Re: [TLS] Premaster/Master convention
"Gero, Charlie" <cgero@akamai.com> Fri, 01 August 2014 01:46 UTC
Return-Path: <cgero@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CF871A0318 for <tls@ietfa.amsl.com>; Thu, 31 Jul 2014 18:46:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AVvsP5a0XTjF for <tls@ietfa.amsl.com>; Thu, 31 Jul 2014 18:46:26 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id 4C09C1A02FC for <tls@ietf.org>; Thu, 31 Jul 2014 18:46:25 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id DE6D61657B7; Fri, 1 Aug 2014 01:46:24 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id D3C1E1657B5; Fri, 1 Aug 2014 01:46:24 +0000 (GMT)
Received: from usma1ex-cashub.kendall.corp.akamai.com (usma1ex-cashub6.kendall.corp.akamai.com [172.27.105.22]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id B01771E051; Fri, 1 Aug 2014 01:46:24 +0000 (GMT)
Received: from USMBX1.msg.corp.akamai.com ([172.27.107.26]) by USMA1EX-CASHUB6.kendall.corp.akamai.com ([172.27.105.22]) with mapi; Thu, 31 Jul 2014 21:46:23 -0400
From: "Gero, Charlie" <cgero@akamai.com>
To: Michael StJohns <msj@nthpermutation.com>
Date: Thu, 31 Jul 2014 21:46:25 -0400
Thread-Topic: [TLS] Premaster/Master convention
Thread-Index: Ac+tKmaLKOUYao3pQRaS/XVKE9b3Wg==
Message-ID: <C1079511-D7A5-45D0-A552-529FB9D306D5@akamai.com>
References: <53D907B0.3000006@nthpermutation.com> <D40A7DE25C5AA54195F82EA553F2446033900BFC0A@USMBX1.msg.corp.akamai.com> <53D91332.9070103@nthpermutation.com> <D40A7DE25C5AA54195F82EA553F2446033900BFC15@USMBX1.msg.corp.akamai.com> <53D95C7D.9060408@nthpermutation.com> <6ECEF2D7-A1AE-4AC4-90C5-62A38075B0BF@akamai.com> <BD068080-2854-4EBA-A96E-1030CB7C1CFF@akamai.com> <53DA7E2A.50905@nthpermutation.com>
In-Reply-To: <53DA7E2A.50905@nthpermutation.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_C1079511D7A545D0A552529FB9D306D5akamaicom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/OeRJF5G6C7VW9zIN91ptv1B_RMU
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Premaster/Master convention
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Aug 2014 01:46:28 -0000
Sorry for the lack of clarity. What I mean is, I think Akamai will be able to keep our current system working even with PMS to MS removed given: 1. Removal of the PMS to MS step is done in 1.3 and forward only (this seems obvious, but in the argument of explicitness...) AND 2. TLS 1.3 removes static RSA key exchange. AND 3. TLS 1.3 removes renegotiation. If any of those constraints break, our current architecture will require significant change. Regards, Charlie Gero Senior Principal System Software Engineer Team Lead Engineering - Akamai Labs 617.444.3940 On Jul 31, 2014, at 1:34 PM, "Michael StJohns" <msj@nthpermutation.com<mailto:msj@nthpermutation.com>> wrote: On 7/30/2014 9:18 PM, Gero, Charlie wrote: Sorry for the second late response. Hectic day. Here's a follow up from the previous. No probs In addition, as long as TLS 1.3 keeps static RSA key exchange and renegotiation out as well as only removing PMS to MS in 1.3 and later, we should be ok. As someone adeptly inferred earlier, this is where things would get hairy for us if any of these constraints are violated. I couldn't parse this very well - too many missing commas. Did you mean?: "In addition, as long as TLS1.3 only removes static RSA key exchange and renegotiation we should be ok" - and - "If removing the pre-master secret only applies to TLS1.3 and later we should be ok" I thought removing the pre-master regardless of rev was the issue? Mike
- [TLS] Premaster/Master convention Michael StJohns
- Re: [TLS] Premaster/Master convention Gero, Charlie
- Re: [TLS] Premaster/Master convention Michael StJohns
- Re: [TLS] Premaster/Master convention Eric Rescorla
- Re: [TLS] Premaster/Master convention Michael StJohns
- Re: [TLS] Premaster/Master convention Eric Rescorla
- Re: [TLS] Premaster/Master convention Gero, Charlie
- Re: [TLS] Premaster/Master convention Juho Vähä-Herttua
- Re: [TLS] Premaster/Master convention Michael StJohns
- Re: [TLS] Premaster/Master convention Michael StJohns
- Re: [TLS] Premaster/Master convention Salz, Rich
- Re: [TLS] Premaster/Master convention Gero, Charlie
- Re: [TLS] Premaster/Master convention Gero, Charlie
- Re: [TLS] Premaster/Master convention Watson Ladd
- Re: [TLS] Premaster/Master convention Michael StJohns
- Re: [TLS] Premaster/Master convention Michael StJohns
- Re: [TLS] Premaster/Master convention Gero, Charlie
- Re: [TLS] Premaster/Master convention StJohns, Michael