IETF Logo Mail Archive

Re: [TLS] MTI policy & practice (Was: Re: Comments on various things on agenda)

Aaron Zauner <azet@azet.org> Mon, 09 March 2015 21:52 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24D241A0196 for <tls@ietfa.amsl.com>; Mon, 9 Mar 2015 14:52:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NqaPmaf9AjxD for <tls@ietfa.amsl.com>; Mon, 9 Mar 2015 14:52:27 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F7341A8AAB for <tls@ietf.org>; Mon, 9 Mar 2015 14:52:27 -0700 (PDT)
Received: by wivr20 with SMTP id r20so25262886wiv.5 for <tls@ietf.org>; Mon, 09 Mar 2015 14:52:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=UchZMKOixMum/tW6Q/iRTa59syUSnsyQ6FB69/3XCnM=; b=ZLNelKRvP6vUU65QGihVeiAHl8oF5ZMmC16mbGe0KzDp89vHBehAWVFFwlzh0M9IWc pkfisi6RCgihZvlLTgIglgeGynU+sVLuN2JvUiLF7TKmdz6ZoKeHXUIC5Nxv/ums37/i nnlqQ4B7UgCru1D+ci+oOBCUcnkAsGvV39kUvM5ZsAmw1DosJpP+IvnfWiBxdTgBkhoq tVdN/i3jyUxlmp0YvB3TQMUHZ7ge4g60Fupkq1ixajd3Kxnm2izGEKDMmyFHoSw0HRQx n0mgPu5u45TgiYU0haGdilsBvcExRHStsAnFDaLNCXiXKO8vpQPcqyZlZ0rTnjxIthff fT1Q==
X-Gm-Message-State: ALoCoQnV0ZEzAJpWOK+f3JcJgEtkdGx22x2Bjc07XICWCfqbE9BvFf0+KkgVV7NJgaNt8F2HUsAH
X-Received: by 10.180.77.19 with SMTP id o19mr42331903wiw.90.1425937946353; Mon, 09 Mar 2015 14:52:26 -0700 (PDT)
Received: from [10.0.0.142] (chello080108032135.14.11.univie.teleweb.at. [80.108.32.135]) by mx.google.com with ESMTPSA id nd15sm977040wic.8.2015.03.09.14.52.24 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 09 Mar 2015 14:52:25 -0700 (PDT)
Message-ID: <54FE1615.7070002@azet.org>
Date: Mon, 09 Mar 2015 22:52:21 +0100
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Dave Garrett <davemgarrett@gmail.com>
References: <65D2FD736B6B2B48B2EAD2BD189DC9CC270CA949@LLE2K10-MBX01.mitll.ad.local> <201503091610.23008.davemgarrett@gmail.com> <54FE0CAC.1040504@azet.org> <201503091739.45205.davemgarrett@gmail.com>
In-Reply-To: <201503091739.45205.davemgarrett@gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig4C674EBC43FEFDD39D21BFE9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/JB8hi3it_DHq5EvEMqhxSEJ2MBo>
Cc: Stephen Checkoway <s@pahtak.org>, tls@ietf.org
Subject: Re: [TLS] MTI policy & practice (Was: Re: Comments on various things on agenda)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 21:52:29 -0000

Hi Dave,

Dave Garrett wrote:
> It's the difference between an implementation supporting the cipher and the deployment enabling the cipher. A connection proposing a cipher list without the MTI is still considered valid. One proposing without an MTD is essentially a protocol error.
> 
> We have three decision sets in TLS:
> 
> 1) IETF TLS WG RFC -> The Specification
> 2) Software implementing #1 -> The Implementation
> 3) Administrators configuring #2 on their servers -> The Deployment

Thanks for clearing this up. This should be explained in case it ends up
in the I-D.

> 
> What I'm proposing is essentially two MTI, with one that implementations are not allowed to disable. If you want to be really strict, endpoints could reject connections that do not propose the MTD, regardless of what's negotiated (but that has risks if the MTD needs revoking).
> 

I'm fine with that.

> Not a bad idea. However, the more that is proposed, the higher risk of some implementation deciding to ignore something. (though, this assumption may not be true anymore)

I think the crypto community is pretty confident in AES. That being
said, different AEAD constructions would make sense in case there is new
research suggesting security issues with one of both. Be it MTI or MTD.

> I think finalizing the TLS 1.3 spec prior to finalized CFRG specifications would be a bad idea. Hopefully they're almost done arguing.
> 

:)

Aaron

v2.23.0 | Report a Bug | By Email