C7 for <tls@ietf.org>; Sun, 22 Oct 2017 08:50:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 08C4ABE7B; Sun, 22 Oct 2017 16:50:16 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4YyxWuZtdyi; Sun, 22 Oct 2017 16:50:14 +0100 (IST)
Received: from [10.244.2.100] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 99F99BE6F; Sun, 22 Oct 2017 16:50:14 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1508687414; bh=v1LRRMeWl9IYJkR/CVkFTvXe7i9KXJ6TbCTEPIH6k4s=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=J3+7CNe5EHSZY6x8Ws9b0RAjPO9/H7373LsryioWv3mZosBfIejALe5I01UjTJK7D HGAD+/RpQ0sbMr6PVRAHRMMM7b0d0PBdiBCzFlJcLuZ+seY6W5TZlRINlC/yUq15Cn 14Z0y9vELp9ZBygULpfQ1iMYUSHnGnsbkUG0jtxs=
To: Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
References: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com> <574d133f-0531-2206-c7d3-825ebaffacdd@cs.tcd.ie> <CABcZeBM_xUadFDnAK-FLGjqciDOLGoePv8xhSFkmBYS5nooXxQ@mail.gmail.com> <765bb5b0-2129-9ea8-2c51-b6b4163748e8@cs.tcd.ie> <CABcZeBNbt-ZB=8jsp=pKkDfS9qKOogfmjeAieN6KC9KBNkWnrg@mail.gmail.com> <016ec9b6-d59e-531a-0930-9f355edb34be@cs.tcd.ie> <CABcZeBP_a_tLkMz87CBNzsv7LCpPCHYMTk2asN8hHHtgN1ZRFQ@mail.gmail.com> <f8e1f136-014c-6471-c5f2-bff31cc54723@cs.tcd.ie> <CABcZeBOKydO+g-73eB-pqGXKgiD9XYjP3JTQGjy1GwphWenPFg@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <d5849014-8bea-2ad0-0f2d-b477e269d80a@cs.tcd.ie>
Date: Sun, 22 Oct 2017 16:50:13 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBOKydO+g-73eB-pqGXKgiD9XYjP3JTQGjy1GwphWenPFg@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="4uaxBLOr2H8LNcKV2OReqMxBwDgIr1v1n"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6oXgeI9F5Qa7mOUVLQvupA0F_CI>
Subject: Re: [TLS] Connection ID Draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Oct 2017 15:50:20 -0000


On 22/10/17 16:41, Eric Rescorla wrote:
> 
>> Maybe the thing we could agree at this stage is that the cid scheme
>> has to be usable in that one-message-per-day scenario and needs to
>> provide some way that such messages aren't easily linkable based on
>> cids.
> 
> I think that's a requirement in some cases but not others. It might be
> best to settle for the others.

Sorry, I'm not sure what you mean there. Are you saying that you think
the above requirement can't be met by a generally usable scheme?

I agree that not all scenarios need to meet the req posited above.

I'd worry that if DTLS1.3 can't meet the above requirement then folks
will invent something that does, which may be worse than using DTLS
in a bunch of cases. OTOH, one could equally, and maybe fairly, argue
that DTLS really doesn't scale down quite that far, which'd I guess
argue that there's a need for some other security protocol for those
situations.

S.

PS: I fully accept your point that purely napkin-based schemes aren't
good enough and if those're the only kind of hash-chain based proposals
seen, then the WG oughtn't go for one of those.

v2.23.0 | Report a Bug | By Email