IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-session-hash-04 and session resumption

David Benjamin <davidben@google.com> Wed, 15 April 2015 13:32 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 575391B3495 for <tls@ietfa.amsl.com>; Wed, 15 Apr 2015 06:32:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vcBwSPikcO9u for <tls@ietfa.amsl.com>; Wed, 15 Apr 2015 06:31:59 -0700 (PDT)
Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F9581A90B4 for <tls@ietf.org>; Wed, 15 Apr 2015 06:31:59 -0700 (PDT)
Received: by oign205 with SMTP id n205so21966174oig.2 for <tls@ietf.org>; Wed, 15 Apr 2015 06:31:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=kWVRe82ncg6vBIGvKdehrnd9eKdrASSAITapnch0F3U=; b=Cf2/x23f4QG9u1yWaXV3ijHv08ni2aJs922kgBO3VsPsIKtrJ7tjolK7hwAgvh8hc3 BMkuislZkGXbiXyGsyz08xEW3dU72Av9LAPR41omp9DqcMrtOxpsZIIrR7FiNGoeWuyB G4Tx5cIzjrqlXoliOZnqjJSd01M69B/62FDEKOKW7XXgrcWMm441GCm/YNXY+znfkFGj Z60k4Lzz179zT8APfiqxeo0W+i+3lgWn4OSI6i/OA+Y8feRTnjoL7MgyGpFNNlYI9XHm stPoDo/hi8vMqhSVnQXvpYNfZVWlXxwto2u7OwjryHXs2UG4cpMq03ZQyCTtfmoQwgoO 1XLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=kWVRe82ncg6vBIGvKdehrnd9eKdrASSAITapnch0F3U=; b=Xvs2+AwnefMhyMsbMSygxpCQO8WBR5ek/Spa4Fhqqn4LZ0WQX04itaJOm953Zpvouj CiApaHPc7zsVny27PW5KdHXqizxyAyLd0tV3m6tvdE9OC5tWoamcTGx/v9UWBe3SREI0 7EY8iVbqVlHVZMUBGbXobAWn5QY7Vz+L82ePUrzPHBQqC9WCQrDXaD2M1qanRgwuTjwk b99NX7i2e0RZyr69Q4VGiBVw7TglQPi6Vl/Af1GhGwdRDbmt9yki+0ZiKdaYqHMa8+TP LnARUs2/HO6wDh/tsp3uRuWLp5lOPhw8xP6uzgZmDssB04tkSiF+u4ZJkI1zEV0u+bsd Q7PA==
X-Gm-Message-State: ALoCoQksG5oq8iI4eWw2U4ALGmVhEDpDgM6tvBX+npgOogQpKBwtxPRbb0DJwqZ7e7nalsRPNZgQ
X-Received: by 10.107.3.199 with SMTP id e68mr31701739ioi.92.1429104691902; Wed, 15 Apr 2015 06:31:31 -0700 (PDT)
MIME-Version: 1.0
References: <20150415015313.357751B28A@ld9781.wdf.sap.corp> <53BB8A96-8CFE-4275-9562-336D60B567B3@gmail.com> <56BA5F9C-E1CE-402F-831C-0D3AF3D336AE@gmail.com>
In-Reply-To: <56BA5F9C-E1CE-402F-831C-0D3AF3D336AE@gmail.com>
From: David Benjamin <davidben@google.com>
Date: Wed, 15 Apr 2015 13:31:31 +0000
Message-ID: <CAF8qwaD0Moy4L0zHLW685sMQayyvCxMiok6UOHncjyhr7VryMQ@mail.gmail.com>
To: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Content-Type: multipart/alternative; boundary="001a113ed422821e5a0513c35d61"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/9xs1HtkBQRPFN4QpvYrNqKKZkxE>
X-Mailman-Approved-At: Wed, 15 Apr 2015 07:54:05 -0700
Cc: "tls@ietf.org" <tls@ietf.org>, Bill Cox <waywardgeek@google.com>
Subject: Re: [TLS] draft-ietf-tls-session-hash-04 and session resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 13:32:01 -0000

Personally, I dislike unnecessary wiggle room in specs and mildly prefer
MUST. I don't see a good reason to abort rather than do a full handshake.
It'd be nice to have the confidence that (non-buggy) servers won't cause
problems here and take a shortcut. (E.g., I can see aborting being simpler
in OpenSSL since it parses most extensions after session resumption is
resolved. The ticket is handled special.)

Then again, one might read MUST to imply the server is obligated to perform
a full handshake and isn't allowed to abort for other reasons, which would
be poor.

On Wed, Apr 15, 2015 at 3:38 AM Karthikeyan Bhargavan <
karthik.bhargavan@gmail.com> wrote:

> I guess my question is whether “SHOULD perform a full handshake” is strong
> enough,
> leaving the server the option of aborting the handshake, or is MUST
> preferable
> as a clearer indication to implementers?
>
>
> On 15 Apr 2015, at 08:15, Karthikeyan Bhargavan <
> karthik.bhargavan@gmail.com> wrote:
>
> > I like Martin’s text, and have edited it to the following:
> >
> >    If the original session did not use an extended master secret but
> >    the new ClientHello does contain the "extended_master_secret"
> >    extension, the server MUST NOT continue the abbreviated handshake.
> >    Instead, it SHOULD perform a full handshake to negotiate a new
> session.
> >
> > If this looks acceptable, I’ll put out a new version of the draft today.
> >
> > -K.
> >
> > On 15 Apr 2015, at 03:53, Martin Rex <mrex@sap.com> wrote:
> >
> >> Karthikeyan Bhargavan wrote:
> >>> How about the following:
> >>>     If the original session did not use an extended master secret but
> >>>     the new ClientHello does contain the "extended_master_secret"
> >>>     extension, the server MUST fall back to a full handshake by
> >>>     sending a ServerHello that rejects session resumption and offers a
> >>>     new session.
> >>
> >> Too complicated for my taste.  I do not see a need for words like
> >> fallback and reject, and these actually do not exist in the TLS
> protocol.
> >>
> >>
> >>    If the original session did not use an extended master secret but
> >>    the new ClientHello does contain the "extended_master_secret"
> >>    extension, the server MUST perform a full handshake to negotiate
> >>    a new session (i.e. the server MUST NOT perform an abbreviated
> >>    handshake aka session resume).
> >>
> >>
> >> -Martin
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.31.3 | Report a Bug | By Email | System Status