Re: [TLS] DTLS 1.3
Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 05 July 2016 08:59 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17B5912D0BA for <tls@ietfa.amsl.com>; Tue, 5 Jul 2016 01:59:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.521
X-Spam-Level:
X-Spam-Status: No, score=-2.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 95oO7H1cIbxA for <tls@ietfa.amsl.com>; Tue, 5 Jul 2016 01:59:12 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7BEF12D0AB for <tls@ietf.org>; Tue, 5 Jul 2016 01:59:11 -0700 (PDT)
Received: from [192.168.10.132] ([80.92.121.176]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0MBnSJ-1bBnDw3rE7-00Am8b; Tue, 05 Jul 2016 10:59:08 +0200
To: Eric Rescorla <ekr@rtfm.com>, Ilari Liusvaara <ilariliusvaara@welho.com>
References: <577A38A2.2090209@gmx.net> <20160704140312.GC4287@LK-Perkele-V2.elisa-laajakaista.fi> <577ABCE2.9050409@gmx.net> <20160704204603.GA4837@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBMYQ=SWfEwFVjpmO3Pzh78VTrdqXKF26TDnSA-nR-k=rQ@mail.gmail.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
X-Enigmail-Draft-Status: N1110
Message-ID: <577B76DE.9080003@gmx.net>
Date: Tue, 05 Jul 2016 10:59:10 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBMYQ=SWfEwFVjpmO3Pzh78VTrdqXKF26TDnSA-nR-k=rQ@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="m1hDxRWCLWJkvKunBpto3LdG1CoL6XMwT"
X-Provags-ID: V03:K0:N4W142P1m2IJAK8oQU+lpnfEYBtsA/80c1mFz+ynyMFi0dYCBx1 jxE+YxtjwnVOn1IEm/qZBZDYZ7aapy22ozkJJbC7tRkXeZ82uSuPp4I7LCwuGi7TkWaqrPU z19LUjEfJIuvLD0k03xv0dtJwwaaJbMGImbw9t/+N/5zLYy9U/7mWPodSSqujyJgi9qGgtz hVSN9J8afqxpvkhvJ+y+g==
X-UI-Out-Filterresults: notjunk:1;V01:K0:8hJxGr1ccC0=:6FpQuvSO9KCOYVobD/JkQi 3Gp7zyHVuTGOEmZ6EFN0L3zm+SvKeAcqY5TUoiIxBgQ2FbIryb3oFeUZ0VfyDRfC21jo4CZBW JlaJ1v9emOcwBlH9LssXNvm8jrNmCQJqhumTwOCx4jtyROLFXmXbPxbQt3sah00FkZ4vMVlop EynkTOF4e5PtsnwJp2ZUiFWwIgf0wgBaGwlgKK5Xz9uUbcw2ij9W1PYTRaCO9BP2IBSTw+kYT nHqv6o0VXzCCpFlAYwtnta7wHYlSI2MOV/lL1xIKUOsTUz++mShWZ11px9d6ogTgb1lhu9BTf 0JWAVkp7aXEisGwG5qiTGgJJ1n/OTrFFXpmDpIY+4uB8fcHVdYzgjseqy1XLZ/91pyPqLlLrR zrT0eYDtrOP9MKo2RPHIgdIdShQTPBLiRl0n1AvafRtTkqkR2X5PHSAEyKEGQ4U5Mo0c+iwbE +oC5jEKug+l3w/JSn4HH+Ll3O0dvO0ZvADrB0Dxma3LQ9KDTMBUUTlxGnsvMB6uN21RQxg7s0 7rTqczXqG0YKt882b/jBtgmk38iB+LQ6y0+Xuj4Wm88s04eMaTp4rkWnn2PYhBlA6j01xM5CB zG5jqUdhm/Ov8ZgbkX1xQKqwzNGdLDs1p64ePdZieARqAzX2/d0qvmsZpUDdYXJAQlBbAfi3y mK8oCZixErVh3DxYYG2QnJdi2tP1p7p+yPCW+18tuc3WH+KLAN/vW6AUbxHuTmRxu1fK4y0tX YwTjRrYl7rcu8JYwEbI7+ygOdmk2B2iOR5t2CuFhLUcE5vj/Vabrf8+BSQE=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/MnB9DWKe6_b6NoclqRexE3YY-Qs>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] DTLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2016 08:59:14 -0000
Hi Ekr, ~snip~ > I think the obvious way is: > > - Cookies from HelloVerifyRequest go to legacy cookie field. > - Cookies from HelloRetryRequest go to extension cookie field. > > If you don't do the first, you can't downnegotiate successfully. And > if you don't do the second, you would have to have special case with > cookie sizes (since HRR can transmit >255 byte cookie, which would be > too big for legacy cookie). > > > IMO we should just forbid HVR for DTLS 1.3. I.e., you should just send > HRR. That makes sense to me. Btw, Section 11 "IANA Considerations" says that the Cookie extension is encrypted in the HelloRetryRequest message. I wonder whether this is a mistake particularly in the combination where the server returns the cookie as part of the incorrect key share (and therefore does not yet have a key to create the EncryptedExtension). The table should also say that the cookie is also contained in the ClientHello (in clear, unless it is a 0-RTT handshake). > > > > > - The handshake retransmit scheme doesn't seem to work that > > > well with post-handshake auth, and even less well with > > > session tickets. > > Why do you think so? Of course, unreliable transports creates > > inconvenience; is it that what you are referring to? > > DTLS assumes handshake messages are reliable, and that reliability is > implemented via handshake messages ACKing one another. > > - Session tickets have no ACK at all. > > > DTLS 1.3 should add an ACK, IMO. Sounds reasonable. > > > > - CertificateRequest can have very slow ACK. > - KeyUpdate has no real ACK (and isn't idempotent either). > > > Yes, I think we should remove KeyUpdate for DTLS 1.3 and just use epoch > instead. Ok. Ciao Hannes > > -Ekr > > > > > -Ilari > > _______________________________________________ > TLS mailing list > TLS@ietf.org <mailto:TLS@ietf.org> > https://www.ietf.org/mailman/listinfo/tls > > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- Re: [TLS] DTLS 1.3 Ilari Liusvaara
- Re: [TLS] DTLS 1.3 Ilari Liusvaara
- Re: [TLS] DTLS 1.3 Fossati, Thomas (Nokia - GB)
- Re: [TLS] DTLS 1.3 Ilari Liusvaara
- Re: [TLS] DTLS 1.3 Fossati, Thomas (Nokia - GB)
- Re: [TLS] DTLS 1.3 Fossati, Thomas (Nokia - GB)
- Re: [TLS] DTLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] DTLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] DTLS 1.3 Fossati, Thomas (Nokia - GB)
- Re: [TLS] DTLS 1.3 Stephen Farrell
- Re: [TLS] DTLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] DTLS 1.3 Stephen Farrell
- Re: [TLS] DTLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] DTLS 1.3 Ilari Liusvaara
- Re: [TLS] DTLS 1.3 Hannes Tschofenig
- Re: [TLS] DTLS 1.3 Ilari Liusvaara
- Re: [TLS] DTLS 1.3 Stephen Farrell
- Re: [TLS] DTLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] DTLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] DTLS 1.3 Ilari Liusvaara
- Re: [TLS] DTLS 1.3 Hannes Tschofenig
- Re: [TLS] DTLS 1.3 Hannes Tschofenig
- Re: [TLS] DTLS 1.3 Ilari Liusvaara
- Re: [TLS] DTLS 1.3 Ilari Liusvaara
- Re: [TLS] DTLS 1.3 Hannes Tschofenig
- Re: [TLS] DTLS 1.3 Stephen Farrell
- Re: [TLS] DTLS 1.3 Eric Rescorla
- Re: [TLS] DTLS 1.3 Ilari Liusvaara
- Re: [TLS] DTLS 1.3 Ilari Liusvaara
- Re: [TLS] DTLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] DTLS 1.3 Hannes Tschofenig
- Re: [TLS] DTLS 1.3 Ilari Liusvaara
- Re: [TLS] DTLS 1.3 Eric Rescorla
- [TLS] DTLS 1.3 Hannes Tschofenig
- Re: [TLS] DTLS 1.3 Hannes Tschofenig
- Re: [TLS] DTLS 1.3 Mike Copley
- Re: [TLS] DTLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] DTLS 1.3 Fossati, Thomas (Nokia - GB)