Re: [TLS] Requesting working group adoption of draft-stebila-tls-hybrid-design

Douglas Stebila <douglas@stebila.ca> Thu, 13 February 2020 11:48 UTC

Return-Path: <douglas@stebila.ca>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6CC71200F1 for <tls@ietfa.amsl.com>; Thu, 13 Feb 2020 03:48:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mZ8oKxc-YVmx for <tls@ietfa.amsl.com>; Thu, 13 Feb 2020 03:48:27 -0800 (PST)
Received: from mailout.easymail.ca (mailout.easymail.ca [64.68.200.34]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C16A120013 for <TLS@ietf.org>; Thu, 13 Feb 2020 03:48:27 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id D1A52C0755; Thu, 13 Feb 2020 11:48:26 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at emo04-pco.easydns.vpn
Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo04-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bcEI6h9iQJqb; Thu, 13 Feb 2020 11:48:26 +0000 (UTC)
Received: from laptop-picard.coleridge (CPE881fa12cf37b-CMa84e3fc93e50.cpe.net.cable.rogers.com [99.250.203.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 860A9C06E2; Thu, 13 Feb 2020 11:48:23 +0000 (UTC)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
From: Douglas Stebila <douglas@stebila.ca>
In-Reply-To: <CAChr6SyMxDvN5fnCNMpd3vmufQQkNvdrJJwxzNU3TdnbuwZMJA@mail.gmail.com>
Date: Thu, 13 Feb 2020 06:48:21 -0500
Cc: Shay Gueron <shay.gueron@gmail.com>, "<tls@ietf.org>" <TLS@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <64255C99-9C23-4F8E-A2F0-DA7B43572E2C@stebila.ca>
References: <CAFBh+SRAJAbviyrcQM2PjztumAH565i4-ui28OQ-pCJE9nePJg@mail.gmail.com> <CAChr6SyMxDvN5fnCNMpd3vmufQQkNvdrJJwxzNU3TdnbuwZMJA@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>
X-Mailer: Apple Mail (2.3608.60.0.2.5)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ONttIjqZ7eiS5rkuWwhhuQLkDJM>
Subject: Re: [TLS] Requesting working group adoption of draft-stebila-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2020 11:48:29 -0000

On Feb 12, 2020, at 11:24 PM, Rob Sayre <sayrer@gmail.com>; wrote:
> 
> Would it be ok to add a rationale to the "Goals" section around backward compatibility? I'm not sure how the compatibility points will interact with downgrade attacks.

For now I don't think we're envisioning anything different on downgrade compared to current DH group negotiation.  For example, a client that prefers curve25519 but also is willing to use nistp256 should be able to talk to a server that only supports nistp256.  If the server also supports curve25519, an adversary who removes curve25519 from a hello message to try to trick them into 'downgrading' to nistp256 would eventually be caught by the handshake transcript authentication.  The same holds in this setting.

Douglas