Re: [TLS] New draft: draft-rescorla-tls13-new-flows-01
Martin Thomson <martin.thomson@gmail.com> Wed, 19 February 2014 22:24 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BAB51A0405 for <tls@ietfa.amsl.com>; Wed, 19 Feb 2014 14:24:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0xS0JXrNthip for <tls@ietfa.amsl.com>; Wed, 19 Feb 2014 14:24:52 -0800 (PST)
Received: from mail-we0-x22c.google.com (mail-we0-x22c.google.com [IPv6:2a00:1450:400c:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 5EF271A0226 for <tls@ietf.org>; Wed, 19 Feb 2014 14:24:52 -0800 (PST)
Received: by mail-we0-f172.google.com with SMTP id u56so884062wes.3 for <tls@ietf.org>; Wed, 19 Feb 2014 14:24:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kI1lLNaZeNCloy0fYEKJCFWjkMPn7L2SkfKGCUFMnPg=; b=FEp3JeZG4SNCwSufhfupXyw5trRAVz2FUu0ILIxF7zwzupuuZXzXWoKme1J8kCyIwG X+pSGna+CdgkCwMgOM0JQR3tn+Zy4qcCeCuw4OYBzU6cpnMBMtadc7XY6qhRoe/qEe88 6vYxeaq8+CO9lJi0MhhkBfIdA+HGevauniN9T8xy8/dI8hL48G4/ZspH4C+HuL27pQHv 4uDlQPYdMPb/HuyA6V4KtdxTNInMfEVsAL0retNcar2ArxnCltaHKR6OoM6a0DegDtc8 XlBPmeb0VKPsjb0Z2SqBpvz1QpVpti78jxB6NNJxcfIPkoB1NM45GzHMXk4x4YP4fhep /TiQ==
MIME-Version: 1.0
X-Received: by 10.180.75.202 with SMTP id e10mr3861359wiw.50.1392848688511; Wed, 19 Feb 2014 14:24:48 -0800 (PST)
Received: by 10.227.10.196 with HTTP; Wed, 19 Feb 2014 14:24:48 -0800 (PST)
In-Reply-To: <20140219221025.GA15593@roeckx.be>
References: <CABcZeBNUjg_Y3MKtRrAMmYAeYFLM1QyHvr1DCbOfA6MB2tJOYQ@mail.gmail.com> <20140219221025.GA15593@roeckx.be>
Date: Wed, 19 Feb 2014 14:24:48 -0800
Message-ID: <CABkgnnXGhNw40qJ5qFf_YoHT57jFuhH_P7CBT697WC3WESp4ew@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Kurt Roeckx <kurt@roeckx.be>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/9RXdIx33YE5FOhQqVwekPcRiO-g
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] New draft: draft-rescorla-tls13-new-flows-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2014 22:24:55 -0000
You could put half of the first round trip in DNS, but that's a fairly major change to the protocol. Note however that the ServerParameters described in the draft is something that could be discovered through other channels, definitely. No one is checking where PredictedParameters came from, just that it is correct. On 19 February 2014 14:10, Kurt Roeckx <kurt@roeckx.be> wrote: > The only reason I can find in your document is to prevent replay, > but I currently don't see how this is a problem. If I had any reason to believe that your first flight included non-idempotent HTTP requests of interest to me (e.g., transfer $X to account Y) then replay protection is extremely interesting. > I'd also like to point out that you might be leaking the site > you're connecting to via DNS. There's already been a fair amount of discussion on why some people are interested in protecting SNI, and that point was addressed there. I'll point out that confidentiality protection for DNS queries is being discussed.
- [TLS] New draft: draft-rescorla-tls13-new-flows-01 Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Kurt Roeckx
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Martin Thomson
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Kurt Roeckx
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Nikos Mavrogiannopoulos
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Tom Ritter
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Tom Ritter
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Watson Ladd
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Hovav Shacham
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Watson Ladd
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Eric Rescorla
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Watson Ladd
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Stephen Checkoway
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Watson Ladd
- Re: [TLS] New draft: draft-rescorla-tls13-new-flo… Stephen Checkoway