IETF Logo Mail Archive

Re: [TLS] Unifying tickets and sessions

Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 20 October 2014 23:58 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 499351ACF82 for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 16:58:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_15=0.6] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3joxSIEViwxN for <tls@ietfa.amsl.com>; Mon, 20 Oct 2014 16:58:35 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4871F1ACF7F for <tls@ietf.org>; Mon, 20 Oct 2014 16:58:35 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 448CB2AB2B5; Mon, 20 Oct 2014 23:58:33 +0000 (UTC)
Date: Mon, 20 Oct 2014 23:58:33 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20141020235832.GK19158@mournblade.imrryr.org>
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C48AF@USMBX1.msg.corp.akamai.com> <5445775E.3050108@fussenegger.info> <54458113.1050304@polarssl.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <54458113.1050304@polarssl.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/G6HXLj0zwygkWiZI2a7MrIKpo64
Subject: Re: [TLS] Unifying tickets and sessions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 23:58:36 -0000

On Mon, Oct 20, 2014 at 11:39:31PM +0200, Manuel P?gouri?-Gonnard wrote:

> > The RFC should clarify that the negotiated cipher **MUST** be honored 
> > when encrypting the state that will be sent to the client. [1]

I am having trouble parsing the original suggestion above.

> While I'm sympathetic with the goal, I'm afraid that will complicate
> implementations more than necessary. How about requiring to use a key length at
> least a high as the highest supported ciphersuite instead?

Does it mean (as I think you're saying) that session tickets MUST
be encrypted with the session's negotiated ciphersuite?  That seems
rather unmanageable.  A single sufficiently strong key is likely
far more realistic.

With keys for clusters of servers rotated by code external to the
TLS library, asking for a key for every algorith/size is impractical.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email