Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-00.txt

Patrick Pelletier <code@funwithsoftware.org> Mon, 09 September 2013 21:22 UTC

Return-Path: <code@funwithsoftware.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A70D11E8116 for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 14:22:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.299
X-Spam-Level:
X-Spam-Status: No, score=-1.299 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LQ52+aGnIjbJ for <tls@ietfa.amsl.com>; Mon, 9 Sep 2013 14:22:52 -0700 (PDT)
Received: from asbnvacz-mailrelay01.megapath.net (asbnvacz-mailrelay01.megapath.net [207.145.128.243]) by ietfa.amsl.com (Postfix) with ESMTP id 49DEC21F9F86 for <tls@ietf.org>; Mon, 9 Sep 2013 14:22:51 -0700 (PDT)
Received: from mail5.sea5.speakeasy.net (mail5.sea5.speakeasy.net [69.17.117.49]) by asbnvacz-mailrelay01.megapath.net (Postfix) with ESMTP id 542C81EE4FB3 for <tls@ietf.org>; Mon, 9 Sep 2013 17:22:50 -0400 (EDT)
Received: (qmail 16857 invoked from network); 9 Sep 2013 21:22:49 -0000
Received: by simscan 1.4.0 ppid: 915, pid: 21124, t: 1.2408s scanners: clamav: 0.88.2/m:52/d:10739 spam: 3.0.4
Received: from dsl017-096-185.lax1.dsl.speakeasy.net (HELO PatrickMBP.local) (ppelleti@[69.17.96.185]) (envelope-sender <code@funwithsoftware.org>) by mail5.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for <stephen.farrell@cs.tcd.ie>; 9 Sep 2013 21:22:48 -0000
Message-ID: <522E3C27.8090001@funwithsoftware.org>
Date: Mon, 09 Sep 2013 14:22:47 -0700
From: Patrick Pelletier <code@funwithsoftware.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <20130907224638.32356.96972.idtracker@ietfa.amsl.com> <522C3497.9020301@gmail.com> <522DE4D2.4020403@cs.tcd.ie>
In-Reply-To: <522DE4D2.4020403@cs.tcd.ie>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-bcp-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 21:22:57 -0000

On 9/9/13 8:10 AM, Stephen Farrell wrote:

> Some text related to a number of the above points can be
> found via the links in a mail that Patrick Pelletier [1]
> sent to the perpass list.
>
> [1] http://www.ietf.org/mail-archive/web/perpass/current/msg00062.html

Besides those links, another link worth reading is this one:

https://www.imperialviolet.org/2013/06/27/botchingpfs.html

I think it would be good to cover the risks of session resumption and 
how to mitigate them.  (e. g. rotating the keys used for session tickets)

--Patrick