Re: [TLS] MTI policy & practice (Was: Re: Comments on various things on agenda)
Dave Garrett <davemgarrett@gmail.com> Mon, 09 March 2015 22:21 UTC
Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC87B1AC3D2 for <tls@ietfa.amsl.com>; Mon, 9 Mar 2015 15:21:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id czikOOQynveK for <tls@ietfa.amsl.com>; Mon, 9 Mar 2015 15:21:47 -0700 (PDT)
Received: from mail-qc0-x235.google.com (mail-qc0-x235.google.com [IPv6:2607:f8b0:400d:c01::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF86D1ACDCF for <tls@ietf.org>; Mon, 9 Mar 2015 15:21:43 -0700 (PDT)
Received: by qcwb13 with SMTP id b13so33034607qcw.12 for <tls@ietf.org>; Mon, 09 Mar 2015 15:21:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=VSffaWiC8uy0ORndbqGAy/FaBk/BRcREbxVtp6nnApw=; b=ZA1B7nz8NWH/mUiDD6H2GBmbMwaSO2T9XGDXe6+lPCKCtHKwhNAl4FsQfnY/4+kUI0 yDMjKSuMmCb7nUPeLW6aoGm2hDfJsY04rtG+soXZRMmatgOhzfp32lGv7S2u5Lp7rEYb WjfpVrrqV2ygyQARB6JMZBMhy59Lb1qgFa042duCG0LTVsPgAE05La10C5ozh1DTUtoA A3IzV00Yv2TY5l+ndZuiAOT42oT2wFs1dzRR3Rn0+lD/XeId2/79n0Hyw8Wk86v+7BR0 P8Mq+QKK/g7WYKv+H1tOhfuizNJQNm16JW+49QHajXCfNpNFX/Jcgw3BNbVDKlyt677+ 1znA==
X-Received: by 10.141.23.208 with SMTP id z199mr38845713qhd.27.1425939702726; Mon, 09 Mar 2015 15:21:42 -0700 (PDT)
Received: from dave-laptop.localnet (pool-96-245-254-195.phlapa.fios.verizon.net. [96.245.254.195]) by mx.google.com with ESMTPSA id f102sm2104389qki.1.2015.03.09.15.21.42 (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 09 Mar 2015 15:21:42 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: Aaron Zauner <azet@azet.org>
Date: Mon, 09 Mar 2015 18:21:40 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-71-generic-pae; KDE/4.4.5; i686; ; )
References: <65D2FD736B6B2B48B2EAD2BD189DC9CC270CA949@LLE2K10-MBX01.mitll.ad.local> <201503091739.45205.davemgarrett@gmail.com> <54FE1615.7070002@azet.org>
In-Reply-To: <54FE1615.7070002@azet.org>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201503091821.41393.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/EkdXbYjjRXrvrY0Ty4Oysgsonf4>
Cc: tls@ietf.org
Subject: Re: [TLS] MTI policy & practice (Was: Re: Comments on various things on agenda)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 22:21:50 -0000
On Monday, March 09, 2015 05:52:21 pm Aaron Zauner wrote: > Dave Garrett wrote: > > It's the difference between an implementation supporting the cipher and the deployment enabling the cipher. A connection proposing a cipher list without the MTI is still considered valid. One proposing without an MTD is essentially a protocol error. > > > > We have three decision sets in TLS: > > > > 1) IETF TLS WG RFC -> The Specification > > 2) Software implementing #1 -> The Implementation > > 3) Administrators configuring #2 on their servers -> The Deployment > > Thanks for clearing this up. This should be explained in case it ends up > in the I-D. Sorry for not being clear enough. The way I worded it initially was interpretable in multiple ways. (which I guess is apt for this discussion ;) > > What I'm proposing is essentially two MTI, with one that implementations are not allowed to disable. If you want to be really strict, endpoints could reject connections that do not propose the MTD, regardless of what's negotiated (but that has risks if the MTD needs revoking). > > I'm fine with that. The risks could be mitigated with some limit on when to bail entirely, though I don't know that could be specified in a way that won't cause interop problems. If we're confident that humans have finally figured out how to write cryptography in a way that won't have catastrophic failures anymore (stop laughing), then we'd just expect some minor interop breakage until implementations are updated after a deprecation/prohibition RFC for an MTD. In my opinion, everyone is too afraid of breakage. We should just agree on how to break in unison in a way that maintains the best possible result. > I think the crypto community is pretty confident in AES. That being > said, different AEAD constructions would make sense in case there is new > research suggesting security issues with one of both. Be it MTI or MTD. Setting CBC aside, I agree. We're pretty much down to just AES-GCM being fully trusted, and that really needs to be fixed with more variants as well as new ciphers and new versions of old ciphers, like Camellia and GOST. Single points of failure are not a good thing. > > I think finalizing the TLS 1.3 spec prior to finalized CFRG specifications would be a bad idea. Hopefully they're almost done arguing. > > :) For those that haven't checked the CFRG recently, they've agreed on Curve25519 & Ed448. How long it will take to agree on how to specify this is anyone's guess. Dave
- [TLS] TLS Interim - update and agenda Joseph Salowey
- Re: [TLS] TLS Interim - update and agenda Yoav Nir
- Re: [TLS] TLS Interim - update and agenda Benjamin Beurdouche
- Re: [TLS] TLS Interim - update and agenda Sean Turner
- Re: [TLS] Comments on various things on agenda (W… Dave Garrett
- [TLS] Comments on various things on agenda (Was: … Ilari Liusvaara
- Re: [TLS] Comments on various things on agenda (W… Eric Rescorla
- Re: [TLS] Comments on various things on agenda (W… Dave Garrett
- Re: [TLS] Comments on various things on agenda (W… Stephen Farrell
- Re: [TLS] Comments on various things on agenda (W… Aaron Zauner
- Re: [TLS] Comments on various things on agenda (W… Dave Garrett
- Re: [TLS] Comments on various things on agenda (W… Aaron Zauner
- Re: [TLS] Comments on various things on agenda (W… Stephen Checkoway
- Re: [TLS] Comments on various things on agenda (W… Blumenthal, Uri - 0558 - MITLL
- [TLS] MTI policy & practice (Was: Re: Comments on… Dave Garrett
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Aaron Zauner
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Dave Garrett
- Re: [TLS] Comments on various things on agenda (W… Yoav Nir
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Aaron Zauner
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Dave Garrett
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Aaron Zauner
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Dave Garrett
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Watson Ladd
- Re: [TLS] MTI policy & practice (Was: Re: Comment… Dave Garrett
- Re: [TLS] Comments on various things on agenda (W… Brian Sniffen
- Re: [TLS] Comments on various things on agenda (W… Dave Garrett
- Re: [TLS] Comments on various things on agenda (W… Sean Turner