IETF Logo Mail Archive

Re: [TLS] Call for consensus: Removing 0-RTT client auth

Eric Rescorla <ekr@rtfm.com> Thu, 31 March 2016 17:14 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23C4512D09C for <tls@ietfa.amsl.com>; Thu, 31 Mar 2016 10:14:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VQJB785n2d19 for <tls@ietfa.amsl.com>; Thu, 31 Mar 2016 10:14:39 -0700 (PDT)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABFCE12D550 for <tls@ietf.org>; Thu, 31 Mar 2016 10:14:39 -0700 (PDT)
Received: by mail-yw0-x22d.google.com with SMTP id g127so105711001ywf.2 for <tls@ietf.org>; Thu, 31 Mar 2016 10:14:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fTO/9FA2hpOQWekvv3znedl5HR86ZkcyitlS9chwAz0=; b=mqK4Fn0VMSRv5NIhdhmGcB9o4idkgAhZ5ghP1mlCuKGqYNa5Jfoyps0SbjiFl1lUEM YSfQhBYV5i+Wh7lS4TZPVpyG/tP7Iaf6Qe7QJS4mgPcxpPDdOT40y3LNdrkuKBxot5Ho URRzJXE+ezzIIHIwaPMJyjjLWRHFvWHZYvT555/d/8GnFRq1tFdN6AWITgURe3FO+4yy s8iWvmNz6IB0oyPNs5H+ZL6PTTPmKPlp76m/gRJj9iAeuI5gsF294rc9+KQEnC7IG3bq xRjXBjrLC75MjPruG/FnyXfqI2CJgx9QG9Js3hTh2e2qXQ/bDWco1vq6Q7CRKQmsP0bA f56Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fTO/9FA2hpOQWekvv3znedl5HR86ZkcyitlS9chwAz0=; b=e2Bg8Fg1jYDBwmqnQ5sKaPsxfe3onaecFa8y7IWEJ3dKpnolt3CFpJK3WD+/J2d9As kAeycwRctslpQSVIOZaQ25Bg8GuTGT2AwCOuJpTZEbVoWhRuGS48/7sycKE86N1hZiW3 ao2bIIb/45gLEhPLj5DS5zfJU2pVR5V/WC7BuiI5HvQzKZ3v2KdZwUsuSnDBqvIFyB/D EovhTSS8GRyWZUlf4irp7hQagUndVtL0Ln2Ms/cH78HgZqvYIyPWO3nl5i0PhVGhxxoT Tjm0mNSHtsTSkOMf9QAMG2lsGhvJRMWbQM/yHqFdjxKBvZ6zJZ6OmpAHWoSrf5N3Dk8K /oeQ==
X-Gm-Message-State: AD7BkJLjTETz6MUx1/N92efPIrxcdYpjnR/D95+77pjatQto1uxG7gVjCpCflt7On4zouVrKNsTEiSL8jk6f2Q==
X-Received: by 10.129.152.10 with SMTP id p10mr36470ywg.129.1459444478959; Thu, 31 Mar 2016 10:14:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.249.5 with HTTP; Thu, 31 Mar 2016 10:13:59 -0700 (PDT)
In-Reply-To: <56FD5978.3040401@akamai.com>
References: <AABACDA8-6A12-4023-A971-1254CED4893F@sn3rd.com> <56FD154D.1030300@gmx.net> <CAH9QtQGBrvbPp4V8SMwK1WuUQpJKMo-1z8bs6rCO_d-w0JJE8A@mail.gmail.com> <56FD5978.3040401@akamai.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 31 Mar 2016 10:13:59 -0700
Message-ID: <CABcZeBM62eZfZX_yyBbur82ru4y8COzp4s2rurSw6E-XJYeiMg@mail.gmail.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Content-Type: multipart/alternative; boundary="94eb2c0bbf62bd27f8052f5b650e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8dI0zBdo4UTEW6C9NEubIUQtKAU>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Call for consensus: Removing 0-RTT client auth
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2016 17:14:43 -0000

On Thu, Mar 31, 2016 at 10:08 AM, Benjamin Kaduk <bkaduk@akamai.com> wrote:

> On 03/31/2016 12:02 PM, Bill Cox wrote:
>
> On Thu, Mar 31, 2016 at 5:17 AM, Hannes Tschofenig <
> <hannes.tschofenig@gmx.net>hannes.tschofenig@gmx.net> wrote:
>
>> Hi Sean,
>>
>> we at ARM would find it somewhat unfortunate to remove the client
>> authentication feature from the 0-RTT exchange since this is one of the
>> features that could speed up the exchange quite significantly and would
>> make a big difference compared to TLS 1.2.
>>
>
> Client certs can still be used with PSK 0-RTT, but only on the initial
> 1-RTT handshake.  it is up to the client to ensure that the security of the
> resumption master secret (RMS) is solid enough to warrant doing 0-RTT
> session resumption without re-verification of the client cert.
>
>
> That seems to rule out most corporate uses of client certs [for 0-RTT
> client authentication], since I doubt anyone will be interested in trusting
> that the client does so properly.
>

Do those servers generally carry over client auth through resumption?

-Ekr


>
> -Ben
>
> The simplest way to explain how the server should work in this case is to
> just say you need to emulate a session cache.
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>

v2.23.0 | Report a Bug | By Email