Re: [TLS] Resumption ticket/PSK
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 19 May 2016 19:19 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 881B012DBD1 for <tls@ietfa.amsl.com>; Thu, 19 May 2016 12:19:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QX15pGt98yTf for <tls@ietfa.amsl.com>; Thu, 19 May 2016 12:19:32 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F0FB12D639 for <tls@ietf.org>; Thu, 19 May 2016 12:19:32 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 2B8A5284F26; Thu, 19 May 2016 19:19:31 +0000 (UTC)
Date: Thu, 19 May 2016 19:19:31 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20160519191930.GF3300@mournblade.imrryr.org>
References: <CAJU8_nVhM+xOnt8D8UJ8qvWUFts3s5n3gOQvJZYs=XWymfVOVQ@mail.gmail.com> <CABcZeBM8R8LC0wQfxp63BzfjRvLh4sYh4HdT5KZ8LXe2uE3GgQ@mail.gmail.com> <20160519190508.GE3300@mournblade.imrryr.org> <CAJU8_nW5jqO3DSvZZNpNQThnCb3P4bCBjE47uhjPRPB1ix6_mg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAJU8_nW5jqO3DSvZZNpNQThnCb3P4bCBjE47uhjPRPB1ix6_mg@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/AEN98uFuLHf35A-QovjvOWhgVXI>
Subject: Re: [TLS] Resumption ticket/PSK
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 19:19:33 -0000
On Thu, May 19, 2016 at 03:09:23PM -0400, Kyle Rose wrote: > On Thu, May 19, 2016 at 3:05 PM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > > > I think this is much too complicated. Simpler solution is for > > clients (browsers and the like for which tracking is an issue) to > > not reuse sessions when their IP address changes > > I don't think this is sufficient. Reusing session tickets will reveal > distinguishing information about individual clients behind NAT exit > points, for instance, even when their internal/RFC1918 addresses don't > change. It is good enough. Clients that want strong protection against tracking by session ids can disable session caching entirely, or set an idle timeout of ~5 seconds, Ensuring that session re-use happens only for a quick burst of connections to the same server. This is only relevant to a particular type of client, and should not be default protocol behaviour. > > The burden of tracking counter-measures should fall squarely on > > the client. > > I agree that it's up to the client, but there are measures the server > can take to assist the client while not adding to its full handshake > burden. IOW, it helps the server, as well. I don't see how constantly generating and transmitting new tickets helps the server, or helps clients (at fixed network addresses) that don't need this protection. Just a waste of bandwidth and needless churn in the client's session cache. There are clients where limiting ticket re-use makes sense, these clients can take appropriate measures. If some clients desperately want a fresh ticket with every resumption, I think they should explicitly signal that via an optional new extension. I'd have no objection to a zero-length payload extension that indicates that a fresh ticket is desired even if the session is resumed. -- Viktor.
- [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Eric Rescorla
- Re: [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Kyle Rose
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Martin Thomson
- Re: [TLS] Resumption ticket/PSK Viktor Dukhovni
- Re: [TLS] Resumption ticket/PSK Kyle Rose