Re: [TLS] the idea of using multiple keys with multiple certificate authorities in a TLS session.

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Fri, 06 February 2015 16:32 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C30331A6F1E for <tls@ietfa.amsl.com>; Fri, 6 Feb 2015 08:32:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.226
X-Spam-Level: **
X-Spam-Status: No, score=2.226 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DEAR_SOMETHING=1.973, FRT_BELOW2=2.154, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kT0OVR8sA3yr for <tls@ietfa.amsl.com>; Fri, 6 Feb 2015 08:32:35 -0800 (PST)
Received: from emh02.mail.saunalahti.fi (emh02.mail.saunalahti.fi [62.142.5.108]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CE141A066B for <tls@ietf.org>; Fri, 6 Feb 2015 08:32:35 -0800 (PST)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh02.mail.saunalahti.fi (Postfix) with ESMTP id 7513E81853; Fri, 6 Feb 2015 18:32:32 +0200 (EET)
Date: Fri, 06 Feb 2015 18:32:31 +0200
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Shahin Noursalehi <mixoftix@gmail.com>
Message-ID: <20150206163231.GA29809@LK-Perkele-VII>
References: <CADrAmL6xOMOauSHuTR8BUK7i4NG2Zx3H90dA6k36YMu81pVW0A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CADrAmL6xOMOauSHuTR8BUK7i4NG2Zx3H90dA6k36YMu81pVW0A@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/JIBXN1n9yxYJI4hF9gAfEHKxuuA>
Cc: abadi@cs.ucsc.edu, tls@ietf.org, ChristopherA@alacritymanagement.com
Subject: Re: [TLS] the idea of using multiple keys with multiple certificate authorities in a TLS session.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Feb 2015 16:32:37 -0000

On Thu, Feb 05, 2015 at 12:47:17PM +0330, Shahin Noursalehi wrote:
> Dear Sir/Madam,
> 
> Refer to discussions around TLS 1.3 in Linkedin group "Cryptographers
> and Cryptanalysts", contributor experts agree on the idea of using
> multiple keys with multiple certificate authorities in a TLS session.
> So if one certificate authority is compromised hopefully the others
> are not. The suggested solution would be like the process bellow:
> 
> Refer to the way that TLS generates the *master_secret*:
> 
> master_secret = PseudoRandomFunction(pre_master_secret, "master
> secret", ClientHello.random + ServerHello.random)

TLS 1.3 fixed a mistake (security problem) in this, it is now:

master_secret = PRF(pre_master_secret, "handshake master secret",
hash(handshake))

> We could generate multiple peer-to-peer pre_master_secret(s) for each
> public-key that we receive from the server and XOR them all together.
> So, our offered method of calculation of master_secret will convert
> to:

You don't need multiple premaster secrets. One could just end the
certificate chains in common host key. This way one only needs a
new certificate format and no other changes to TLS. It would also
work in earlier versions.

Of course, it seems doubtful to me that multiple certificate
chains are useful.


-Ilari