Re: [TLS] Fwd: Kill Finished (and other tricks for hardware)
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Fri, 18 April 2014 15:36 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 178511A03F7 for <tls@ietfa.amsl.com>; Fri, 18 Apr 2014 08:36:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LExHpnRBEgTn for <tls@ietfa.amsl.com>; Fri, 18 Apr 2014 08:36:40 -0700 (PDT)
Received: from emh04.mail.saunalahti.fi (emh04.mail.saunalahti.fi [62.142.5.110]) by ietfa.amsl.com (Postfix) with ESMTP id ADD4F1A041D for <tls@ietf.org>; Fri, 18 Apr 2014 08:36:38 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh04.mail.saunalahti.fi (Postfix) with ESMTP id DA8171A2623; Fri, 18 Apr 2014 18:36:32 +0300 (EEST)
Date: Fri, 18 Apr 2014 18:36:31 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Watson Ladd <watsonbladd@gmail.com>
Message-ID: <20140418153631.GA29018@LK-Perkele-VII>
References: <CACsn0cm7CU3HBOY-m90+HwGBuw+nZ7vyqRdHZcfDjw7wiTmDMw@mail.gmail.com> <CAK3OfOiEAWto9qrrJbVzZRgk++6tR-im=RFk4bxjD52ZE5FMWg@mail.gmail.com> <CACsn0cmmtg4Q_hf2jccvwps1b67pVM+wDrraZFPX5fB1C5b=Eg@mail.gmail.com> <CAK3OfOgjcNXrLygba_GLTbV_A1bktFtT_qyee-HRLyL0DPs0ug@mail.gmail.com> <CACsn0c=ADD_Lf__2XHSZWpA8037RiayS4MQpJy-9LqA5qbXmTQ@mail.gmail.com> <CACsn0ckE4dXrGi7_5U23SQk3BjrOCADuE8gabp2wVW4xbgN-0g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CACsn0ckE4dXrGi7_5U23SQk3BjrOCADuE8gabp2wVW4xbgN-0g@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/J7dbnhCE_Ddzk4hVj6Oynyml4B4
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fwd: Kill Finished (and other tricks for hardware)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2014 15:36:42 -0000
On Fri, Apr 18, 2014 at 07:58:17AM -0700, Watson Ladd wrote: > > Is channel binding really necessary in TLS? I agree key extractors > are, but I think the cases where TLS is layered on encrypted channels > are pretty rare. Of course if TCPcrypt becomes more common this will > change. But I don't see how to do a key confirmation and 1-RTT in the > same handshake: we may end up with options, and then have to be very, > very careful in hashing the handshake. Chalk this up to me neglecting > a usecase. AFAIK, This isn't about binding TLS to something underneath, but about binding something over TLS into the TLS. Naively, one would expect signing a value from TLS-extractor to provode channel binding. Currently this does not hold because: - Non-FS key exchanges. - FS key exchanges not binding DH public keys into master secret (allows MITM to play games resulting same MS on both sides). And yes, if there is TCPCrypt running, that's whole another ballgame. -Ilari
- [TLS] Kill Finished (and other tricks for hardwar… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Nico Williams
- Re: [TLS] Kill Finished (and other tricks for har… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Eric Rescorla
- Re: [TLS] Kill Finished (and other tricks for har… Nico Williams
- Re: [TLS] Kill Finished (and other tricks for har… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Michael D'Errico
- Re: [TLS] Kill Finished (and other tricks for har… Michael StJohns
- [TLS] Fwd: Kill Finished (and other tricks for ha… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Watson Ladd
- Re: [TLS] Kill Finished (and other tricks for har… Henrick Hellström
- Re: [TLS] Fwd: Kill Finished (and other tricks fo… Ilari Liusvaara
- Re: [TLS] Kill Finished (and other tricks for har… Michael StJohns
- Re: [TLS] Kill Finished (and other tricks for har… Andy Lutomirski
- [TLS] Constant Finished (was Re: Kill Finished) Michael D'Errico
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Martin Thomson
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael D'Errico
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Martin Thomson
- Re: [TLS] Kill Finished (and other tricks for har… Henrick Hellström
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael Procter
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael Procter
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael StJohns
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Watson Ladd
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Martin Thomson
- Re: [TLS] Constant Finished (was Re: Kill Finishe… Michael StJohns