Re: [TLS] Comments on various things on agenda (Was: Re: TLS Interim - update and agenda)
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Wed, 11 March 2015 09:15 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC46A1A6F3C for <tls@ietfa.amsl.com>; Wed, 11 Mar 2015 02:15:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0PJidv3i0DTT for <tls@ietfa.amsl.com>; Wed, 11 Mar 2015 02:15:18 -0700 (PDT)
Received: from emh03.mail.saunalahti.fi (emh03.mail.saunalahti.fi [62.142.5.109]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 863A41A1A7D for <tls@ietf.org>; Wed, 11 Mar 2015 02:15:18 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh03.mail.saunalahti.fi (Postfix) with ESMTP id DA47E1887BD; Wed, 11 Mar 2015 11:15:15 +0200 (EET)
Date: Wed, 11 Mar 2015 11:15:15 +0200
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Message-ID: <20150311091515.GA15123@LK-Perkele-VII>
References: <9A043F3CF02CD34C8E74AC1594475C73AAFAD5D2@uxcn10-5.UoA.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73AAFAD5D2@uxcn10-5.UoA.auckland.ac.nz>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/FKLKu_h7OpQkbUFdopZHFubzxTs>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Comments on various things on agenda (Was: Re: TLS Interim - update and agenda)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 09:15:21 -0000
On Wed, Mar 11, 2015 at 05:18:45AM +0000, Peter Gutmann wrote: > Ilari Liusvaara <ilari.liusvaara@elisanet.fi> writes: > > >Backwards compatibility: > > > >Is this about what is needed for compatiblity with past TLS versions? > > TLS 1.3, which I've already pointed out several times has so little backwards > compatibility that it should be called TLS 2.0, doesn't need to be hamstrung > with retaining stuff from the other TLS 1.x versions, for example the totally > pointless: Here by backwards compatiblity, I interpret: "Possiblity to securely downnegotiate to earlier versions without reconnect." This has the following implications: - TLS 1.2 servers have to be able to interpret the TLS 1.3 first flight in a sane way, so handshake can continue. - TLS 1.3 clients have to be able to interpret the TLS 1.2 first flight in a sane way, so handshake can continue. Not doing this is basically either a major security hole or serious deployment obstacle. > >- The first byte of record header needs to remain subprotocol id (for > > muxing TLS with other stuff) > > (and many others). It's already so different even to TLS 1.2 that there's no > point in retaining some crufty old artefact of SSL 3.0 just because we've > always done it this way. If there's a feature that's useful or important to > the functioning of the protocol then by all means include it, but there's no > point in dragging along old protocol misfeatures "for backwards compatibility" > when so much else has changed incompatibly. There actually are _protocols_ that _break_ if TLS ever generates first byte of record that isn't on certain range (20-63 / 0x14-0x3F), and that is the only non-abstract requirement (not easily re-definable by TLS). Radical handshake changes are OK. Or protocols that break if TLS ever starts the connection with byte that isn't 0x16 (but this is also required by "backward compatiblity" as defined above). E.g. Redefine what record type 0x17 (which is appdata in TLS 1.2) means? Sure, no problem. Drop 0x14 (ChangeCipherSpec)? No problemo. Enable encryption in the middle of hanshake? Ditto. -Ilari
- [TLS] Comments on various things on agenda (Was: … Peter Gutmann
- Re: [TLS] Comments on various things on agenda (W… Ilari Liusvaara
- Re: [TLS] Comments on various things on agenda (W… Watson Ladd
- Re: [TLS] Comments on various things on agenda (W… Ilari Liusvaara
- Re: [TLS] Comments on various things on agenda (W… Peter Gutmann