IETF Logo Mail Archive

Re: [TLS] Unifying tickets and sessions

Manuel Pégourié-Gonnard <mpg@polarssl.org> Thu, 23 October 2014 14:26 UTC

Return-Path: <mpg@polarssl.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C6591A90DA for <tls@ietfa.amsl.com>; Thu, 23 Oct 2014 07:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.397
X-Spam-Level:
X-Spam-Status: No, score=0.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_EQ_NL=1.545, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UTimYe3DOsh1 for <tls@ietfa.amsl.com>; Thu, 23 Oct 2014 07:26:11 -0700 (PDT)
Received: from vps2.offspark.com (vps2.brainspark.nl [141.138.204.106]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 447DD1A9039 for <tls@ietf.org>; Thu, 23 Oct 2014 07:26:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=polarssl.org; s=exim; h=Subject:Content-Transfer-Encoding:Content-Type:In-Reply-To:References:To:MIME-Version:From:Date:Message-ID; bh=TwSL6kYHL1EwIhhhrShBXLJn4kpnebj5GOm4PCRperY=; b=h0FECej9DTPXzm7onCUKUSdLe7yshEDQpCMrjfQcUVi5Ney+nj2FUuXdk7/Vismm3EORVyl5+Rq7EFKcw0aRZJ7X9CHcYfmiXFfmIAupidcwAjPkLIIBuHpdUJzcNx+AMHDsDaVYs7+WEajSw8uUoT6bZsTt4/Ac+Fhd7lOBGMo=;
Received: from thue.elzevir.fr ([88.165.216.11] helo=[192.168.0.124]) by vps2.offspark.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mpg@polarssl.org>) id 1XhJL1-0000ce-QI; Thu, 23 Oct 2014 16:26:04 +0200
Message-ID: <54490FFF.60706@polarssl.org>
Date: Thu, 23 Oct 2014 16:26:07 +0200
From: Manuel Pégourié-Gonnard <mpg@polarssl.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Hubert Kario <hkario@redhat.com>, tls@ietf.org
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C48AF@USMBX1.msg.corp.akamai.com> <CAK3OfOj9bZcSDdWhHGeGT0STg6XBkYaExW+rQFN-FFE4oaPLrw@mail.gmail.com> <54483C33.4000702@polarssl.org> <11886639.VyNDkQ3oKj@pintsize.usersys.redhat.com>
In-Reply-To: <11886639.VyNDkQ3oKj@pintsize.usersys.redhat.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-SA-Exim-Connect-IP: 88.165.216.11
X-SA-Exim-Mail-From: mpg@polarssl.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on vps2.offspark.com)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/7MK5lYIDpqlNSUCnmmzaVn6eaN4
Subject: Re: [TLS] Unifying tickets and sessions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Oct 2014 14:26:12 -0000

On 23/10/2014 16:03, Hubert Kario wrote:
> On Thursday 23 October 2014 01:22:27 Manuel Pégourié-Gonnard wrote:
>> Eg, if a server is only going to negotiate 128-bit suites because it thinks
>> it's enough and doesn't want to waste cycles on more than that, then
>> encrypting the tickets with a 128-bit key is fine. If it is prepared to
>> negotiate 256-bit suite with some clients, it should encrypt the tickets
>> with a 256-bit key.
> 
> While it may negotiate AES-256 (because it wants to interoperate with clients 
> that are configured to not to present weaker ciphers), doesn't mean that it as 
> a whole is configured to the 256 bit level of security.
> 
> With TLS1.2 it may sign the (EC)DHE parameters using SHA-1, it may use RSA key 
> exchange using only 2048 bit keys, it may be just a local proxy server that is 
> hard coded to connect using AES-128 with the backed servers over open 
> Internet.
> 
Yes, good points.

> Yes, server should encrypt the tickets with as strong algorithm as its most 
> secure cipher, but there are many situations where it's not necessary. "MUST" 
> is certainly not applicable.
> 
I agree, and I'm not advocating for a MUST.

Manuel.

v2.23.0 | Report a Bug | By Email