Re: [TLS] Remove DH-based 0-RTT
Dave Garrett <davemgarrett@gmail.com> Wed, 24 February 2016 01:57 UTC
Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7847E1B4170 for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 17:57:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ilyi5Ff_jmh8 for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 17:57:21 -0800 (PST)
Received: from mail-yw0-x22c.google.com (mail-yw0-x22c.google.com [IPv6:2607:f8b0:4002:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E2D01B416C for <tls@ietf.org>; Tue, 23 Feb 2016 17:57:21 -0800 (PST)
Received: by mail-yw0-x22c.google.com with SMTP id e63so3891742ywc.3 for <tls@ietf.org>; Tue, 23 Feb 2016 17:57:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=mKz9kkpbU+lIVyGBTDbvhHkpZrRR7j6bzH8IKISzbYY=; b=xsZ4qNh9IMFlY/nCQLfFWjskdjsE7a1PW/XNkppoSRRUXsaxuqSDPugAiAiB5sGhP4 vaXwrpHajbIuJeQeqx6KVsNoa88FpW6sz+0FtjdcqLHozjZt4yzbYdGk2d9+qRH4KFVW hPp28TCXJn3lFh2tI2skTHtuTulTFsNodwk48p1AvY7cKSH8KA7Vox9Qum7RUGzNJCOo PeN76ZvCOD8gfxzyBP0subgHaaiKSUwVfJLzIO5iijEXREP8O70QCzscl8vCthgG+Vqu jDicl5pe2vJCf4A66+vgNaVixdgUS4COw8SdqTch/QBKz7HAvlabExAfYzUKldj0TZXK Tg9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id; bh=mKz9kkpbU+lIVyGBTDbvhHkpZrRR7j6bzH8IKISzbYY=; b=Osrqze5KTjIhJ9Athd/6GYi9nz2Rk611pCDzEqIk5uBfjmrIqzQB8tIFpPIPeg6XNV lfxd887d86zWHiOYAiIa78ofyREERjr6eao8IlBsNv7kt2n3d1Drzby5oue2hRiNPN4H M8hO949wqEr4OjQlrAEzuBrzFV5/tRETRhOZNyrk16/cDgF3mb/5m2ghuk/JZMV23Srr vmu9pDB/c47bR/iz6qTiJSurWCyGxwUg85D6oYsJ57SnldPU8R3agpysRU98MevCmui/ BAHsiYYFPNKB22n5B3LF40x8TeI4z1JYGb9hZAljDw5v7gtay1y5h1AkHH9dgbK6BSUr 5RLA==
X-Gm-Message-State: AG10YOQZyAOnSscj0cqM2yfYtXKEWKC7bZGnnD1ArvkBHvZ31DdfGAHTrvGOXG1wRE5LSA==
X-Received: by 10.13.192.130 with SMTP id b124mr20236974ywd.218.1456279040603; Tue, 23 Feb 2016 17:57:20 -0800 (PST)
Received: from dave-laptop.localnet (pool-71-175-20-227.phlapa.fios.verizon.net. [71.175.20.227]) by smtp.gmail.com with ESMTPSA id m188sm564481ywe.46.2016.02.23.17.57.19 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 23 Feb 2016 17:57:19 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Tue, 23 Feb 2016 20:57:18 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CABkgnnUUXQh=aStz4DuPtw5mWaF7aDFozuUwQp_QbJ2EGL0eHg@mail.gmail.com>
In-Reply-To: <CABkgnnUUXQh=aStz4DuPtw5mWaF7aDFozuUwQp_QbJ2EGL0eHg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201602232057.18505.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ADQ6-jlLH8EifV6A3hCBqJEuS0o>
Subject: Re: [TLS] Remove DH-based 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2016 01:57:22 -0000
On Tuesday, February 23, 2016 02:03:53 pm Martin Thomson wrote: > I propose that we remove DH-based 0-RTT from TLS 1.3. > > As ekr's previous mail noted, the security properties of PSK-based > 0-RTT and DH-based 0-RTT are almost identical. And DH-based 0-RTT is > much more complex. > > For those who love DH-based 0-RTT, and I know that some people are > fans, here's something that might make you less sad about removing it > from the core spec. You can use DH out of band to negotiate a PSK. > You might even do this as an extension to TLS, but that's of less > value. I think there is a good argument for moving DH 0RTT into a TLS extension. Implementations that are explicitly not going to use it should not be expected to implement it and risk screwing it up. If we accept that premise that online DH 0RTT will be unlikely in practice, then we would be specifying it at least primarily for out-of-band use, and doing it via an extension will probably be cleaner and safer. I would still prefer it be defined in the TLS 1.3 specification document, though optional. Dave
- [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Wan-Teh Chang
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Andrei Popov
- Re: [TLS] Remove DH-based 0-RTT Dave Garrett
- Re: [TLS] Remove DH-based 0-RTT Bill Cox
- Re: [TLS] Remove DH-based 0-RTT Hugo Krawczyk
- Re: [TLS] Remove DH-based 0-RTT Watson Ladd
- Re: [TLS] Remove DH-based 0-RTT Eric Rescorla
- Re: [TLS] Remove DH-based 0-RTT Subodh Iyengar
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Watson Ladd
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Ilari Liusvaara
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Ilari Liusvaara
- Re: [TLS] Remove DH-based 0-RTT Karthikeyan Bhargavan
- Re: [TLS] Remove DH-based 0-RTT Ilari Liusvaara