IETF Logo Mail Archive

Re: [TLS] Re-thinking OPTLS

Nico Williams <nico@cryptonector.com> Wed, 26 November 2014 01:51 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8E131A1EB7 for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 17:51:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Level:
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R5fXod6zp_hB for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 17:51:37 -0800 (PST)
Received: from homiemail-a64.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 53AA41A1E0F for <tls@ietf.org>; Tue, 25 Nov 2014 17:51:37 -0800 (PST)
Received: from homiemail-a64.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTP id 36A83438079; Tue, 25 Nov 2014 17:51:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=ivUlIliKbUdDFs ykHACnF3grS/Y=; b=LtVo0mB0J5/q0dR/uvm1y3TvUJ5zkYaOW4bBLDi09yGDIU BmAa7V/zMRc4QJexCRWVg2xO3oOcXavYoj5VPF7aCs1sfOhU0RrA50CwOtDQow+o aPJcVaoLwW638pzHvCjeuRogVed6KAa+p60NrA2KqrpL7idBhJ8Jz751wU1PA=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTPA id D7056438072; Tue, 25 Nov 2014 17:51:36 -0800 (PST)
Date: Tue, 25 Nov 2014 19:51:36 -0600
From: Nico Williams <nico@cryptonector.com>
To: Hoeteck Wee <hoeteck@alum.mit.edu>
Message-ID: <20141126015133.GX3200@localhost>
References: <CADi0yUMCGuYbqrJWa-KXNmgNvc19xOWwpx2DCLOvgv62haedCQ@mail.gmail.com> <20141124063304.GA3200@localhost> <CADi0yUMvj7k1JXpa_9H3brUizr4QsLh6gsjzXaRJo79Vv0dqnQ@mail.gmail.com> <20141125034915.GT3200@localhost> <CAJND9y4uoiaJs9X+t7nJ0T2Jj_mcTGqoSP7DuFYF550BDqtv4g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAJND9y4uoiaJs9X+t7nJ0T2Jj_mcTGqoSP7DuFYF550BDqtv4g@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/C1xJn4VkukASfyILPDZlU3RoMkI
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Re-thinking OPTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 01:51:38 -0000

On Wed, Nov 26, 2014 at 12:54:07AM +0100, Hoeteck Wee wrote:
> > Hmm, a client that can't keep a shared secret around probably can't keep
> > a server sub-cert either...
> 
> I don't think that is correct. If an adversary learns the shared
> secret held by the client in resumption, then the session gets
> compromised and the adversary can decrypt all of the data that gets
> sent later. If an adversary learns the server sub-cert g^s held by the
> client, no security is lost.

That is quite true, and I conceded that clients can have different
tolerance for sub-cert freshness than resumption state lifetime,
but I thought the meaning of "can't" wasn't "because of policy" but
"because of lack of storage".

v2.23.0 | Report a Bug | By Email