Re: [TLS] Cookie reuse subsequent connections
Martin Thomson <martin.thomson@gmail.com> Mon, 30 October 2017 09:31 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADB0313F95E for <tls@ietfa.amsl.com>; Mon, 30 Oct 2017 02:31:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jH5v9Ilo9zdx for <tls@ietfa.amsl.com>; Mon, 30 Oct 2017 02:31:49 -0700 (PDT)
Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76B1913F8EF for <tls@ietf.org>; Mon, 30 Oct 2017 02:31:47 -0700 (PDT)
Received: by mail-oi0-x22e.google.com with SMTP id v9so20825900oif.13 for <tls@ietf.org>; Mon, 30 Oct 2017 02:31:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=6KmbYPNUcoHQANib+LifSQPnNMse3VjR6gBu2S0ynKE=; b=j4YuOgSpL31Lo47Y/NgmMWWamLZq8lfsigOK3oPEB488fQCFac2eDxH7ebYLXK+F4r Phhz0BKGuuPDwu9OMWW4YYMp/eElFv1wIUZX0Xz9U+9l4BdYVXyKfE9cFyNjtmFmT3k7 3jFPYa7elMjMnABd0VWG5IVfx0+TF/XzHO6jj5UMmqVXFFyuGZcjZqRRvEDZGztEdF74 lFzNoS2Jf092ipv5BODlQ9Ae9CBjiXyQD8yaG1g3BpYeIlMtEphk1TeQhYSO3RfVrOOq hv1wCyQhxLuoq/+1ObhYtl53+R2hbgeSp/cHcf0vl0+eufutVARMV22hOtvJ2OeoizMS bJbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=6KmbYPNUcoHQANib+LifSQPnNMse3VjR6gBu2S0ynKE=; b=DVGGDq8DTHiZ0RaNpWg3wFdAnZWUX4MACOTJICYVhngvQNjYddgGPbR0VIOsrPeZ97 NGXHVEEcmAxecrTgzAKFjA0Yh5ps5zh4CRZHe+3lcRb1sBcTki08qQ5yomKnw/HQGngj LDxy50igAJdZJZPYXMzOGx8zsr8I6i6Hgjobdm50mIAJgnwoY90bsFozZf3808UJGt9l AO3SMtUKApcMju7QORPmjCc9BTmZrh7xmfcoYW0Aml9EIRTRqfwQslRau4miHsPDTGFu gfvEBuNCCJ14XyCqcuumEVlZZp4WW5PKw6v2K/6Ikm+y+jXIsP1OFnZuE7LNG4DW7zsK 8Nmg==
X-Gm-Message-State: AMCzsaXbLcvkppw5eWnmgW9JBCYU6JEIPNmmIL6bKhuSUSHwcfH1ps4g 3yVb9pC+OaDY2TgFvs2fTtTL9hZh5wpSXzrlPafvHw==
X-Google-Smtp-Source: ABhQp+SNM46qQlPMXBdHuQmwJVlbGoLkX1wZ9aimkUqh3jg0WzbmPCJ/Y9HtVv2buj1PvYT+6GyD6CaTcKZK7MFXkAE=
X-Received: by 10.157.91.61 with SMTP id x58mr5527273oth.89.1509355906796; Mon, 30 Oct 2017 02:31:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.72.178 with HTTP; Mon, 30 Oct 2017 02:31:46 -0700 (PDT)
In-Reply-To: <CA+tEvRTBGj0JwQVh66DiFQhrYXdV2h0zOTzAE5MS-yykHe3dLw@mail.gmail.com>
References: <CA+tEvRTBGj0JwQVh66DiFQhrYXdV2h0zOTzAE5MS-yykHe3dLw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 30 Oct 2017 20:31:46 +1100
Message-ID: <CABkgnnWPGomdhb8+t1P5jhR5XV+4CKFRRHHExZ=FcHPieM-WkA@mail.gmail.com>
To: Jānis Čoders <janis.coders@gmail.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Fi-5e3J_Jrcl_5myHUVEAwBzSg0>
Subject: Re: [TLS] Cookie reuse subsequent connections
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2017 09:31:51 -0000
What is most likely to happen is that the cookie will be invalid and the connection will be rejected. Many TLS servers assume that presence of a cookie means that they previously sent a HelloRetryRequest on that connection. For instance, NSS packs a hash of the original ClientHello into the cookie so that it can restore the handshake transcript. Reusing the cookie will just lead to the server restoring the handshake transcript from the wrong handshake. And that's even assuming that it accepts the cookie in the first place. On Mon, Oct 30, 2017 at 6:07 PM, Jānis Čoders <janis.coders@gmail.com> wrote: > Hi, is there ANY security issue with reusing Cookie from previous TLS > connection? In current draft there is text: "Clients MUST NOT use > cookies in their initial ClientHello in subsequent connections." I > can't think of any security implication, but can think of situations > where it could be useful. > > -- > Ar cieņu, > Jānis Čoders > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Cookie reuse subsequent connections Jānis Čoders
- Re: [TLS] Cookie reuse subsequent connections Martin Thomson
- Re: [TLS] Cookie reuse subsequent connections Jānis Čoders
- Re: [TLS] Cookie reuse subsequent connections Eric Rescorla
- Re: [TLS] Cookie reuse subsequent connections Benjamin Kaduk
- Re: [TLS] Cookie reuse subsequent connections Jānis Čoders