IETF Logo Mail Archive

[TLS] Fwd: New Version Notification for draft-tiloca-tls-dos-handshake-00.txt

Marco Tiloca <marco.tiloca@ri.se> Sat, 08 July 2017 11:11 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E153129B50 for <tls@ietfa.amsl.com>; Sat, 8 Jul 2017 04:11:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.72
X-Spam-Level:
X-Spam-Status: No, score=-0.72 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Huv8qWzRYVzy for <tls@ietfa.amsl.com>; Sat, 8 Jul 2017 04:11:13 -0700 (PDT)
Received: from se-out1.mx-wecloud.net (se-out1.mx-wecloud.net [89.221.255.93]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA56C1270AC for <tls@ietf.org>; Sat, 8 Jul 2017 04:11:12 -0700 (PDT)
Received: from sp-mail-2.sp.se (unknown [194.218.146.197]) by se-out1.mx-wecloud.net (Postfix) with ESMTPS id 68CF9203A59 for <tls@ietf.org>; Sat, 8 Jul 2017 11:11:09 +0000 (UTC)
Received: from [192.168.0.65] (10.116.0.226) by sp-mail-2.sp.se (10.100.0.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Sat, 8 Jul 2017 13:11:10 +0200
References: <149866084527.7677.16172483068993302160.idtracker@ietfa.amsl.com>
To: tls@ietf.org
From: Marco Tiloca <marco.tiloca@ri.se>
X-Forwarded-Message-Id: <149866084527.7677.16172483068993302160.idtracker@ietfa.amsl.com>
Message-ID: <ff1ba8ba-af2c-e079-6c07-4d97f4d80737@ri.se>
Date: Sat, 08 Jul 2017 13:10:56 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <149866084527.7677.16172483068993302160.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="igwMnNMNbNqpcFw0hIGgi55Wcuq6j2s8h"
X-Originating-IP: [10.116.0.226]
X-ClientProxiedBy: sp-mail-1.sp.se (10.100.0.161) To sp-mail-2.sp.se (10.100.0.162)
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.2 cv=aq3CMWRV c=1 sm=1 tr=0 a=L5DDne6A+dD0FbDkt2Fblw==:117 a=L5DDne6A+dD0FbDkt2Fblw==:17 a=sZ8rJzgPlrQA:10 a=G3gG6ho9WtcA:10 a=r77TgQKjGQsHNAKrUKIA:9 a=48vgC7mUAAAA:8 a=uTM5gQLEAAAA:8 a=hirsTDsGu0qzsSCDrqwA:9 a=6zdyQuB4AaFM9xdL:21 a=ZR3JJYYAym9mUYpd:21 a=QEXdDO2ut3YA:10 a=_lrG7hgxGQ5wgcGW:21 a=X0zvtOVx-MSbVPgO:21 a=PuQgeVrl5JICoyxd:21 a=_W_S_7VecoQA:10 a=RTfph-VxEUFQ3jqlRvoA:9 a=ONNS8QRKHyMA:10 a=w1C3t2QeGrPiZgrLijVG:22 a=X0a8wEfk66sNBbu13Lvv:22
X-Virus-Scanned: clamav-milter 0.99.2 at MailSecurity
X-Virus-Status: Clean
X-MailSecurity-Status: 0
X-Scanned-By: WeCloud MailSecurity
X-MailSecurity-Score: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/MCXXtu8DmYDfKrk0TTxw4F65qgQ>
Subject: [TLS] Fwd: New Version Notification for draft-tiloca-tls-dos-handshake-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jul 2017 11:11:15 -0000

Dear all,

FYI, we have recently submitted a new draft proposing an extension for
(D)TLS 1.2/1.3.

The solution described in the draft addresses Denial of Service attacks
against the handshake protocol, allowing servers to promptly abort
invalid session set ups.

Feedback and comments are of course very welcome. Thanks a lot!

Best regards,
/Marco

-------- Forwarded Message --------
Subject: 	New Version Notification for
draft-tiloca-tls-dos-handshake-00.txt
Date: 	Wed, 28 Jun 2017 07:40:45 -0700
From: 	internet-drafts@ietf.org
To: 	Marco Tiloca <marco.tiloca@ri.se>, Ludwig Seitz
<ludwig.seitz@ri.se>, Maarten Hoeve <maarten.hoeve@encs.eu>



A new version of I-D, draft-tiloca-tls-dos-handshake-00.txt
has been successfully submitted by Marco Tiloca and posted to the
IETF repository.

Name:		draft-tiloca-tls-dos-handshake
Revision:	00
Title:		Extension for protecting (D)TLS handshakes against Denial of Service
Document date:	2017-06-28
Group:		Individual Submission
Pages:		12
URL:            https://www.ietf.org/internet-drafts/draft-tiloca-tls-dos-handshake-00.txt
Status:         https://datatracker.ietf.org/doc/draft-tiloca-tls-dos-handshake/
Htmlized:       https://tools.ietf.org/html/draft-tiloca-tls-dos-handshake-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-tiloca-tls-dos-handshake-00


Abstract:
   This document describes an extension for TLS and DTLS to protect the
   server from Denial of Service attacks against the handshake protocol.
   The extension includes a Message Authentication Code (MAC) over the
   ClientHello message, computed by the Client through key material
   obtained from a Trust Anchor entity.  The server registered at the
   Trust Anchor derives the same key material and checks the MAC to
   determine whether continuing or aborting the handshake.

                                                                                  


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

v2.23.0 | Report a Bug | By Email