IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

Yoav Nir <ynir.ietf@gmail.com> Wed, 23 November 2016 13:39 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23E84129A2E for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 05:39:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Na8se-5RHwSh for <tls@ietfa.amsl.com>; Wed, 23 Nov 2016 05:39:51 -0800 (PST)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 829FC129475 for <tls@ietf.org>; Wed, 23 Nov 2016 05:39:50 -0800 (PST)
Received: by mail-wm0-x235.google.com with SMTP id a197so78349366wmd.0 for <tls@ietf.org>; Wed, 23 Nov 2016 05:39:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=HnDvmi8RmIzZO+wup+cC91gvbH9xgMCKkOtJ0N0AQ8A=; b=a6hx6IYEdqFZ6B8ozxyBemO75Qng9AWzGMfkg8wuVUkgmXaufQIYa3vNH5FrKrseqN 8sLrJPa4jlN/gSnGsOSUb/Sqt0yFERVTeV2Fiz2tPAR5JsQgR2LggIbViA2mkHPxpffe aSToAY4iD68gz9dILJAZcKAuZ16OLvT1MGTyo5VHeguOJ1COs9Do0/4pzOYhdr2hUb44 IONefmP68THvwAyxgFlwTZhfPoa9Z4XzXcHMpvixrtAsiP4MS9F0SHiG5i4y/KAtYWse yFlwNgxVr6ZaHSQ33skg3PILYD/+wtQ5NiWDgjpQfFQDBxAK0CRWUpgJ0uNryzkx4KCF WWXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=HnDvmi8RmIzZO+wup+cC91gvbH9xgMCKkOtJ0N0AQ8A=; b=K3OZJ1ItDXCRK6npoxzO1wvHY+fsE+Z8mQ349tGunyj5OsZUdtbUjkkr/Xdyg556yx FcoPEQxEBuDi42B6MlHNy0DSJStPzG1QLSTmWoxtFr95kEyuOA6ab9Dw9Xj5b4uVH2UW 2fEC6tlmmTdWv+LvtHPsQO1zoGZC5X0DlGrSxmkgQWKNzji0SP4NfCPCQBmoJDAkWLDL A2c5TBtTMqVke4IZrUBjvp3NlONL1Dk1rRWlP1b3OsX87iNTF18+tVYM7EtX/OXNdKwp xidd+99h+/b1ZsVXR/k3MD6ufvLNvAIB6XFBRm166vtSLNMsudebJhf0V9ubUNCjT5HW DiCA==
X-Gm-Message-State: AKaTC00JnQ4XXzWY8tLPc8S6TSOyGMIkauFJN2lCGnkgEGPz/kzSyWVMa1s+NG1WwSUBYw==
X-Received: by 10.28.168.70 with SMTP id r67mr3264992wme.19.1479908389060; Wed, 23 Nov 2016 05:39:49 -0800 (PST)
Received: from macbook-pro-2.mshome.net ([176.13.8.210]) by smtp.gmail.com with ESMTPSA id c133sm2859285wme.12.2016.11.23.05.39.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Nov 2016 05:39:48 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <91F6F914-17FB-4543-B916-F1829267B168@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_15C3651C-420A-4EA4-83F6-0E91F3D89FDF"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Date: Wed, 23 Nov 2016 15:39:38 +0200
In-Reply-To: <D45B2AE4.55950%john.mattsson@ericsson.com>
To: John Mattsson <john.mattsson@ericsson.com>
References: <62B88142-2DBE-439F-AD4A-309053925794@sn3rd.com> <7462904085cc4a94914298af81157031@usma1ex-dag1mb1.msg.corp.akamai.com> <7de8f9da-8ab1-cfc2-00ad-9c91c7694174@gmail.com> <8394bafcd99344838d878b5e8cf5b524@usma1ex-dag1mb1.msg.corp.akamai.com> <8262a7bf-6c19-0a23-9d0b-8f59344444aa@gmail.com> <D45B2AE4.55950%john.mattsson@ericsson.com>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HzKXebMwsm1BWInuvSkQC_7rJ3c>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2016 13:39:52 -0000

> On 23 Nov 2016, at 12:22, John Mattsson <john.mattsson@ericsson.com> wrote:
> 
> On 2016-11-21, 06:31, "TLS on behalf of Yaron Sheffer"
> <tls-bounces@ietf.org <mailto:tls-bounces@ietf.org> on behalf of yaronf.ietf@gmail.com <mailto:yaronf.ietf@gmail.com>> wrote:
> 
>> So the key schedule changed and therefore we think cross-version attacks
>> are impossible. Have we also analyzed other protocols to ensure that
>> cross protocol attacks, e.g. with SSH or IPsec, are out of the question?
>> 
>> Put differently, algorithm designers gave us a cheap, easy to use tool
>> to avoid a class of potential attacks. Why are we insisting on not using
>> it?
> 
> Unless someone points out any major disadvantages with using a context, I
> agree with Yaron.

I’m not even sure what my position is on this. Specifying the use of a context here goes against the recommendation in the CFRG draft:

      Contexts SHOULD NOT be used opportunistically, as that kind of use
      is very error-prone.  If contexts are used, one SHOULD require all
      signature schemes available for use in that purpose support
      contexts.

If someone knows why this recommendation was made, that would be great.

However, three working groups are currently faced with this same decision: TLS, IPsecME and Curdle. I think it would be weird if these three groups came up with different answers to what is essentially the same question. At least for TLS and IKE there are no operational differences either. 

So Curdle, I’ve been told, is leaning towards empty context for Ed448 and no OID for Ed25519ctx. IPsecME has a thread similar to this one (with similar participants…)

Yoav

v2.23.0 | Report a Bug | By Email