[TLS] #445: Enhanced New Session Ticket
Ilari Liusvaara <ilariliusvaara@welho.com> Thu, 28 April 2016 19:33 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4736412D8F7 for <tls@ietfa.amsl.com>; Thu, 28 Apr 2016 12:33:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.896
X-Spam-Level:
X-Spam-Status: No, score=-2.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y6p5IIVIbucB for <tls@ietfa.amsl.com>; Thu, 28 Apr 2016 12:32:58 -0700 (PDT)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) by ietfa.amsl.com (Postfix) with ESMTP id D995712B004 for <tls@ietf.org>; Thu, 28 Apr 2016 12:32:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 94B5A482A for <tls@ietf.org>; Thu, 28 Apr 2016 22:32:56 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id 8IEV_WdHbAIG for <tls@ietf.org>; Thu, 28 Apr 2016 22:32:56 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-143-35.bb.dnainternet.fi [87.100.143.35]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 4A6712310 for <tls@ietf.org>; Thu, 28 Apr 2016 22:32:56 +0300 (EEST)
Date: Thu, 28 Apr 2016 22:32:52 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: tls@ietf.org
Message-ID: <20160428193252.GA16096@LK-Perkele-V2.elisa-laajakaista.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
User-Agent: Mutt/1.6.0 (2016-04-01)
Sender: ilariliusvaara@welho.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/CbTDcbNN_mAMRku-g3txtta_OXQ>
Subject: [TLS] #445: Enhanced New Session Ticket
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2016 19:33:00 -0000
Some comments: - I presume 0-RTT used in retried ClientHello uses (and for the verify mechanism to work, that needs to be allowed!) uses ClientHello1... ClientHello2 as its base hash? - Is that 0-RTT Finished message needed? It is the only 0-RTT handshake message... - Server can send CertificateRequest in GDHE-PSK or PSK mode??? - What are 'etc' for parameters for 0-RTT data? Use the present extension list here and have any future extensions that matter here explicitly define their interaction. - The requirement for server to validate its extensions... Hopefully there is no security reason for that... I really don't see it being implemented correctly (and the description looks completely screwy[1]). - 1 RTT server context presumably ends in CertificateRequest, not CertificateVerify (the Certificate and CertificateVerify are impiled). - You might want flag for if server promises replay protection or not in NST. - You might want to specify that allow_dhe_resumption doesn't change key exchange, only authentication (so DHE_CERT becomes DHE_PSK and ECDHE_CERT becomes ECDHE_PSK). [1] There are many extensions that are not relevant because those control server authentication (e.g. status_request, status_request_v2, signed_certificate_timestamp, server_certificate_type). And some that are low-level connection control (e.g. max_fragment_length). ALPN is special here tho: It needs to match the impiled 0-RTT ALPN (does one want that extension in 0-RTT case anyway?). -Ilari
- [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Martin Thomson
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Martin Thomson
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara