Re: [TLS] Call for adoption: draft-bhargavan-tls-session-hash

Michael StJohns <msj@nthpermutation.com> Mon, 21 July 2014 21:52 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E71E61A006D for <tls@ietfa.amsl.com>; Mon, 21 Jul 2014 14:52:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id df-B8JqVoRgX for <tls@ietfa.amsl.com>; Mon, 21 Jul 2014 14:52:32 -0700 (PDT)
Received: from mail-qa0-f42.google.com (mail-qa0-f42.google.com [209.85.216.42]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33FE61A006B for <tls@ietf.org>; Mon, 21 Jul 2014 14:52:32 -0700 (PDT)
Received: by mail-qa0-f42.google.com with SMTP id j15so5906213qaq.29 for <tls@ietf.org>; Mon, 21 Jul 2014 14:52:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=jR0thCXvsWW1uety71chzG2KF+GyyrigCq0b5UdeeCI=; b=AHYHCRRG0hxG0/fUxAo1nVom28Wkve1zTwLjQdiPguBLWam13J40kayWWsklWBAjN0 Re812Zz14u4bn+2BzeoLQZUDEbdewIT91oHPH9lP2x4xEAwVGXcC92hJ7A8eUhkWMeE/ 2xb0pDgFgWrk4x1ewv94IwH8aTMFHgROx8o+bUWdGUMdKDuaqmPJvckWF3cEJLEnGdF5 vV2PWDvmmrkPWVlr7/WoHxLEipeat+cDVPM6kXesPXGHUPAy2MqRF4QLzNxcKmyFD/6p vn35xWzcS2YvKySZN+07ww3NIyYdGyee405zoJ2XNKzZfWiWbBaqhjcslmxSq4y4LlHh kDAw==
X-Gm-Message-State: ALoCoQmRmqofKrQlZeplPUgjavh35AmCBIqfKtkFctUcBOilo/Y2cy47KdOPs6iW7QVF1bl5ZWfW
X-Received: by 10.224.130.5 with SMTP id q5mr46763532qas.72.1405979551326; Mon, 21 Jul 2014 14:52:31 -0700 (PDT)
Received: from [31.133.165.195] (dhcp-a5c3.meeting.ietf.org. [31.133.165.195]) by mx.google.com with ESMTPSA id k76sm17419373qgd.38.2014.07.21.14.52.30 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 21 Jul 2014 14:52:30 -0700 (PDT)
Message-ID: <53CD8B87.4030701@nthpermutation.com>
Date: Mon, 21 Jul 2014 17:52:07 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Martin Thomson <martin.thomson@gmail.com>
References: <502C3758-9F12-4ABC-B595-FD0994A28B18@ieca.com> <53CD4F3B.4090704@nthpermutation.com> <CABkgnnWY4vtA-i4ZfZSxo5e0DSZvVjOmruU+8PN0+_n5WmHu5w@mail.gmail.com>
In-Reply-To: <CABkgnnWY4vtA-i4ZfZSxo5e0DSZvVjOmruU+8PN0+_n5WmHu5w@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Jv6K4AifrTNFjqyPREP32dCpq64
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for adoption: draft-bhargavan-tls-session-hash
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 21:52:39 -0000

On 7/21/2014 3:55 PM, Martin Thomson wrote:
> On 21 July 2014 10:34, Michael StJohns <msj@nthpermutation.com> wrote:
>> How does this work with 1rtt?
> There is an open question here, because the 1RTT handshake doesn't
> allow for the master secret to cover the certificate.  The way that
> the solution is formulated here (cover the server identity) isn't
> compatible with an encrypted certificate.  We probably need some
> analysis here, but the idea that was floated what that covering the
> (EC)DH shares could be sufficient.
>
> I think that's a separable concern and we should consider this draft
> to be <= 1.2 only.  We can choose to use this solution, if it is
> appropriate and can be adapted for 1.3.  However, as I understand it,
> the current 1.3 structure doesn't allow this exact form for the fix.
>
>

Ok - that makes a bit more sense.  I've been overloading  the queries by 
Sean/Joe for adoption  as being solely fo TLS1.3.

I don't  have any great objections to adoption as a WG item as a 1.2 and 
before extension.  I think it's got a good bit of work necessary before 
submission as an RFC though.

Mike