[TLS] Rethink TLS 1.3
Watson Ladd <watsonbladd@gmail.com> Sat, 22 November 2014 00:57 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEF241A9125 for <tls@ietfa.amsl.com>; Fri, 21 Nov 2014 16:57:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SCATM7FVRits for <tls@ietfa.amsl.com>; Fri, 21 Nov 2014 16:57:54 -0800 (PST)
Received: from mail-yk0-x22c.google.com (mail-yk0-x22c.google.com [IPv6:2607:f8b0:4002:c07::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D34BD1A911A for <tls@ietf.org>; Fri, 21 Nov 2014 16:57:53 -0800 (PST)
Received: by mail-yk0-f172.google.com with SMTP id 131so2792802ykp.31 for <tls@ietf.org>; Fri, 21 Nov 2014 16:57:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=Y0a5az1APzMSSF3ANHApG/dcjucvrvsTrPeVjp4FTjY=; b=bdRc2KfoqtL3uo+XeVh0xoQ2B9f9Q3I22xr15A2giY792UiXf00Cp5KFn7vMP33PD3 UQuOZWc1eVWBux3lujL6fvndQA2h1Y/cF3qoCABugECg9fU73nSRqaB8tcqkpk25AtU5 ESmlMCvPbQ2wpVyYlVpqwBSArZtfixaRR8PSxCVIoOqXggSg6JPq86MFQST322xfJM+B k+L2ALayew4GTjS57LZzvUuKgUHNP3b3smujyluPpJtNFTsSJowad5laFDPKLKXBb6sC ZGWNqoG87ojW84uc78vH5SRZeGnDx5rvHyQCbU8GG4bGYL/9zDP6F2w+qHOOt5XFNazN RPLw==
MIME-Version: 1.0
X-Received: by 10.236.53.69 with SMTP id f45mr5745039yhc.65.1416617873139; Fri, 21 Nov 2014 16:57:53 -0800 (PST)
Received: by 10.170.195.21 with HTTP; Fri, 21 Nov 2014 16:57:53 -0800 (PST)
Date: Fri, 21 Nov 2014 16:57:53 -0800
Message-ID: <CACsn0ckmYrx+S--pP6P7VgjsmqQsoYnp+m-9hTPT-OJ9waUtkA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/FNiz5Eyr-VOpLlkz_JctNcubdD4
Subject: [TLS] Rethink TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Nov 2014 00:57:56 -0000
Was the TLS 1.3 draft written by a cryptographer? No. Has it been reviewed by cryptographers? Unclear. Are the mechanisms secure? Unknown. Is it easy to analyze TLS 1.2? No. Was TLS 1.2 secure? No. Has TLS 1.3 fixed flaws in TLS 1.2? Some: session_hash remains unincluded, but the record layer is finally fixed. How long will it take to analyze TLS 1.3? If past experience is any guide, a decade. Can we fix problems in deployed protocols? No. Will TLS 1.3 be deployed? Yes. Putting this together, it seems clear that substantially more attention needs to be paid to TLS 1.3 before we deploy it. A delay is inevitable. Even if we decide not to proceed with OPTLS, we need to make sure that there is a substantial degree of analysis of the protocol before, not after, it is deployed, and that it is designed to help, not hinder, analysis. The current draft is not in a state where it describes a protocol that we can analyze or implement. The sooner it gets to that state, the sooner we can start seriously finding problems or showing there are none. But we shouldn't expect that this process will be overnight: it's much faster to start with a good protocol and serialize each of the messages, instead of starting with mystery, figuring out what it actually does, and trying to show the result is correct (and discovering it isn't). Sincerely, Watson Ladd
- [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Eric Rescorla
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Hanno Böck
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Ralph Holz
- Re: [TLS] Rethink TLS 1.3 Jeffrey Walton
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Florian Weimer
- Re: [TLS] Rethink TLS 1.3 Martin Rex
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Martin Rex
- Re: [TLS] Rethink TLS 1.3 Martin Rex
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Salz, Rich
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Brian Smith
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Daniel Kahn Gillmor
- Re: [TLS] Rethink TLS 1.3 Yoav Nir
- Re: [TLS] Rethink TLS 1.3 Hubert Kario
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Hubert Kario
- Re: [TLS] Rethink TLS 1.3 Bodo Moeller
- Re: [TLS] Rethink TLS 1.3 Joseph Salowey
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Peter Gutmann
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Rethink TLS 1.3 Ilari Liusvaara
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Peter Gutmann
- Re: [TLS] Rethink TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Rethink TLS 1.3 Ryan Sleevi
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Peter Gutmann