IETF Logo Mail Archive

Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections

Watson Ladd <watsonbladd@gmail.com> Fri, 05 March 2021 19:38 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 669E83A0A0B for <tls@ietfa.amsl.com>; Fri, 5 Mar 2021 11:38:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D4SrNUJUGlgy for <tls@ietfa.amsl.com>; Fri, 5 Mar 2021 11:37:59 -0800 (PST)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22E1A3A09F6 for <tls@ietf.org>; Fri, 5 Mar 2021 11:37:59 -0800 (PST)
Received: by mail-ed1-x52e.google.com with SMTP id v13so4189997edw.9 for <tls@ietf.org>; Fri, 05 Mar 2021 11:37:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=QyCALVfuLGV3Zp76tR0euM/eefN+S6QcQj7+MnRug44=; b=LbR33z9a2j+gktpdE7aW/DDYWw6sd+6S5/4L+fmPAhCYmf8qVnPKDm4GG3sP1icgwc vvr3ItUlf6oWwqSBT38h6az/kd8OhIkCCsB9emiRhzb/6HBsEnFEpu2iJV434DbRGXH1 lgVdvCkw0OMZAqhCSyZ8+QUPuSbJ5QP2EyH/bAwv+cE1NGqKEmShqWtyxCxmREef4Acq Z6mlKD/SMhVVPyHc80Ftyx3F/WMNOBJ1Z6CzkwouvReoa31EiGUMH2GvNF2HJ24RCHUi S3ER+LLwOpPTVzpUVfSrA2cJCC0f8EqgpW13dTWhwJpfBUkLkwva/tShNmuSaim4dWYu xtww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=QyCALVfuLGV3Zp76tR0euM/eefN+S6QcQj7+MnRug44=; b=tnU3ITs4iDuwkT5J8xBwHwRq5l3dt6fL2GfmIF607Eh3pb/viXEtXS2JxT1JWLcPds FkE7J6O6TAnkBavzyXyx2OaSkGIN/cqEBIEoOmHARU7Y5D8fMqsd8dELX9gPxR+2Oq7k mTDqr9o7Etpo3+hBsqN/ZsmKFfXZkvqEZyLADb5jdKkmFJPbmmPqnQaowiuSq1uK4y4H ps1GYcMtCDJhAxRLgeJpIr4zmu+ZNFepGg5tx6I+oSx/bSPfiI4mZPWU37jq0hs3l27U Om3rlEc17EgE8BdISx2y4A/5Ityz3p/HMlAFNaxUATid7AF5T2QVLCkQClEIdcH63Ojr uu5g==
X-Gm-Message-State: AOAM530LZPO9WLnQ+N2S/O+TOf3mvbkz56valRwYnarD/Mh/SZY/eavr zE0hLXhxmyFlRgH9oM20CkK/nHZkxFZ4z4Bd9l4=
X-Google-Smtp-Source: ABdhPJzY5U0XAswk2NlnPRHzDyQWYoCdlfOJV/HDwGLAcSo2wjsjy+KI3eo6DSdkRYsoHsweOHIMPMq40zNEDlo0raM=
X-Received: by 2002:a50:d7c7:: with SMTP id m7mr10465174edj.260.1614973077643; Fri, 05 Mar 2021 11:37:57 -0800 (PST)
MIME-Version: 1.0
References: <DE27E5E0-4AB9-4B53-92F6-1057015A8F6C@ericsson.com> <20210305173516.GV30153@localhost> <701E874C-EA40-47FD-A4E4-C4C595E96337@ericsson.com>
In-Reply-To: <701E874C-EA40-47FD-A4E4-C4C595E96337@ericsson.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 05 Mar 2021 11:37:46 -0800
Message-ID: <CACsn0cmmKdR0-82DjrYZD5_CaF2bqwHnj07dM+Bnd-2aupU5QQ@mail.gmail.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Cc: Nico Williams <nico@cryptonector.com>, TLS List <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OXC-hAb1gRXiCK8RZrJvr0jZQlc>
Subject: Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2021 19:38:00 -0000

On Fri, Mar 5, 2021, 10:43 AM John Mattsson
<john.mattsson=40ericsson.com@dmarc.ietf.org> wrote:
>
> >While renegotiation will never be re-added, there is post-handshake
> >authentication (RFC 8446, section 4.6.2), and while that is currently
> >about authenticating the _client_ to the server, it should be trivial to
> >extend the protocol to support re-authenticating the server to the
> >client as well.
>
> I think the current Post-Handshake authentication is not really suitable for long-term connections. It assures that the other party is still alive but it does not shut out any other third parties with access to application_traffic_secret_N. Such parties may have gotten the key with or without collaboration with one of the nodes.

The application traffic secret N+1 and the security of the
authentication is unaffected by compromise of key N AFAIK. I'm not
sure what property you want here that is stronger.
Sincerely,
Watson Ladd

v2.23.0 | Report a Bug | By Email