Re: [TLS] HelloRetryRequest question (was Re: TLS 1.3 Problem?)
Michael D'Errico <mike-list@pobox.com> Wed, 30 September 2020 21:24 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42A653A0BB0 for <tls@ietfa.amsl.com>; Wed, 30 Sep 2020 14:24:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Level:
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.213, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=mike-list@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WQ0iMvELVhjj for <tls@ietfa.amsl.com>; Wed, 30 Sep 2020 14:24:26 -0700 (PDT)
Received: from pb-smtp20.pobox.com (pb-smtp20.pobox.com [173.228.157.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC7903A0B8F for <tls@ietf.org>; Wed, 30 Sep 2020 14:24:26 -0700 (PDT)
Received: from pb-smtp20.pobox.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id E71A01024BA for <tls@ietf.org>; Wed, 30 Sep 2020 17:24:25 -0400 (EDT) (envelope-from mike-list@pobox.com)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=rdaF3HAOgG8W 71Rd+vnFfCyEkZM=; b=gGjjkb00Vtr2EX/MN713L3WMnL+gt4L6WfbuoRoEH2+/ qNLRU4V7OD5QO1TCy8QqdEbEIdWKNwuRRRkpQgLZ3bpVXa2vz9Fda+xRhOQnDbHW szbmvxOk1xds8z+g1cQcchXygf51QwaX5T6ef+Uq6lJ9GYSMWAfjlTu4ie9C/I4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=ewDEh8 5mLDaRF05/e49jngmGch7CZsK1+PPYbrRw7poq0SQEgIk4ty8SEEPPbR7iVCSRqW 2wWS7K4JhBhgFzC3ZHRE1oF8kFUHruYhRvwl1fjy5azdrJ4M96B+3EE1vT34AKnl be1tWFuZj5Koyc4GRi6Jwrd5g7WqSGNhKhnm0=
Received: from pb-smtp20.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id E0D5C1024B9 for <tls@ietf.org>; Wed, 30 Sep 2020 17:24:25 -0400 (EDT) (envelope-from mike-list@pobox.com)
Received: from MacBookPro.local (unknown [72.227.128.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp20.pobox.com (Postfix) with ESMTPSA id 21A511024B8 for <tls@ietf.org>; Wed, 30 Sep 2020 17:24:23 -0400 (EDT) (envelope-from mike-list@pobox.com)
To: tls@ietf.org
References: <0c31f2d6-5f8e-2fd6-9a1a-08b7902dd135@pobox.com> <AM0PR08MB37164F2D0E0CE5FB6D62D461FA350@AM0PR08MB3716.eurprd08.prod.outlook.com> <1c7e2f31-8a9e-4bd8-9e80-ab18ebeb609f@www.fastmail.com> <CACsn0cmbDz3ML8o5moAacqfXqYQo-Hqi53XQL6UoGYcZBwy-Mg@mail.gmail.com> <5af9219e-8a61-bd3f-caf9-39c169ae4539@pobox.com>
From: Michael D'Errico <mike-list@pobox.com>
Message-ID: <85beb428-f72e-090f-5f5f-7067b162e19c@pobox.com>
Date: Wed, 30 Sep 2020 17:24:21 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <5af9219e-8a61-bd3f-caf9-39c169ae4539@pobox.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
X-Pobox-Relay-ID: 4F533408-0363-11EB-BC37-F0EA2EB3C613-38729857!pb-smtp20.pobox.com
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/L8PYXE1MCyPVXFgFvsgDSGea7-A>
Subject: Re: [TLS] HelloRetryRequest question (was Re: TLS 1.3 Problem?)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 21:24:28 -0000
I wrote: > Also the server can't be actually stateless since > it needs to know the HelloRetryRequest message > for the transcript hash, right? How can you even implement stateless HRR with a pseudo-session-ticket in the "cookie"? The server needs to know the full HRR message to calculate the transcript hash, but this can't be part of the ticket since the ticket is included within the HRR, thus changing it.... Mike
- [TLS] TLS 1.3 Problem? Michael D'Errico
- Re: [TLS] TLS 1.3 Problem? Ben Smyth
- Re: [TLS] TLS 1.3 Problem? Michael D'Errico
- Re: [TLS] TLS 1.3 Problem? Richard Barnes
- Re: [TLS] TLS 1.3 Problem? Michael D'Errico
- Re: [TLS] HelloRetryRequest question (was Re: TLS… Michael D'Errico
- Re: [TLS] TLS 1.3 Problem? Hannes Tschofenig
- Re: [TLS] TLS 1.3 Problem? Michael D'Errico
- Re: [TLS] TLS 1.3 Problem? Watson Ladd
- Re: [TLS] TLS 1.3 Problem? Rob Sayre
- Re: [TLS] TLS 1.3 Problem? Martin Thomson
- Re: [TLS] TLS 1.3 Problem? Michael D'Errico
- Re: [TLS] TLS 1.3 Problem? Ben Smyth
- Re: [TLS] TLS 1.3 Problem? mrex
- Re: [TLS] TLS 1.3 Problem? Martin Thomson
- Re: [TLS] TLS 1.3 Problem? Michael D'Errico
- [TLS] Is stateless HelloRetryRequest worthwhile? … Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Martin Thomson
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Nico Williams
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Hannes.Tschofenig
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Salz, Rich
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Benjamin Kaduk
- [TLS] HelloRetryRequest question (was Re: TLS 1.3… Michael D'Errico
- Re: [TLS] HelloRetryRequest question (was Re: TLS… Michael D'Errico
- Re: [TLS] HelloRetryRequest question (was Re: TLS… Benjamin Kaduk
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Rob Sayre
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Salz, Rich
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Nick Harper
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- [TLS] Client attacks on stateless HRR? (was Re: I… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Nick Lamb
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Michael D'Errico
- Re: [TLS] Is stateless HelloRetryRequest worthwhi… Luke Curley