IETF Logo Mail Archive

Re: [TLS] Simpler backward compatibility rules for 0-RTT

Martin Thomson <martin.thomson@gmail.com> Wed, 22 June 2016 03:58 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32BFF12D8B9 for <tls@ietfa.amsl.com>; Tue, 21 Jun 2016 20:58:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LvTQ9-kZpZ6W for <tls@ietfa.amsl.com>; Tue, 21 Jun 2016 20:58:13 -0700 (PDT)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 248E612D1AD for <tls@ietf.org>; Tue, 21 Jun 2016 20:58:13 -0700 (PDT)
Received: by mail-qk0-x233.google.com with SMTP id a186so49311935qkf.0 for <tls@ietf.org>; Tue, 21 Jun 2016 20:58:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=a6jN6Umt6fN30NrT+uQ/w4jtU5OEA9LJL25ucN4VGM4=; b=QiR6MndT+2kMjd2LrraraVuWGC+PvFlvFzgwTj350mHEihVlEa1MpQ1rBmbaFYRtCh OmltJ4CXpq2tYFkC8GS5vXIeHA7MhLKYd45exqesYVDgtGxiNH+S48O5cmmfWU8/zVeg lWMGUsGap+oB/59I5AcoxG/3sKiXbkOb7P5Pr65mfXB8H+SCKnw+tzR+68l2ZzbsK29Z rzN3UvyRDOEOyWfWSZ8HHs/g5FsKYwT4xQj5+hTWrdRByO+F580Izahd78FzqeeCNJYk mEsyKAK3KTEeeOkMr2CV8Mg6hlMU4x7qv3DqHNh3hdd4KdqPD63ooSUYWbc5HEDXN1y7 J9VQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=a6jN6Umt6fN30NrT+uQ/w4jtU5OEA9LJL25ucN4VGM4=; b=SaybfLh+9cdmbfn9JDg6ydMdZgx9oKLMJnigTkQoShdecM9KqAq2SgSCnN+XLqM2Cn Oh4U+NbWWUa/HQPoxfOlyFzRMfBw2JVqwjUn6i9bTQAKw4K/zjcCeUEz0McCaLe1adOs 4LUrwpuMXy0CN6A2As3Jp9OgF70vED7XREfDe3NBF5C0iNUhxP48BcteJTJ9OwMm9a7K XPlv6V0fp9BqdeWU5aUHv5Killcs5kZSXuI2TL/CQIatYI/swczqEO8FIozJW7wCFLfN ZjGKkWv9et1d0kmj+D8tyY4dNiNhY2eOi0Mm4NFrTIeK1kDVhZ0MiZVTTn2Qonq/ja+i C/Zw==
X-Gm-Message-State: ALyK8tKPhTfOx7UceWLe4qPEMyhMppfFkaXmmVrrGbLRa38HH8eoN9Mdmp+76NJTOa90l2n1Dvy7Z6aay8viGg==
X-Received: by 10.200.47.156 with SMTP id l28mr34941033qta.20.1466567892374; Tue, 21 Jun 2016 20:58:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.38 with HTTP; Tue, 21 Jun 2016 20:58:11 -0700 (PDT)
In-Reply-To: <CACsn0cn=B36Tn0O=RaUebAtjqxRVcQFD+kWyFVfXELiHY2ux2w@mail.gmail.com>
References: <CABkgnnVgD2rTgdWkTEhd1b6CUpj_i7wD4-_E2Dd2=nJf1eW5RQ@mail.gmail.com> <CAJ_4DfQ1ttyF0z9vwmuq-yEvbHrh+93k3rkJ7gzgDQZoQnuUpQ@mail.gmail.com> <20160621175413.GB2989@LK-Perkele-V2.elisa-laajakaista.fi> <CAF8qwaCQSERcYNr42=DB-ZcBQde5qkrk8R_AD2qnnEsdwi7NoA@mail.gmail.com> <CABkgnnUsnz3Uh8dH=ke9uO82cgP3S7nJ0fgcs=JpsZu3qr0K0g@mail.gmail.com> <CACsn0c=EcXyrB83HnSbWWrQG5T2AjDQdG2D408qiDjqXEY3Htg@mail.gmail.com> <CABkgnnXdFJHEA60x-KObf_dT1aS5ys49mO4Uffmmw4sKwNX8Yg@mail.gmail.com> <CACsn0cn=B36Tn0O=RaUebAtjqxRVcQFD+kWyFVfXELiHY2ux2w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 22 Jun 2016 13:58:11 +1000
Message-ID: <CABkgnnV4+_TvAGQ2SYWi+REnxSLgV+D_H3gKw0Rz6fswqd8iiA@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EOzT6y-_VGWl6N-r7uhZggsCqIs>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Simpler backward compatibility rules for 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2016 03:58:15 -0000

On 22 June 2016 at 12:01, Watson Ladd <watsonbladd@gmail.com> wrote:
> Why isn't 0-RTT an extension in the Client Hello to deal with this?

You can't stream extensions, which unfortunately is required given how
most software interacts with their TLS stack.

Let's be clear, the actual risk we're talking about is pretty-much
confined to screw-ups.  The deployment screwup where you left one
server speaking TLS 1.2 somewhere before turning 0-RTT on; and TLS
MitM, which calling a screw-up might be too positive a statement.

Of course, David is right that screw-ups like this are too common for
us to do nothing about them.

v2.23.0 | Report a Bug | By Email