Re: [TLS] CCS and key reset and renegotiation

"Salz, Rich" <rsalz@akamai.com> Fri, 06 June 2014 15:29 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBB381A0173 for <tls@ietfa.amsl.com>; Fri, 6 Jun 2014 08:29:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.55
X-Spam-Level:
X-Spam-Status: No, score=-2.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XYtuwceFU5cj for <tls@ietfa.amsl.com>; Fri, 6 Jun 2014 08:29:09 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id 687471A010D for <tls@ietf.org>; Fri, 6 Jun 2014 08:29:09 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 8CDF3165615; Fri, 6 Jun 2014 15:29:02 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id 81DCB165611; Fri, 6 Jun 2014 15:29:02 +0000 (GMT)
Received: from usma1ex-cashub.kendall.corp.akamai.com (usma1ex-cashub7.kendall.corp.akamai.com [172.27.105.23]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id 547781E045; Fri, 6 Jun 2014 15:29:02 +0000 (GMT)
Received: from USMBX1.msg.corp.akamai.com ([172.27.107.26]) by usma1ex-cashub7.kendall.corp.akamai.com ([172.27.105.23]) with mapi; Fri, 6 Jun 2014 11:29:01 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 6 Jun 2014 11:29:01 -0400
Thread-Topic: [TLS] CCS and key reset and renegotiation
Thread-Index: Ac+Bm6yCmyfsGt2PREKfO7WuMZOr3wAAB7fw
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C7130F434DAB@USMBX1.msg.corp.akamai.com>
References: <9A043F3CF02CD34C8E74AC1594475C738DEC335D@uxcn10-tdc06.UoA.auckland.ac.nz> <2A0EFB9C05D0164E98F19BB0AF3708C7130F434D72@USMBX1.msg.corp.akamai.com> <CACsn0c=LOaTQSHxUK_Aznbw1rcC7sfcDi9c4LiFKExtajCwehg@mail.gmail.com>
In-Reply-To: <CACsn0c=LOaTQSHxUK_Aznbw1rcC7sfcDi9c4LiFKExtajCwehg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_2A0EFB9C05D0164E98F19BB0AF3708C7130F434DABUSMBX1msgcorp_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/HUIdJdClQ5qW1M8wL_BtRxPLPdI
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] CCS and key reset and renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2014 15:29:12 -0000

I guess, pedantically, the appdata is a loop.  But renegotiation is going away, and I need to think about resumption a bit.

Perhaps Peter, when he sees these notes in his timezone, can comment.

                /r$

--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rsalz@jabber.me<mailto:rsalz@jabber.me>; Twitter: RichSalz

From: Watson Ladd [mailto:watsonbladd@gmail.com]
Sent: Friday, June 06, 2014 11:26 AM
To: Salz, Rich
Cc: Peter Gutmann; tls@ietf.org
Subject: Re: [TLS] CCS and key reset and renegotiation


There is a loop! When receiving application data the state doesn't advance.

Also renegotiation loops, as does resumption.

As for the ladder diagram, early in the RFC there is one.

On Fri, Jun 6, 2014 at 7:46 AM, Salz, Rich <rsalz@akamai.com<mailto:rsalz@akamai.com>> wrote:
> So, of course, a ladder is a state machine where there's no going backward or loops. That means that it's simpler, right?
>
> Perhaps someone can go to https://www.websequencediagrams.com and sketch it out?
>
> /r$
>
> --
> Principal Security Engineer
> Akamai Technologies, Cambridge, MA
> IM: rsalz@jabber.me<mailto:rsalz@jabber.me>; Twitter: RichSalz
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org<mailto:TLS@ietf.org>
> https://www.ietf.org/mailman/listinfo/tls

--
"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin