Re: [TLS] Finished stuffing
Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 09 September 2016 20:19 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C943F12B390 for <tls@ietfa.amsl.com>; Fri, 9 Sep 2016 13:19:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.408
X-Spam-Level:
X-Spam-Status: No, score=-3.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.508] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wO4EUGwlKWhI for <tls@ietfa.amsl.com>; Fri, 9 Sep 2016 13:19:07 -0700 (PDT)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) by ietfa.amsl.com (Postfix) with ESMTP id C405512B367 for <tls@ietf.org>; Fri, 9 Sep 2016 13:19:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 518F011752; Fri, 9 Sep 2016 23:19:05 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id MDW529MwwEOE; Fri, 9 Sep 2016 23:19:05 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-237-87.bb.dnainternet.fi [87.100.237.87]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id F12C52310; Fri, 9 Sep 2016 23:19:04 +0300 (EEST)
Date: Fri, 09 Sep 2016 23:19:03 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <20160909201903.t726g3tywns2pfuq@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CABcZeBNqs+6SYsA9SnED8nWkUXifSPuF4gBdRG-gJamtWmxWNw@mail.gmail.com> <CABcZeBP890QrcbpGR9Ht2RkfHShavkkDmvvKPP+81x8Bz+SeDA@mail.gmail.com> <CAF8qwaCVyRrSm-XtL6Jd_VKD9qGmCJNFJW1GZVjmidsr3DnW_Q@mail.gmail.com> <CAOgPGoD8YEr=+c8eG+YZ=6nSvFB2uk7MiKNgN7Z=wg7ihAUhzg@mail.gmail.com> <e1048616-22f9-4f37-ee1c-712f97213e31@akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <e1048616-22f9-4f37-ee1c-712f97213e31@akamai.com>
User-Agent: NeoMutt/ (1.7.0)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/I0rvVkgU08q8n2dzo6P9N_QxiGM>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Finished stuffing
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2016 20:19:09 -0000
On Fri, Sep 09, 2016 at 02:50:59PM -0500, Benjamin Kaduk wrote: > I made a few notes on the pull request. Generally, I support the > change, but I get the sense that it may aid the cryptographic properties > if we keep the resumption_context and do not overload the resumption_psk > as much. One problem with this is that authentication_methods can include nontrivial methods even for "static" PSKs, and if server takes such method, you have an attack unless you bind the PSK secret used. And "static" PSKs don't have resumption_context. And I would expect that someone will be crazy enough to try to provision "static" PSK with the information required to perform 0-RTT (ALPN (or indication there is none) and associated cipher)... > I have a slight (i.e., unjustified) preference for doing > ClientHello-with-block-of-zeros rather than prefix-of-ClientHello. (Is > there a reason to require this extension to be the last one with > block-of-zeros? Clearly there is for prefix-of-ClientHello.) What about the case where client tries DHE-PSK and gets attempt rejected because of missing group (or because address verification)? 0-RTT is gone yes, but the PSK attempt isn't. What happens to the hash in this case? -Ilari
- [TLS] Finished stuffing Eric Rescorla
- Re: [TLS] Finished stuffing Eric Rescorla
- Re: [TLS] Finished stuffing David Benjamin
- Re: [TLS] Finished stuffing Joseph Salowey
- Re: [TLS] Finished stuffing Antoine Delignat-Lavaud
- Re: [TLS] Finished stuffing Eric Rescorla
- Re: [TLS] Finished stuffing David Benjamin
- Re: [TLS] Finished stuffing Eric Rescorla
- Re: [TLS] Finished stuffing Hugo Krawczyk
- Re: [TLS] Finished stuffing Eric Rescorla
- Re: [TLS] Finished stuffing Hugo Krawczyk
- Re: [TLS] Finished stuffing Ilari Liusvaara
- Re: [TLS] Finished stuffing Salz, Rich
- Re: [TLS] Finished stuffing Hannes Tschofenig
- Re: [TLS] Finished stuffing Hugo Krawczyk
- Re: [TLS] Finished stuffing Ilari Liusvaara
- Re: [TLS] Finished stuffing Martin Thomson
- Re: [TLS] Finished stuffing Benjamin Kaduk
- Re: [TLS] Finished stuffing Ilari Liusvaara
- Re: [TLS] Finished stuffing Hugo Krawczyk
- Re: [TLS] Finished stuffing Ilari Liusvaara
- Re: [TLS] Finished stuffing Benjamin Kaduk
- Re: [TLS] Finished stuffing Ilari Liusvaara
- Re: [TLS] Finished stuffing Eric Rescorla
- Re: [TLS] Finished stuffing Ilari Liusvaara