IETF Logo Mail Archive

Re: [TLS] Security review of TLS1.3 0-RTT

Watson Ladd <watsonbladd@gmail.com> Thu, 04 May 2017 01:11 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A30A01294F8 for <tls@ietfa.amsl.com>; Wed, 3 May 2017 18:11:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o00c8rqKYEpQ for <tls@ietfa.amsl.com>; Wed, 3 May 2017 18:11:38 -0700 (PDT)
Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17F591294C4 for <tls@ietf.org>; Wed, 3 May 2017 18:11:38 -0700 (PDT)
Received: by mail-pf0-x234.google.com with SMTP id q20so2875617pfg.0 for <tls@ietf.org>; Wed, 03 May 2017 18:11:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=172l4BVhi6E+KERDjj9RszMquwWgTkDbE6FEo60wqNA=; b=Zjgbz1XLGii2GszHlTUX1aUyfIfEmFr+gfhG5I4MetWSRGSmEjGzTJchDGo0XlhUMQ seI0pHLZI2kqCmAc3pCEdgfgL1o3f5I+FtEvE7jZH7MvPcwq053FOZBDWdBNlZgAelLp nArr53Ljr3Y6fOjXfGx3Z2wXLD3scErsL1C/ndfpObn1crCGUKw9h5kolpdAmIvXWxM1 cYzBpSFDnrqQVy+W1c0Uk+k0CdGUW1U0dbqYD/oREmZeF0DeE/eeCeKg29bYCdUoxBtd jv1UrTi36XuwSf7ZIGI7rBm3WL9LgQm29zqPC2Ug0gBVNAv2kwEaXHmoZmFlBfjfB0i7 IHrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=172l4BVhi6E+KERDjj9RszMquwWgTkDbE6FEo60wqNA=; b=ql258vS567nk74k/qy1OsBn2NW2YiBcZulWOtHsTZR5SAzWwdmLPwMqGpWGwVRa2xG 9o6DxrZPn4YAGDU00zOh22r/Z80vYzXUa9VVuAb4iSu7lh62phvdm82l6+3iUo50uWwH 0nTLdz3w4OATa6tvDHaTfKLoWx+BV5ZCy7ZMh/e9nGGmHQwzclapnDgO2RyGpFOjew3q UI3LHZorkOccy6NQadGAuXI/EW/dM2B6JGA40Y9VGc3JaeK42XKj5226gpOoVi9UUZ12 yR5vzPKMj0ehJHn/zbF1d8Z9wldtUoF8KT3fr5BZWSsESTMtF3XvRlowwd8JcRS8yclR C1eQ==
X-Gm-Message-State: AN3rC/7T+eW8xhvVCBOwRujJjBRQ9TLu/vCkWSCyiBrdH2Si9ZMwJmaf jj0zDv+CGNOgA64KjnN+a8ITWM5+fQ==
X-Received: by 10.84.137.1 with SMTP id 1mr52980746plm.68.1493860297624; Wed, 03 May 2017 18:11:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.163.12 with HTTP; Wed, 3 May 2017 18:11:36 -0700 (PDT)
In-Reply-To: <CABkgnnUwTe627vY=hoLTRv1qmFQLf8ba64X8xHwYdtw7WYn5jw@mail.gmail.com>
References: <CAAF6GDcKZj9F-eKAeVj0Uw4aX_EgQ4DuJczL4=fsaFyG9Yjcgw@mail.gmail.com> <cb518e35-c214-d11d-a068-c454b2e7ea6a@gmx.net> <CAAF6GDfQ+YXV4gvhBOOZKC=wtYhxQUy1_2_M+dgfbdL25pppiQ@mail.gmail.com> <CABkgnnUwTe627vY=hoLTRv1qmFQLf8ba64X8xHwYdtw7WYn5jw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Wed, 03 May 2017 18:11:36 -0700
Message-ID: <CACsn0c=Q94c=Bk-P=FEZOmR6v1odcKfoq3Q89qADjuv1KH4ysg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Colm MacCárthaigh <colm@allcosts.net>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/939QRdWDSwDr6EaZB9EGLoUUNqY>
Subject: Re: [TLS] Security review of TLS1.3 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 01:11:40 -0000

On Wed, May 3, 2017 at 3:56 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
> On 3 May 2017 at 22:45, Colm MacCárthaigh <colm@allcosts.net> wrote:
>> This is easy to say; the TLS layer is the right place. It is not practical
>> for applications to defend themselves, especially from timing attacks.
>
> If you care about these attacks as much as it appears, then you can't
> reasonably take this position.  We've historically done a lot to
> secure applications at a single point, and we're almost at the end of
> what we can reasonably do for them at this layer.  We need to think
> more hollistically and acknowledge that applications need to take some
> responsibility for their own security.

Historically TLS protected against replay attacks. Now it doesn't. An
application that relies on this property which TLS used to guarantee
is now broken. Clearly we could have provided it, we just chose not
to.

>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

v2.23.0 | Report a Bug | By Email