IETF Logo Mail Archive

[TLS] Re: Disallowing reuse of ephemeral keys

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 13 December 2024 12:20 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55C67C151535 for <tls@ietfa.amsl.com>; Fri, 13 Dec 2024 04:20:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.007
X-Spam-Level:
X-Spam-Status: No, score=-2.007 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ywD8_qACqIZU for <tls@ietfa.amsl.com>; Fri, 13 Dec 2024 04:20:03 -0800 (PST)
Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2130.outbound.protection.outlook.com [40.107.241.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BF0DC151556 for <tls@ietf.org>; Fri, 13 Dec 2024 04:20:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dkGzvdQsw6OHgTjjZu1TQX/2FfIziSi05x1IiNMFVMPT7M/BLM8e9UirlqcQnyMPBBQAZ+Ot5yF+vyawo6UQjbljvsx07SF48hx8uTMYb4fmQTsSwghXtE0IuGPY1VjjLnHakWm/2OWolqExt9vUl49blg/Maazhy4tsKsFxReXQaIVtAKxl5OmruEe2LvfunKnEyiy0GPBfGyOFL+lACSJeuzAdLm52SlTEb5+yhcMR0OmQFlrMkD9FA1jLfwIGvkGyB8yzmgmOnfBF7I2p0H3njIMGAmpup45oOLnNVTMc2HGmrSrA/5hGY0ZCb0cA9qukTBbEwMeMg/5kkHHz2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0mqICPnsx2FaixVSObFP1eplT0ddueT/jQtWNABtmvg=; b=LPIfp6Pqc+KtOiBn9rWRb/FKBotTotoYk5uboM8dB0vxZ1IporZ27g/yhxHe3bahvq4Tp14Dp12I8IHLQ802Gg+0PcwDielZnq8oXCZeVrlWyzdYucJKoTO0S5b9VEIGiMEHv3V0bMOzkYgermOUXcU6Yi5a2qBe735VQkRN5ooqjhUCzdADmHmHBJ/lGtxwZYvAmS6IfkF/a1XxlxSP0ZuDZvAcmATlprGTUuNW1J3D9DOxH9XVBQLfWZ3m7Bxsif+8q7BZzul6s+Dk3nv/jx+Fl7hcYCgxixxU+3i/xwjacHBOKqpDu2P8LZwm5owfKoCQGief6/5VdBlZ0Bm6uQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0mqICPnsx2FaixVSObFP1eplT0ddueT/jQtWNABtmvg=; b=BAY+4ydAk3TIkU4Ljngnny3Un4Sy9UUz901TZ0x/VIJUSh7P8MGy9Fsz1WPDZLyPfc8pAx6jkZJAjx9ggLo5s1oyM5CveSZnL40PUJAR2bk0+4F4Wme6OKOCm4oWZlaayfISRpgVU3uRw1JHsUVs7+tP0Um3HhcnanxjIgQxz07jmT+/QU+eahQqDj18DwbPKUBoeT4Ha8uq4q+NjZD0fMRniG5syMBsbbpHtIBdGtXUyZsWN9RLYzTYRq8jCPbINCXJFvOEAQgTqyYsH8SbPHqe4/9eBBtRBvMJ8hc+d1ysN1I73chhh2U5QyBXC633io9mU9MPd+DBnFFTJLAvug==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB8PR02MB5946.eurprd02.prod.outlook.com (2603:10a6:10:11c::16) by DU0PR02MB10043.eurprd02.prod.outlook.com (2603:10a6:10:422::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8251.15; Fri, 13 Dec 2024 12:19:59 +0000
Received: from DB8PR02MB5946.eurprd02.prod.outlook.com ([fe80::e0d3:772e:a68d:d54a]) by DB8PR02MB5946.eurprd02.prod.outlook.com ([fe80::e0d3:772e:a68d:d54a%3]) with mapi id 15.20.8251.015; Fri, 13 Dec 2024 12:19:59 +0000
Message-ID: <847e08ed-8d34-4ebb-b3d6-bcbe54976cb4@cs.tcd.ie>
Date: Fri, 13 Dec 2024 12:19:56 +0000
User-Agent: Mozilla Thunderbird
To: tls@ietf.org
References: <CAOgPGoCHnXZzzoAFT8GGmByr=7y1j5wM3ptPc4_JBF3FhtVNmQ@mail.gmail.com> <bf28dd19-0534-4403-8e20-50bcbbc0fcdd@app.fastmail.com> <CAL02cgQ9610CzMfcJEPcfpDRemyvAh3-AEH=GZbmV4QdWtQCXA@mail.gmail.com>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CAL02cgQ9610CzMfcJEPcfpDRemyvAh3-AEH=GZbmV4QdWtQCXA@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------Kphag1MPm1gFNNDTVQNzMuaV"
X-ClientProxiedBy: DUZP191CA0069.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:4fa::22) To DB8PR02MB5946.eurprd02.prod.outlook.com (2603:10a6:10:11c::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB8PR02MB5946:EE_|DU0PR02MB10043:EE_
X-MS-Office365-Filtering-Correlation-Id: 0f5ac36e-b29c-4d5c-2826-08dd1b70767e
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024;
X-Microsoft-Antispam-Message-Info: 7XgpurPf8ZW/ZY9HJ1U5GBKvByXhwz/ZhNOLGPts0wItcWbreR5vNrvk7uJJkfWMC1bqdsz+SfhW8S2mTIhvREVj9z370PzraJ6/RXCm5XoI2nW6pMRnXaBCemHRVZSmrKs3UzhAWGcvOP+LKqkwvPdVgHfJlkKbPhkZTpOuMVcPzPvegk/cmdWLq87MHqHRJQmQP+zcW0JNfYl69KbxinBfGJdAnvb0/YGy1I0cZaQEHDxgYdzPRhMJIsSxynaV47XjBWQ3TDgFAzZdWZe1UBzT8rHsPXnDadwYPNwcNb6CQa6Veh0CeFgyiGIYwnkiDfYvwQ1LAl1Qg9wjnTOe/6etfjIw6NAF97f5GcQjzPetHI9jpsmjh5Hq5f+w/wwIi4w0leVZylvApJ6vu/vS4Hksb6Ok5bMrvb7822zyd95E7dIaaaqsAUdKNYOAxnHDY3/0xthN8V+jeKUx3lbTrieYWqZuuJKfkFqSZIZlYHVfybCGqtNH/nZm2zR/QKaajYvZX1PfROMsqolmmZLB9B7D7Xsez04ow0HUT+2h1MpirnQcB0eU3tkNZPeqxWLuge9hbgfFuPApwsic6eouUQsIRc5RGwjX4cDYX5Pc4+yJEaeCes8DJFOUGrvd6M8VZfSleakj8dX7QQWyTN1oB02qRhbKxkaokjKftXrevATUFBJQxj5mdvtfQ0LMRQGoG/+Op4fT5zFPk+Q7mnECyyxoAHUh9yLIdz+4gcObLr/pdbC8beYZ8i/BE14bg2pi4AhWnMnqCc8DTCUz1vwKXihuSfxYjwjqextHaJNy5RE2nxSGLfilbZ4hIZkk2Eey96dC/5fxP9M2hdvhLQbru2nTO7swK1ZHpHXzInZ/lhwLFMNHJTGoCsyuUbzUPP7E7PByv3eVNELXOuUDkoeqXXYLG/KdtIcD3BRGLns2HynTYQetf4Aw8JumdDDBU6IQFRqFxqlw+ZUDnz3tbCbpC4Q2e57MI14NOe7EAPQLQH9OtEkSZpxZ+Ma0yFV8S5l5U3hK37hQVn7snmnUM50nvdF0Kc/FNkw/VjWquGYMiwsmdrKcI6lkIGXGsYhkRpPb3EeuOY9z7ggasfsPG3wvc/OA/SqBf2gJT5CdVVco1Qq+ekTFxi9bHt8H6HFkcMAGlT4TlWGrASiN6ux+xfhpTmpzmVhPSKCKgJPbueK1w8w5mk1RE+0fjNiqSXU69KAxF8FgMfrUUOvPWSXLW5+8SHZiafIxLG9UMupfVEcai3Tz8wuVPMnGmiEG6SyoaOEY/hRgfiDQP1aQDLcl0z14laggm+fdgR8Pyq+9io6JPu4hsIbgx5AO07CUB41YIQItP1JzqP4FajxLMXpEZRZL5A==
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB8PR02MB5946.eurprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: +O8xXFK2Lnr1WLIRKbXYYVORRu5OaSfbW+fI7VUOgfyTXewoawGsEsaByjqSzo5qfeW20lDCeVtqYhxZVK5IaLSkdJMW6JDQlH8J6R4td6nV6izjqV8/avxpt7bXf4uPpqG7HnAJErh8k8Z/eSa9pQIKPx4HH/OKeKg5h6K7CFiVFYtBvlSvfvYCXk+5NzYin7km6SsjfgWhWqxD6H8X62wAm0bbLBLdp++expeqdmJXpz8uAsGSRXcZW2waCBVYd1Bq0b+XITJbygCO5og5XaUYs0JOsi7gKE9nDa4aCVbBXfdGFnXtH/BAh6SZHxhklIPwJHAPoNzHQnrikN6EwPPnv7jI9exmBAScLyNWPclQ27o+0C7vtdfBxMPqGH+tAiUn4s9j+Ye0q1jUUdd/T9kvR7B2sbc6ItjHTbY55uT3tnGc+OTUKsXYAJOPCs9t7FU2mTSktkhsN7k64Ju8KMeSJDrjNHamdC9DHxhFjxWiYuBsBjZ25rknNzaI7/NV4t6FFpUmK2ndDI1QLoxBobXZT/4SVN13HVbYbJBCrDXNdcIPOyOavRevoutBeHFdWOBYMUstCyAUxpaOArsn5xHDAdXSb1QVhxViz8maRZagqVC2+Z4HLjCFHrXfj+lWi3KTAk1WG8G1XFqPksJeb2gzPabd94PBCn3pTaUPwqRXub2UUCDalDRhvTu+emES84E4Bih3IZtU7W6xa7HYKJh2HG2LPiP6t51UCKLcwdwDdRJ1rKmedcE48i6unCPu/TV+2HQ/vS5a3JfdQD9s2vWoaBsTi+CHXA1BCek5eX6hTgoStgr1GbnpGn2yB/jVgkg29u/l+HlwstrAWUXW8ir8/IxNslzBsoarJ6qDVRd2FfyJScatWgcnDGyOKHXy52H4riiYZ9YHabTl1vNGEg5yJ6SNcdnwbaCyUBzYeh/JPUGZLw9OWMNOtFPmHrHIHtpAkGw6QmoHmct4HvvE6N3D2KnE1cMa0/gX/FE8fVUx+vhOO6ixYzS4hZeCFKvVEqtBojmCxp/J7IFK3zQX53JoZ1VPiYUd+OSDL6HiPgRbrZQxcrDg7VwkKcDTena83eLEIDpTD9dLcOFcF389615yeQi3NagqPkg8qZiM5gYncyeAdmLWxiHrM/GpQZ+shyBVWySZaTpnIjEb/mR6fcbusYTUa+6UbPHJB2V3e9+WEutAm67i1suY6f22BkLSI8ZPt8LhVnofHZqXkdaNk+5FgEZevlN7XavEMgbzSSgMWffItVqjve5hWvsxb/7OfExtIWjIubHrBIFhT5Q/DBEGA34JfrBD74UbhUEaEIZtAKvJ5uWQJiWGTbPhB2KB2l/BljUD3zvKX+ronPlQrjDd43falunbQ5eUfqwotLuILlgyaqqlSnUvGNAUITjgaw+S4olYj+bLJfxInLLuRRZ8Tg1WOC6TadZwIJ8Msi6P1BAR61CwN2wPa3LlzqyVkGm6iFman1Z6YuNkxs9r45lqJAMDh4yq3kw97x3GrWKBbhXtDnblAhVWspa5oK2j23VE8czF4nrC1nFP6Ki/wUNZOzl48B4HCNeJsMkKImxPohEK4IIyXF28mDebO17i
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f5ac36e-b29c-4d5c-2826-08dd1b70767e
X-MS-Exchange-CrossTenant-AuthSource: DB8PR02MB5946.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Dec 2024 12:19:59.5774 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: eBVHF6rQQboCdYMLIfem5GdsErMu/Ck8Xe2RLWv6ztABr8a9/tHZ0C/6lGSJ1vJu
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR02MB10043
Message-ID-Hash: 7ESXGF6JJF5AL6VU45SCT3EWVUCCWASV
X-Message-ID-Hash: 7ESXGF6JJF5AL6VU45SCT3EWVUCCWASV
X-MailFrom: stephen.farrell@cs.tcd.ie
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Disallowing reuse of ephemeral keys
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LJQpKe9GZQQjbRFNMRmRFZmxK-0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hiya,

On 12/12/2024 17:59, Richard Barnes wrote:
> My preference order would be 3 > 1 >> 2.

I agree with the above for reasons already stated on the list.

Cheers,
S.

v2.29.0 | Report a Bug | By Email | System Status