Re: [TLS] Simpler backward compatibility rules for 0-RTT
Martin Thomson <martin.thomson@gmail.com> Wed, 22 June 2016 03:58 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32BFF12D8B9 for <tls@ietfa.amsl.com>; Tue, 21 Jun 2016 20:58:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LvTQ9-kZpZ6W for <tls@ietfa.amsl.com>; Tue, 21 Jun 2016 20:58:13 -0700 (PDT)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 248E612D1AD for <tls@ietf.org>; Tue, 21 Jun 2016 20:58:13 -0700 (PDT)
Received: by mail-qk0-x233.google.com with SMTP id a186so49311935qkf.0 for <tls@ietf.org>; Tue, 21 Jun 2016 20:58:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=a6jN6Umt6fN30NrT+uQ/w4jtU5OEA9LJL25ucN4VGM4=; b=QiR6MndT+2kMjd2LrraraVuWGC+PvFlvFzgwTj350mHEihVlEa1MpQ1rBmbaFYRtCh OmltJ4CXpq2tYFkC8GS5vXIeHA7MhLKYd45exqesYVDgtGxiNH+S48O5cmmfWU8/zVeg lWMGUsGap+oB/59I5AcoxG/3sKiXbkOb7P5Pr65mfXB8H+SCKnw+tzR+68l2ZzbsK29Z rzN3UvyRDOEOyWfWSZ8HHs/g5FsKYwT4xQj5+hTWrdRByO+F580Izahd78FzqeeCNJYk mEsyKAK3KTEeeOkMr2CV8Mg6hlMU4x7qv3DqHNh3hdd4KdqPD63ooSUYWbc5HEDXN1y7 J9VQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=a6jN6Umt6fN30NrT+uQ/w4jtU5OEA9LJL25ucN4VGM4=; b=SaybfLh+9cdmbfn9JDg6ydMdZgx9oKLMJnigTkQoShdecM9KqAq2SgSCnN+XLqM2Cn Oh4U+NbWWUa/HQPoxfOlyFzRMfBw2JVqwjUn6i9bTQAKw4K/zjcCeUEz0McCaLe1adOs 4LUrwpuMXy0CN6A2As3Jp9OgF70vED7XREfDe3NBF5C0iNUhxP48BcteJTJ9OwMm9a7K XPlv6V0fp9BqdeWU5aUHv5Killcs5kZSXuI2TL/CQIatYI/swczqEO8FIozJW7wCFLfN ZjGKkWv9et1d0kmj+D8tyY4dNiNhY2eOi0Mm4NFrTIeK1kDVhZ0MiZVTTn2Qonq/ja+i C/Zw==
X-Gm-Message-State: ALyK8tKPhTfOx7UceWLe4qPEMyhMppfFkaXmmVrrGbLRa38HH8eoN9Mdmp+76NJTOa90l2n1Dvy7Z6aay8viGg==
X-Received: by 10.200.47.156 with SMTP id l28mr34941033qta.20.1466567892374; Tue, 21 Jun 2016 20:58:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.38 with HTTP; Tue, 21 Jun 2016 20:58:11 -0700 (PDT)
In-Reply-To: <CACsn0cn=B36Tn0O=RaUebAtjqxRVcQFD+kWyFVfXELiHY2ux2w@mail.gmail.com>
References: <CABkgnnVgD2rTgdWkTEhd1b6CUpj_i7wD4-_E2Dd2=nJf1eW5RQ@mail.gmail.com> <CAJ_4DfQ1ttyF0z9vwmuq-yEvbHrh+93k3rkJ7gzgDQZoQnuUpQ@mail.gmail.com> <20160621175413.GB2989@LK-Perkele-V2.elisa-laajakaista.fi> <CAF8qwaCQSERcYNr42=DB-ZcBQde5qkrk8R_AD2qnnEsdwi7NoA@mail.gmail.com> <CABkgnnUsnz3Uh8dH=ke9uO82cgP3S7nJ0fgcs=JpsZu3qr0K0g@mail.gmail.com> <CACsn0c=EcXyrB83HnSbWWrQG5T2AjDQdG2D408qiDjqXEY3Htg@mail.gmail.com> <CABkgnnXdFJHEA60x-KObf_dT1aS5ys49mO4Uffmmw4sKwNX8Yg@mail.gmail.com> <CACsn0cn=B36Tn0O=RaUebAtjqxRVcQFD+kWyFVfXELiHY2ux2w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 22 Jun 2016 13:58:11 +1000
Message-ID: <CABkgnnV4+_TvAGQ2SYWi+REnxSLgV+D_H3gKw0Rz6fswqd8iiA@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EOzT6y-_VGWl6N-r7uhZggsCqIs>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Simpler backward compatibility rules for 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2016 03:58:15 -0000
On 22 June 2016 at 12:01, Watson Ladd <watsonbladd@gmail.com> wrote: > Why isn't 0-RTT an extension in the Client Hello to deal with this? You can't stream extensions, which unfortunately is required given how most software interacts with their TLS stack. Let's be clear, the actual risk we're talking about is pretty-much confined to screw-ups. The deployment screwup where you left one server speaking TLS 1.2 somewhere before turning 0-RTT on; and TLS MitM, which calling a screw-up might be too positive a statement. Of course, David is right that screw-ups like this are too common for us to do nothing about them.
- Re: [TLS] Simpler backward compatibility rules fo… Ilari Liusvaara
- Re: [TLS] Simpler backward compatibility rules fo… Hubert Kario
- Re: [TLS] Simpler backward compatibility rules fo… Hubert Kario
- Re: [TLS] Simpler backward compatibility rules fo… Erik Nygren
- Re: [TLS] Simpler backward compatibility rules fo… Martin Thomson
- Re: [TLS] Simpler backward compatibility rules fo… Ilari Liusvaara
- Re: [TLS] Simpler backward compatibility rules fo… Watson Ladd
- Re: [TLS] Simpler backward compatibility rules fo… Martin Thomson
- Re: [TLS] Simpler backward compatibility rules fo… Martin Thomson
- Re: [TLS] Simpler backward compatibility rules fo… David Benjamin
- Re: [TLS] Simpler backward compatibility rules fo… Martin Thomson
- Re: [TLS] Simpler backward compatibility rules fo… Martin Thomson
- Re: [TLS] Simpler backward compatibility rules fo… Watson Ladd
- Re: [TLS] Simpler backward compatibility rules fo… Bill Frantz
- Re: [TLS] Simpler backward compatibility rules fo… Martin Thomson
- Re: [TLS] Simpler backward compatibility rules fo… David Benjamin
- Re: [TLS] Simpler backward compatibility rules fo… Ilari Liusvaara
- Re: [TLS] Simpler backward compatibility rules fo… Ryan Hamilton
- [TLS] Simpler backward compatibility rules for 0-… Martin Thomson
- Re: [TLS] Simpler backward compatibility rules fo… Watson Ladd
- Re: [TLS] Simpler backward compatibility rules fo… David Benjamin