Re: [TLS] HelloRetryRequest question (was Re: TLS 1.3 Problem?)

Michael D'Errico <mike-list@pobox.com> Wed, 30 September 2020 21:24 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42A653A0BB0 for <tls@ietfa.amsl.com>; Wed, 30 Sep 2020 14:24:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Level:
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.213, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=mike-list@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WQ0iMvELVhjj for <tls@ietfa.amsl.com>; Wed, 30 Sep 2020 14:24:26 -0700 (PDT)
Received: from pb-smtp20.pobox.com (pb-smtp20.pobox.com [173.228.157.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC7903A0B8F for <tls@ietf.org>; Wed, 30 Sep 2020 14:24:26 -0700 (PDT)
Received: from pb-smtp20.pobox.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id E71A01024BA for <tls@ietf.org>; Wed, 30 Sep 2020 17:24:25 -0400 (EDT) (envelope-from mike-list@pobox.com)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=rdaF3HAOgG8W 71Rd+vnFfCyEkZM=; b=gGjjkb00Vtr2EX/MN713L3WMnL+gt4L6WfbuoRoEH2+/ qNLRU4V7OD5QO1TCy8QqdEbEIdWKNwuRRRkpQgLZ3bpVXa2vz9Fda+xRhOQnDbHW szbmvxOk1xds8z+g1cQcchXygf51QwaX5T6ef+Uq6lJ9GYSMWAfjlTu4ie9C/I4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=ewDEh8 5mLDaRF05/e49jngmGch7CZsK1+PPYbrRw7poq0SQEgIk4ty8SEEPPbR7iVCSRqW 2wWS7K4JhBhgFzC3ZHRE1oF8kFUHruYhRvwl1fjy5azdrJ4M96B+3EE1vT34AKnl be1tWFuZj5Koyc4GRi6Jwrd5g7WqSGNhKhnm0=
Received: from pb-smtp20.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id E0D5C1024B9 for <tls@ietf.org>; Wed, 30 Sep 2020 17:24:25 -0400 (EDT) (envelope-from mike-list@pobox.com)
Received: from MacBookPro.local (unknown [72.227.128.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp20.pobox.com (Postfix) with ESMTPSA id 21A511024B8 for <tls@ietf.org>; Wed, 30 Sep 2020 17:24:23 -0400 (EDT) (envelope-from mike-list@pobox.com)
To: tls@ietf.org
References: <0c31f2d6-5f8e-2fd6-9a1a-08b7902dd135@pobox.com> <AM0PR08MB37164F2D0E0CE5FB6D62D461FA350@AM0PR08MB3716.eurprd08.prod.outlook.com> <1c7e2f31-8a9e-4bd8-9e80-ab18ebeb609f@www.fastmail.com> <CACsn0cmbDz3ML8o5moAacqfXqYQo-Hqi53XQL6UoGYcZBwy-Mg@mail.gmail.com> <5af9219e-8a61-bd3f-caf9-39c169ae4539@pobox.com>
From: Michael D'Errico <mike-list@pobox.com>
Message-ID: <85beb428-f72e-090f-5f5f-7067b162e19c@pobox.com>
Date: Wed, 30 Sep 2020 17:24:21 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <5af9219e-8a61-bd3f-caf9-39c169ae4539@pobox.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
X-Pobox-Relay-ID: 4F533408-0363-11EB-BC37-F0EA2EB3C613-38729857!pb-smtp20.pobox.com
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/L8PYXE1MCyPVXFgFvsgDSGea7-A>
Subject: Re: [TLS] HelloRetryRequest question (was Re: TLS 1.3 Problem?)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 21:24:28 -0000

I wrote:

 > Also the server can't be actually stateless since
 > it needs to know the HelloRetryRequest message
 > for the transcript hash, right?

How can you even implement stateless HRR with a
pseudo-session-ticket in the "cookie"?  The server
needs to know the full HRR message to calculate the
transcript hash, but this can't be part of the ticket
since the ticket is included within the HRR, thus
changing it....

Mike