IETF Logo Mail Archive

Re: [TLS] Remove 0-RTT client auth

Russ Housley <housley@vigilsec.com> Mon, 22 February 2016 00:02 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6E2F1A6F7A for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 16:02:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.899
X-Spam-Level:
X-Spam-Status: No, score=-101.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id om_tEwq3PmWG for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 16:02:25 -0800 (PST)
Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 6A22C1A1EF7 for <tls@ietf.org>; Sun, 21 Feb 2016 16:02:25 -0800 (PST)
Received: from localhost (unknown [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 3C7A1F9C013 for <tls@ietf.org>; Sun, 21 Feb 2016 19:02:25 -0500 (EST)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id wCeZaeSOaaqX for <tls@ietf.org>; Sun, 21 Feb 2016 19:01:01 -0500 (EST)
Received: from [172.25.1.3] (rrcs-67-52-140-5.west.biz.rr.com [67.52.140.5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 71488F9C00F for <tls@ietf.org>; Sun, 21 Feb 2016 19:02:12 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: multipart/alternative; boundary="Apple-Mail-82-1050761322"
Date: Sun, 21 Feb 2016 19:02:10 -0500
In-Reply-To: <BLUPR03MB13969A66CED53C71975A9D468CA20@BLUPR03MB1396.namprd03.prod.outlook.com>
To: IETF TLS <tls@ietf.org>
References: <CABkgnnWy3anGeLZ2a=EH+O2f4PnScJPGdBdEOkA7EmE+jgZ1pg@mail.gmail.com> <CABcZeBNnSozZvs78tcCTff+_5X23i6TnHTBLgq-mHJaCs=QkKA@mail.gmail.com> <BLUPR03MB13969A66CED53C71975A9D468CA20@BLUPR03MB1396.namprd03.prod.outlook.com>
Message-Id: <2CF222FD-7288-4952-B53D-F3ADE131596C@vigilsec.com>
X-Mailer: Apple Mail (2.1085)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Jm5mTZgOWNrj6POWjCD3-lAhfQA>
Subject: Re: [TLS] Remove 0-RTT client auth
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2016 00:02:26 -0000

+1 
 
On Sun, Feb 21, 2016 at 11:31 AM, Martin Thomson <martin.thomson@gmail.com> wrote:
I'm sitting here in TRON listening to Karthik describe all the various
ways in which client authentication in 0-RTT is bad.  I'm particularly
sympathetic to the perpetual impersonation attack that arises when the
client's ephemeral key is compromised.

We originally thought that we might want to do this for
WebRTC/real-time.  As it so happens, we have an alternative design
that doesn't need this, so...

I propose that we remove client authentication from 0-RTT.

This should simplify the protocol considerably.

https://github.com/tlswg/tls13-spec/issues/420

[1] Compromising the server's long term key has the same impact, but
that's interesting for other, worse reasons.

v2.23.0 | Report a Bug | By Email