Re: [TLS] Re-thinking OPTLS
Nico Williams <nico@cryptonector.com> Wed, 26 November 2014 01:51 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8E131A1EB7 for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 17:51:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Level:
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R5fXod6zp_hB for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 17:51:37 -0800 (PST)
Received: from homiemail-a64.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 53AA41A1E0F for <tls@ietf.org>; Tue, 25 Nov 2014 17:51:37 -0800 (PST)
Received: from homiemail-a64.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTP id 36A83438079; Tue, 25 Nov 2014 17:51:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=ivUlIliKbUdDFs ykHACnF3grS/Y=; b=LtVo0mB0J5/q0dR/uvm1y3TvUJ5zkYaOW4bBLDi09yGDIU BmAa7V/zMRc4QJexCRWVg2xO3oOcXavYoj5VPF7aCs1sfOhU0RrA50CwOtDQow+o aPJcVaoLwW638pzHvCjeuRogVed6KAa+p60NrA2KqrpL7idBhJ8Jz751wU1PA=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTPA id D7056438072; Tue, 25 Nov 2014 17:51:36 -0800 (PST)
Date: Tue, 25 Nov 2014 19:51:36 -0600
From: Nico Williams <nico@cryptonector.com>
To: Hoeteck Wee <hoeteck@alum.mit.edu>
Message-ID: <20141126015133.GX3200@localhost>
References: <CADi0yUMCGuYbqrJWa-KXNmgNvc19xOWwpx2DCLOvgv62haedCQ@mail.gmail.com> <20141124063304.GA3200@localhost> <CADi0yUMvj7k1JXpa_9H3brUizr4QsLh6gsjzXaRJo79Vv0dqnQ@mail.gmail.com> <20141125034915.GT3200@localhost> <CAJND9y4uoiaJs9X+t7nJ0T2Jj_mcTGqoSP7DuFYF550BDqtv4g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAJND9y4uoiaJs9X+t7nJ0T2Jj_mcTGqoSP7DuFYF550BDqtv4g@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/C1xJn4VkukASfyILPDZlU3RoMkI
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Re-thinking OPTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 01:51:38 -0000
On Wed, Nov 26, 2014 at 12:54:07AM +0100, Hoeteck Wee wrote: > > Hmm, a client that can't keep a shared secret around probably can't keep > > a server sub-cert either... > > I don't think that is correct. If an adversary learns the shared > secret held by the client in resumption, then the session gets > compromised and the adversary can decrypt all of the data that gets > sent later. If an adversary learns the server sub-cert g^s held by the > client, no security is lost. That is quite true, and I conceded that clients can have different tolerance for sub-cert freshness than resumption state lifetime, but I thought the meaning of "can't" wasn't "because of policy" but "because of lack of storage".
- [TLS] Re-thinking OPTLS Hugo Krawczyk
- Re: [TLS] Re-thinking OPTLS Martin Thomson
- Re: [TLS] Re-thinking OPTLS Hugo Krawczyk
- Re: [TLS] Re-thinking OPTLS Martin Thomson
- Re: [TLS] Re-thinking OPTLS Watson Ladd
- Re: [TLS] Re-thinking OPTLS Salz, Rich
- Re: [TLS] Re-thinking OPTLS Adam Langley
- Re: [TLS] Re-thinking OPTLS Hugo Krawczyk
- Re: [TLS] Re-thinking OPTLS Hugo Krawczyk
- Re: [TLS] Re-thinking OPTLS Eric Rescorla
- Re: [TLS] Re-thinking OPTLS Hugo Krawczyk
- Re: [TLS] Re-thinking OPTLS Nico Williams
- Re: [TLS] Re-thinking OPTLS Hugo Krawczyk
- Re: [TLS] Re-thinking OPTLS Hugo Krawczyk
- Re: [TLS] Re-thinking OPTLS Nico Williams
- Re: [TLS] Re-thinking OPTLS Nico Williams
- Re: [TLS] Re-thinking OPTLS Hoeteck Wee