Re: [TLS] Remove 0-RTT client auth
Russ Housley <housley@vigilsec.com> Mon, 22 February 2016 00:02 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6E2F1A6F7A for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 16:02:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.899
X-Spam-Level:
X-Spam-Status: No, score=-101.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id om_tEwq3PmWG for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 16:02:25 -0800 (PST)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 6A22C1A1EF7 for <tls@ietf.org>; Sun, 21 Feb 2016 16:02:25 -0800 (PST)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 3C7A1F9C013 for <tls@ietf.org>; Sun, 21 Feb 2016 19:02:25 -0500 (EST)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id wCeZaeSOaaqX for <tls@ietf.org>; Sun, 21 Feb 2016 19:01:01 -0500 (EST)
Received: from [172.25.1.3] (rrcs-67-52-140-5.west.biz.rr.com [67.52.140.5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 71488F9C00F for <tls@ietf.org>; Sun, 21 Feb 2016 19:02:12 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: multipart/alternative; boundary="Apple-Mail-82-1050761322"
Date: Sun, 21 Feb 2016 19:02:10 -0500
In-Reply-To: <BLUPR03MB13969A66CED53C71975A9D468CA20@BLUPR03MB1396.namprd03.prod.outlook.com>
To: IETF TLS <tls@ietf.org>
References: <CABkgnnWy3anGeLZ2a=EH+O2f4PnScJPGdBdEOkA7EmE+jgZ1pg@mail.gmail.com> <CABcZeBNnSozZvs78tcCTff+_5X23i6TnHTBLgq-mHJaCs=QkKA@mail.gmail.com> <BLUPR03MB13969A66CED53C71975A9D468CA20@BLUPR03MB1396.namprd03.prod.outlook.com>
Message-Id: <2CF222FD-7288-4952-B53D-F3ADE131596C@vigilsec.com>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Jm5mTZgOWNrj6POWjCD3-lAhfQA>
Subject: Re: [TLS] Remove 0-RTT client auth
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2016 00:02:26 -0000
+1 On Sun, Feb 21, 2016 at 11:31 AM, Martin Thomson <martin.thomson@gmail.com> wrote: I'm sitting here in TRON listening to Karthik describe all the various ways in which client authentication in 0-RTT is bad. I'm particularly sympathetic to the perpetual impersonation attack that arises when the client's ephemeral key is compromised. We originally thought that we might want to do this for WebRTC/real-time. As it so happens, we have an alternative design that doesn't need this, so... I propose that we remove client authentication from 0-RTT. This should simplify the protocol considerably. https://github.com/tlswg/tls13-spec/issues/420 [1] Compromising the server's long term key has the same impact, but that's interesting for other, worse reasons.
- [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Eric Rescorla
- Re: [TLS] Remove 0-RTT client auth Cedric Fournet
- Re: [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Eric Rescorla
- Re: [TLS] Remove 0-RTT client auth Adam Langley
- Re: [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Eric Rescorla
- Re: [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Andrei Popov
- Re: [TLS] Remove 0-RTT client auth Russ Housley
- Re: [TLS] Remove 0-RTT client auth Ilari Liusvaara
- Re: [TLS] Remove 0-RTT client auth Martin Thomson