IETF Logo Mail Archive

Re: [TLS] Fwd: Kill Finished (and other tricks for hardware)

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Fri, 18 April 2014 15:36 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 178511A03F7 for <tls@ietfa.amsl.com>; Fri, 18 Apr 2014 08:36:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LExHpnRBEgTn for <tls@ietfa.amsl.com>; Fri, 18 Apr 2014 08:36:40 -0700 (PDT)
Received: from emh04.mail.saunalahti.fi (emh04.mail.saunalahti.fi [62.142.5.110]) by ietfa.amsl.com (Postfix) with ESMTP id ADD4F1A041D for <tls@ietf.org>; Fri, 18 Apr 2014 08:36:38 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh04.mail.saunalahti.fi (Postfix) with ESMTP id DA8171A2623; Fri, 18 Apr 2014 18:36:32 +0300 (EEST)
Date: Fri, 18 Apr 2014 18:36:31 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Watson Ladd <watsonbladd@gmail.com>
Message-ID: <20140418153631.GA29018@LK-Perkele-VII>
References: <CACsn0cm7CU3HBOY-m90+HwGBuw+nZ7vyqRdHZcfDjw7wiTmDMw@mail.gmail.com> <CAK3OfOiEAWto9qrrJbVzZRgk++6tR-im=RFk4bxjD52ZE5FMWg@mail.gmail.com> <CACsn0cmmtg4Q_hf2jccvwps1b67pVM+wDrraZFPX5fB1C5b=Eg@mail.gmail.com> <CAK3OfOgjcNXrLygba_GLTbV_A1bktFtT_qyee-HRLyL0DPs0ug@mail.gmail.com> <CACsn0c=ADD_Lf__2XHSZWpA8037RiayS4MQpJy-9LqA5qbXmTQ@mail.gmail.com> <CACsn0ckE4dXrGi7_5U23SQk3BjrOCADuE8gabp2wVW4xbgN-0g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CACsn0ckE4dXrGi7_5U23SQk3BjrOCADuE8gabp2wVW4xbgN-0g@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/J7dbnhCE_Ddzk4hVj6Oynyml4B4
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fwd: Kill Finished (and other tricks for hardware)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 15:36:42 -0000

On Fri, Apr 18, 2014 at 07:58:17AM -0700, Watson Ladd wrote:
>
> Is channel binding really necessary in TLS? I agree key extractors
> are, but I think the cases where TLS is layered on encrypted channels
> are pretty rare. Of course if TCPcrypt becomes more common this will
> change. But I don't see how to do a key confirmation and 1-RTT in the
> same handshake: we may end up with options, and then have to be very,
> very careful in hashing the handshake. Chalk this up to me neglecting
> a usecase.

AFAIK, This isn't about binding TLS to something underneath, but about
binding something over TLS into the TLS.

Naively, one would expect signing a value from TLS-extractor to provode
channel binding.

Currently this does not hold because:
- Non-FS key exchanges.
- FS key exchanges not binding DH public keys into master secret
  (allows MITM to play games resulting same MS on both sides).


And yes, if there is TCPCrypt running, that's whole another ballgame.


-Ilari

v2.23.0 | Report a Bug | By Email