Re: [TLS] 0.5 RTT
stephen.farrell@cs.tcd.ie Wed, 24 February 2016 03:36 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 728FD1B2DA0 for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 19:36:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.307
X-Spam-Level:
X-Spam-Status: No, score=-4.307 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0UT4lgNXTofa for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 19:36:23 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E84FD1B3964 for <tls@ietf.org>; Tue, 23 Feb 2016 19:36:22 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B03B9BE4D; Wed, 24 Feb 2016 03:36:18 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J-WnO0-2LwA1; Wed, 24 Feb 2016 03:36:14 +0000 (GMT)
Received: from [127.0.0.1] (unknown [216.9.109.44]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 79EA5BE29; Wed, 24 Feb 2016 03:36:13 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1456284974; bh=KfYYNyMS3XC7XdMmGARy9yjnPb8ZCmjmmCSdRLA6s5c=; h=To:Cc:From:Subject:In-Reply-To:References:Date:From; b=qPWELI/hZqtNkNpZH/7ogt8OuBfK5FUnlBNdZbAU31mAMlxjNraEfqv90Kb5a2xPv ChTA6L/2sR+3S4fAVuh6KDzbT2iARJy4cNJ4kIBxD/apoxlKW49x7QXKXJDsRqnHV9 Mg/dQ3ONkrQFMcydQC/EMlRXTFOh0qWxo2myux+M=
X-Priority: 3
To: watsonbladd@gmail.com
From: stephen.farrell@cs.tcd.ie
In-Reply-To: <CACsn0c=h+uKiKJqshikwKZ96O7ncaUDLf07_EN3Mspv8Fd-BhQ@mail.gmail.com>
References: <CABkgnnW1LRhSA_i0nL=rDYnUwBZWg5dSys7yk6aDefYWptnpZQ@mail.gmail.com> <8FA1A0FD-B911-474F-AC08-6208A80EB980@gmail.com> <CADi0yUPOEL++R+_Nhy4NTfhzsA6UjbVbMAEiPx1Qg9+vPPHt7g@mail.gmail.com> <CABkgnnUHmtrRNnOyVXdOe-fnAcN7WVKfX=ycXiugV8A77OjQCQ@mail.gmail.com> <15C73D91-9CDD-488E-87AF-4EBB1C8202CB@gmail.com> <CABkgnnVxrpkMqdmV_JkMaEY39BZ=O07xeWcpod2fwRb3W4_sQA@mail.gmail.com> <CADi0yUN5b+CfzM-jH5xNL0dgU2u09OzmcUzV3uOwdEmP3wBr5A@mail.gmail.com> <56CD0C1C.9010501@cs.tcd.ie> <CACsn0c=h+uKiKJqshikwKZ96O7ncaUDLf07_EN3Mspv8Fd-BhQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Date: Wed, 24 Feb 2016 03:36:03 +0000
Message-ID: <g0hfq8.o318o8.2rxclj-qmf@mercury.scss.tcd.ie>
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8nE8DHHIxMGCY-ChkNBudJsJols>
Cc: karthik.bhargavan@gmail.com, tls@ietf.org
Subject: Re: [TLS] 0.5 RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2016 03:36:25 -0000
On Tue Feb 23 19:28:12 2016 GMT-0800, Watson Ladd wrote: > On Tue, Feb 23, 2016 at 5:49 PM, Stephen Farrell > <stephen.farrell@cs.tcd.ie> wrote: > > > > > > On 23/02/16 22:37, Hugo Krawczyk wrote: > >> > >> (In particular, if these semantics may be based on stuff that happens > >> outside TLS, as Karthik and Watson were pointing out, then maybe we really > >> put a "Surgeon General" warning on 0.5 data of equal size to that of 0-RTT.) > > > > That, and/or also do a significant amount of work to consider other > > application uses of TLS that aren't well represented by folks who > > participate in the development of TLS1.3. And also oddities like > > EAP-TLS about which I at least am mostly ignorant but where I'd bet > > there's "fun" to be had with 0rtt. > > Applications shouldn't use 0RTT unless they are absolutely, > positively, sure it won't be a problem. It's up to them to determine > what the danger is, and up to us to explain what the (minimal) > properties provided are. If they rely on extensions then either those > extensions need to be included in the security proofs, or we need to > make clear that they are not as secure as TLS 1.3, and that > implementations which enable both of them can get completely wrecked > in new and exciting ways. > > > > > And we have to do that recognising that regardless of what the RFC > > says, if developers can improve performance by calling tls_send0() > > and not tls_send(), they will do the former. IOW, if we are going > > to define dangerous implements, (e.g., with replayable data) then > > I think the onus is mostly on us to know what bad effects those > > might have before we've done a good job. (We can try do that at > > IETF LC, but doing so isn't common and is often messy if we end up > > surprising folks.) > > But will they call tls_send_data_replayable? or > tls_send_data_dangerously? Sadly, yes, they will, I think. Evidence welcome though. It is a big and imperfect world. S. > API designers need to mark dangerous > functions accordingly. (They also need to make APIs easy to use: yes, > I am blaming the OpenSSL developers for their repeated and continued > failures to do this) > > > > > Cheers, > > S. > > > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > > > > -- > "Man is born free, but everywhere he is in chains". > --Rousseau. >
- [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Stephen Farrell
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT stephen.farrell
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Rex
- Re: [TLS] 0.5 RTT Martin Rex
- Re: [TLS] 0.5 RTT Antoine Delignat-Lavaud
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Eric Rescorla
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT Hugo Krawczyk