IETF Logo Mail Archive

Re: [TLS] Call for adoption: draft-bhargavan-tls-session-hash

Martin Thomson <martin.thomson@gmail.com> Mon, 21 July 2014 19:55 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0EAF1A03FA for <tls@ietfa.amsl.com>; Mon, 21 Jul 2014 12:55:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qsFtV37AOpbG for <tls@ietfa.amsl.com>; Mon, 21 Jul 2014 12:55:47 -0700 (PDT)
Received: from mail-we0-x232.google.com (mail-we0-x232.google.com [IPv6:2a00:1450:400c:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01ED81A03F4 for <tls@ietf.org>; Mon, 21 Jul 2014 12:55:46 -0700 (PDT)
Received: by mail-we0-f178.google.com with SMTP id w61so8147520wes.9 for <tls@ietf.org>; Mon, 21 Jul 2014 12:55:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=UrqPVb3agBvNpnEzv9iyDJFdZc5fINh3xbd13kdiiZ4=; b=y8foCGqX01rKn6HyuJnv+StNsctM/EEbSwUuY6b80hTqZypTCmWZ3wVi/16SuAfpYG BsMwhKDCeCLjPhbwya2UNZ9WAdLJ6qsUFwbHZkQJUzBxjalYn56fuqvfIW3c75dIRRaA M5rPY6HRmYBebszmRrzF1yK5tQ+5ABXM7UM4gnPvJQtbv6NeqQoZbWbRaLDs0zO6F/wa mP0nG91IZi4xl2dAU6BiXzl8oflOE2heUOBdq2tyjU/FQS9c0t49Zl7MWPqYE12bmKM+ 5got5WCJOmo5nasC5d19oIL3K++bwzdtvi4qayF/I7M7xFUOTpwP8L+DMHLCygAOnWJi jEDw==
MIME-Version: 1.0
X-Received: by 10.194.185.238 with SMTP id ff14mr26719646wjc.9.1405972545041; Mon, 21 Jul 2014 12:55:45 -0700 (PDT)
Received: by 10.194.110.6 with HTTP; Mon, 21 Jul 2014 12:55:44 -0700 (PDT)
In-Reply-To: <53CD4F3B.4090704@nthpermutation.com>
References: <502C3758-9F12-4ABC-B595-FD0994A28B18@ieca.com> <53CD4F3B.4090704@nthpermutation.com>
Date: Mon, 21 Jul 2014 12:55:44 -0700
Message-ID: <CABkgnnWY4vtA-i4ZfZSxo5e0DSZvVjOmruU+8PN0+_n5WmHu5w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Michael StJohns <msj@nthpermutation.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/CjTjJefDKYKjN-ZIrrfDF_F9JA4
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for adoption: draft-bhargavan-tls-session-hash
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 19:55:51 -0000

On 21 July 2014 10:34, Michael StJohns <msj@nthpermutation.com> wrote:
> How does this work with 1rtt?

There is an open question here, because the 1RTT handshake doesn't
allow for the master secret to cover the certificate.  The way that
the solution is formulated here (cover the server identity) isn't
compatible with an encrypted certificate.  We probably need some
analysis here, but the idea that was floated what that covering the
(EC)DH shares could be sufficient.

I think that's a separable concern and we should consider this draft
to be <= 1.2 only.  We can choose to use this solution, if it is
appropriate and can be adapted for 1.3.  However, as I understand it,
the current 1.3 structure doesn't allow this exact form for the fix.

v2.23.0 | Report a Bug | By Email