Re: [TLS] Earlier exporters

Nick Harper <nharper@google.com> Fri, 07 October 2016 21:37 UTC

Return-Path: <nharper@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38646129417 for <tls@ietfa.amsl.com>; Fri, 7 Oct 2016 14:37:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.696
X-Spam-Level:
X-Spam-Status: No, score=-5.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hMPbQEVz6B1g for <tls@ietfa.amsl.com>; Fri, 7 Oct 2016 14:37:46 -0700 (PDT)
Received: from mail-yw0-x22e.google.com (mail-yw0-x22e.google.com [IPv6:2607:f8b0:4002:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BED71293EB for <tls@ietf.org>; Fri, 7 Oct 2016 14:37:46 -0700 (PDT)
Received: by mail-yw0-x22e.google.com with SMTP id t192so19970463ywf.0 for <tls@ietf.org>; Fri, 07 Oct 2016 14:37:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tPdo7CVC85dx0E7sLp5E9hgrgt+G0FLEM5JJ4ZqyPrI=; b=AN/2L1LlTgEzkjCZqPIyLIDQ+BeBT7emHhaJhVYf19DNuRGT8jw3w7LC60rGEYBsQb NeKdcb5NVxRbpaRKj7emMBaSWwI381ohKIFin7SnjpCPXJPNcLxUmGd4BJuxV/elyKJ6 KwAkV4L3XG+6GtQK77koYMhzA4KTkwjGZGQl6reXuqa04oyXfH83WZn1GSGyr/4L+7p6 pdgJtrSP/2FK5OBufIT0XZbWYufCV8pP89QKBiMhzyBhpm17kTLxQPYQ3aTVnXOKDx8F TG3diBfTs7UBYqNCcUGi5dNCt+wRR8J3OHM04CyaCw6p4SrGSQk/ttatVscXfTu8QCxO F+Jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tPdo7CVC85dx0E7sLp5E9hgrgt+G0FLEM5JJ4ZqyPrI=; b=XFCQ7EAEUYQt0t1jWHwubXv2sRw8ldPZD1BJLsYyPOcAGaKgpaFchNi1bJuZmfr2mf xOiq4MUgnzV580e/ZUuPrIup8OzNBt1aMbkzBOZUfGIyocSnYQF1/mQr1uuzAaXW+hAl MfIwz8KN3wAx6k5p2mneygX4DtiE3XsCICFRH/yruiuwYZJvbF+dk7LmKMeDqFJZ0nKc M9jKkutRvL40x9y6X7+xUIMW53M0VBGDMZsx9wKoAWOjyBII1k5pTCgj3Ro7rQkXf4oY 8ZwoDNtZ2EnHbPIuML+Zbb1Kt1PXOz0EtTnMe0qevdNlHuN8d5sLCf6PGmPGQg/5ZhHQ vRZQ==
X-Gm-Message-State: AA6/9RlJiRo2eMiPx9cBn+JCkKQNyepZLDCECS8y+liwPHwoy9a3Mariyi+GPweMUixCQiw/trpHKgYxD2z2TXU0
X-Received: by 10.129.53.206 with SMTP id c197mr16784625ywa.205.1475876265241; Fri, 07 Oct 2016 14:37:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.253.7 with HTTP; Fri, 7 Oct 2016 14:37:24 -0700 (PDT)
In-Reply-To: <CABcZeBNy2RJadGNQmpnhg3ajf4H1Zmmjya72K6fwC3CHur79uA@mail.gmail.com>
References: <CABcZeBOBmeEW+Ty5W68giBg5MZC11QR9oxMP00CD5zStb2=0fg@mail.gmail.com> <CACdeXiJUxwd-on3EULsf90aqRqrb3v+=jUGgVReBy6efMjyvdQ@mail.gmail.com> <CABcZeBNy2RJadGNQmpnhg3ajf4H1Zmmjya72K6fwC3CHur79uA@mail.gmail.com>
From: Nick Harper <nharper@google.com>
Date: Fri, 7 Oct 2016 14:37:24 -0700
Message-ID: <CACdeXi+nVHEGADVDhOyNAQuYwxRWWnBMErFXSDXBfuPEPHr9qQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary=001a11421a268627ab053e4d38d9
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KqBCWWFJBaBW0t3kVS3TSamv08k>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Earlier exporters
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 21:37:48 -0000

That's my assumption as well.

On Fri, Oct 7, 2016 at 2:07 PM, Eric Rescorla <ekr@rtfm.com>; wrote:

> I was assuming that there were two exporters:
>
> Export() --> the same API as in 1.2 and computed as described here
> Export0RTT -> A new API that computes the early_exporter.
>
>
> -Ekr
>
> On Fri, Oct 7, 2016 at 1:59 PM, Nick Harper <nharper@google.com>; wrote:
>
>> Does the wording of this PR mean that the value from the exporter changes
>> depending on whether it's run before or after exporter_secret can be
>> computed? I think it would be better to keep an RFC 5705-style exporter
>> that remains constant for the connection. The 0-RTT exporter from an API
>> perspective can be a separate thing that a caller has to explicitly choose
>> to use.
>>
>> On Fri, Oct 7, 2016 at 8:10 AM, Eric Rescorla <ekr@rtfm.com>; wrote:
>>
>>> Please see the following PR:
>>>   https://github.com/tlswg/tls13-spec/pull/673
>>>
>>> This includes various changes to make exporters/resumption work better.
>>>
>>> Basically:
>>> 1. Add a 0-RTT exporter and change the transcript for the regular
>>> exporter so it
>>>     only includes the transcript up to ServerFinished. This gives it
>>> parity with the
>>>     rest of the traffic keys. If we need an exporter with the full
>>> transcript we can
>>>     always add it later
>>>
>>> 2. Point out that you can predict ClientFinished for NST when not doing
>>>     Client auth. This lets you issue tickets on the server's first
>>> flight, while still
>>>     ensuring that if you do client auth you still bind resumption to the
>>> client's
>>>     full transcript.
>>>
>>> These are pretty straightforward changes, so absent objections I'll merge
>>> them early next week.
>>>
>>> -Ekr
>>>
>>>
>>> _______________________________________________
>>> TLS mailing list
>>> TLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/tls
>>>
>>>
>>
>