Re: [TLS] WGLC: draft-ietf-tls-session-hash

Eric Rescorla <ekr@rtfm.com> Thu, 15 January 2015 23:29 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D43981A9089 for <tls@ietfa.amsl.com>; Thu, 15 Jan 2015 15:29:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gYjnNzG9Trtd for <tls@ietfa.amsl.com>; Thu, 15 Jan 2015 15:29:43 -0800 (PST)
Received: from mail-wg0-f41.google.com (mail-wg0-f41.google.com [74.125.82.41]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A0491A9087 for <tls@ietf.org>; Thu, 15 Jan 2015 15:29:43 -0800 (PST)
Received: by mail-wg0-f41.google.com with SMTP id l18so17810530wgh.0 for <tls@ietf.org>; Thu, 15 Jan 2015 15:29:42 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=52Cyu7Z7RfYZTsMdo9geCOQ6Utx0e6BM67AIaxyki08=; b=Pc1lc2M1xGTo0jWkF0ILhTGH3ak1byvQbqY0rJ4Z8cB5f+QJgFiAm+ZXIczRagi70A 81S5+2urz4r5hownVVb+OPhLzOG0xd+rxnGBuuxU6hQY/3sBRIGtiNBe0Hq6Vvpe7XB3 NoHTMLALjNmJkuvMpD4ecIE9BQ7LZf55vlydp3rf3s0zKebUCvGT6y+a+EzXojo7dg74 YlnhlVs/bXLZlJbm5zVt0CAYg/NYo5Bc34dDqjroEe0PhayOsb6BrLNWR1jOxbj9tOzD kHMsRABJJg/HKWn0ReCqBEEpFQuFvA7LQvnNnJfECgSW5tSVqBPAP0sfKn7RUn3dLR5z nY+A==
X-Gm-Message-State: ALoCoQk6KuxToAnUg6Aggu8i49LwN4mtt8l+625EN7kCTCXXLaB87bkJZtncfE2GYWlm/d0s8sf/
X-Received: by 10.194.203.104 with SMTP id kp8mr18584622wjc.103.1421364582059; Thu, 15 Jan 2015 15:29:42 -0800 (PST)
MIME-Version: 1.0
Received: by 10.27.142.215 with HTTP; Thu, 15 Jan 2015 15:29:01 -0800 (PST)
In-Reply-To: <CABkgnnVQADSJ-daymDCRLLUf8Rv69CFc3fZB3eJzgYRaYisTPQ@mail.gmail.com>
References: <E3E12F78-101D-4BA8-9EFB-53C24362066E@ieca.com> <62165FC2-540D-48A5-A7AC-3D6D9087FDD2@gmail.com> <B773EC7F-9CE8-4A23-AE53-9F2D4264B4F2@pahtak.org> <75C82EF9-8800-453F-A489-10FD26E7F2CD@gmail.com> <CABcZeBMGkhaB4QW914A8cZjgGvnzXN-7Q9pYWWdgitcZzpSYeg@mail.gmail.com> <CABkgnnVQADSJ-daymDCRLLUf8Rv69CFc3fZB3eJzgYRaYisTPQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 15 Jan 2015 15:29:01 -0800
Message-ID: <CABcZeBM0tr4UF80Nz2Stmj74yPpPja30erpHd6YOtvx6gOd2nw@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="047d7bae493e02a864050cb93b97"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/HgBWWIYgX8CwHSSGZLvnlY85aRo>
Cc: Stephen Checkoway <s@pahtak.org>, "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] WGLC: draft-ietf-tls-session-hash
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jan 2015 23:29:45 -0000

On Thu, Jan 15, 2015 at 3:21 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> On 15 January 2015 at 14:51, Eric Rescorla <ekr@rtfm.com> wrote:
> > For sessions negotiated without EMS:
> > - SHOULD not resume
> > - MUST not resume sessions if the client offers EMS in the resumption
> >   (and therefore SHOULD do a complete negotiation).
> >
> > For sessions negotiated with EMS:
> > - The client ??? offer EMS
> > - The server MUST NOT echo it?
>
> Just to be clear, this latter part is...when renegotiating.
>

When resuming, right?




> My preference is: if the session had EMS, when renegotiating:
>  - the client MUST offer the extension, and
>  - the server MUST fail the handshake (new alert needed?) if the
> extension isn't present.
>
> That means no resumption, OR fallback to the complete handshake.
>
> I think that I'd prefer to have the server echo the extension in this
> case too.  It's a few bytes effectively wasted, but it makes
> everything nice and symmetrical.  Clients says "I want EMS" and server
> says "you got EMS".
>

I could live with this as well.

-Ekr