IETF Logo Mail Archive

Re: [TLS] Is there a way forward after today's hum?

Ted Lemon <mellon@fugue.com> Thu, 20 July 2017 06:13 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64E7E129B33 for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 23:13:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jevU6jcIgZAP for <tls@ietfa.amsl.com>; Wed, 19 Jul 2017 23:13:12 -0700 (PDT)
Received: from mail-pg0-x236.google.com (mail-pg0-x236.google.com [IPv6:2607:f8b0:400e:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 849BD127866 for <tls@ietf.org>; Wed, 19 Jul 2017 23:13:12 -0700 (PDT)
Received: by mail-pg0-x236.google.com with SMTP id 123so10245430pgj.1 for <tls@ietf.org>; Wed, 19 Jul 2017 23:13:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=D2bC7pg/69nnwccWCDb8MAv18zo+Z0r6GY6ngY61lWY=; b=BhH+h1zkg3KaDSFwau8tgO8kaEPlMBid5Yt7/OGlvJYddGVLZDgNbUlRfpdWrVjv0L f9CsT81BHLDu2fGq+9y5u2mBpQxnQKlhFRb0HMdj3ioDipN8dC0aFbPM/8eBerCNFNcB Uxk8TjkKCnKHS+dWwxvJOU9lg2u7RQEefTyrRlfNvKZczuUZnhzawFbQ0Tss+kaOCzXH KLpFZjlH2VecLqhT67FJ/KESDejja6JT3Do8Yp2Qm3G0tcgM4rFByVCqdVvxsFS8Vw0J lw1ylZOhIAWEgMulLnXlg0qkyT3X0e3V2zjvt634atv6hWOSrekkz7xtyl6i0sCnQPj3 eDCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=D2bC7pg/69nnwccWCDb8MAv18zo+Z0r6GY6ngY61lWY=; b=tGyipKbRdpKibOWCMOaO7qPYsA31Kgpgtmn0XkIDhwM6BxRDRO7gjx3MZpV/RoeALJ uZoOJp6Rj1zy3zuH4hZ3kFJgg9gtdPTIhCNj2d2dONKgAQZv+52Pc/SP0YY5D7Sdx77o grALiO8WZ8G8JnN+rLsnRFOU0MoIKIZE9ah2DyQrdkrRKoTK1BwTXetB3dwc0op43DKR iNjLhnmE1BlgWrS+Adlyqf7peeHSARdEJ+I/OJbm1pmExKxkLeJo6VNdwqlvFOL0cY2x rMSgYDheJxnGVooBBqNum/kfnzdp9oHahC+ZuRXaKLixDNG5wly5hxB2gd7aUNwSZQK6 q8Og==
X-Gm-Message-State: AIVw112kOD7LCyAR611ianj8U795ScM8hxVBMJ9tBX+ypLijRPUJXH/Z +YuVsyzkubGxQ4xtjp+4CPaS+FO0c+VH
X-Received: by 10.98.7.87 with SMTP id b84mr2798690pfd.216.1500531192115; Wed, 19 Jul 2017 23:13:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.181.42 with HTTP; Wed, 19 Jul 2017 23:13:11 -0700 (PDT)
Received: by 10.100.181.42 with HTTP; Wed, 19 Jul 2017 23:13:11 -0700 (PDT)
In-Reply-To: <EEBF938A-234C-43E3-B058-4AE443C66EF0@vigilsec.com>
References: <E6D7DDCD-FDE6-4784-ACE8-0F5AC8E2CEDF@vigilsec.com> <CAPt1N1ka=vuoZMB58LXfkJ_qafohf08WeoUs2y4kaCxBtCx29Q@mail.gmail.com> <EEBF938A-234C-43E3-B058-4AE443C66EF0@vigilsec.com>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 20 Jul 2017 08:13:11 +0200
Message-ID: <CAPt1N1nQGWOehcpYH6jz_CqoXNuA+T+XZeAESos7m+BQrKuHPw@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a1143ccc4ae49f20554b9a410"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FOM7wxVSnMvroXhuLQoMB_2EFjQ>
Subject: Re: [TLS] Is there a way forward after today's hum?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 06:13:14 -0000

I think that's okay, since this is only for use in applications where both
parties are in on the deal. But the problem with the static ecdh proposal
is the the server is not compelled to reveal that it is doing it.

On Jul 20, 2017 8:01 AM, "Russ Housley" <housley@vigilsec.com> wrote:

> Ted, if we use a new extension, then the server cannot include it unless
> the client offered it first.  I am thinking of an approach where the server
> would include information needed by the decryptor in the response.  So, if
> the client did not offer the extension, it would be a TLS protocol
> violation for the server to include it.
>
> Russ
>
>
> On Jul 19, 2017, at 1:14 PM, Ted Lemon <mellon@fugue.com> wrote:
>
> Provably involved, or involved setting an evil bit?
>
> On Wed, Jul 19, 2017 at 7:10 PM, Russ Housley <housley@vigilsec.com>
> wrote:
>
>> The hum told us that the room was roughly evenly split.  In hind sight, I
>> wish the chairs had asked a second question.  If the split in the room was
>> different for the second question, then I think we might have learned a bit
>> more about what people are thinking.
>>
>> If a specification were available that used an extension that involved
>> both the client and the server, would the working group adopt it, work on
>> it, and publish it as an RFC?
>>
>> I was listening very carefully to the comments made by people in line.
>> Clearly some people would hum for "no" to the above question, but it
>> sounded like many felt that this would be a significant difference.  It
>> would ensure that both server and client explicitly opt-in, and any party
>> observing the handshake could see the extension was included or not.
>>
>> Russ
>>
>
>

v2.23.0 | Report a Bug | By Email