Re: [TLS] Connection ID Draft
Eric Rescorla <ekr@rtfm.com> Sun, 22 October 2017 16:05 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64C11139B14 for <tls@ietfa.amsl.com>; Sun, 22 Oct 2017 09:05:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OiTIyoSLCiLl for <tls@ietfa.amsl.com>; Sun, 22 Oct 2017 09:05:35 -0700 (PDT)
Received: from mail-yw0-x244.google.com (mail-yw0-x244.google.com [IPv6:2607:f8b0:4002:c05::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12CC4139B0B for <tls@ietf.org>; Sun, 22 Oct 2017 09:05:35 -0700 (PDT)
Received: by mail-yw0-x244.google.com with SMTP id t11so10121846ywg.12 for <tls@ietf.org>; Sun, 22 Oct 2017 09:05:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=H7xnu2xwL5fkpwNCogvQPkxmBu2Pzk+zd2R3QRKVmZM=; b=rm0b8eqFMsqPwzs4IO3C1VeXVbvvVQfyNZa9EYNbC5YFhQ7bJL1Z24rw95ke6i3e1y mtoPcI/gRLarnrfjrZp3g/LbGCpYaiYdiVa/lCJT/HHJxQoqFQEyDW4732794EJ0GZlv B4ADGHPTMuVShU43ML2kbvT4aJ6Q5cV0qZu40EoPdPf8Esfbq/kMPJnEE7bfvCHSKtXc MbTHEAFw4y5/TybOKZaLu5ODqxpFfp4QEfTrkfcNKOFBJGeZifFFt4pnIjxrJK/xuKim W+6N76Q8rUFU4ThWke1CSv0TKdW5lUVazJ/IY/NZd9EprbnqlsDU3/e8MwoxZ7UiPbs6 63Pg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=H7xnu2xwL5fkpwNCogvQPkxmBu2Pzk+zd2R3QRKVmZM=; b=uITUOTYWjeuz6WGTDCSwNzTGP8PSHTl5BETx99fg+Z+yKwqP2JMEOkrZt5MJF/n6Iy pwPBvBH9n/imNeOcbxlbYsCC7U1k3Z465UYxrhEAJ0QNbx0QgtLv3ZHLhmMi1q8Benqk Dh/t4YPrPLWkF+3TTh55WfchFgGCiQ52Bilq0a1tzGONcr19Crxh20qKAcYxuqnEF5lR iicSPr5gcml5UREhrazkp9WQGW8TY6chkXSFR+lnjCem6MI7XjyBByaekAqs1JzBX6M5 kl33cF9ShetGKqkJMCrYGAKoEEp0NoFkBAn1fMhy19/N90BVCi88E1Euf2bVftJTsUK7 0KrA==
X-Gm-Message-State: AMCzsaX3TFWFvZAtXlvs/PwluAd69IbNYl4R9fLASvoaCDzfU+t8RnZz vHUM/ZX3O8aZUMfWsstHvAmBmrvOBvdu3m20/Dh/Ra2X
X-Google-Smtp-Source: ABhQp+T2a2ffcXs1X34xyzfutBapXYAaShmwXU9hl8+THxuY7R8bOCFbOiTBPFfLL83bCra9B8BuWLeKosupfjZcktE=
X-Received: by 10.37.45.83 with SMTP id s19mr6682787ybe.400.1508688334302; Sun, 22 Oct 2017 09:05:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.75.194 with HTTP; Sun, 22 Oct 2017 09:04:53 -0700 (PDT)
In-Reply-To: <d5849014-8bea-2ad0-0f2d-b477e269d80a@cs.tcd.ie>
References: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com> <574d133f-0531-2206-c7d3-825ebaffacdd@cs.tcd.ie> <CABcZeBM_xUadFDnAK-FLGjqciDOLGoePv8xhSFkmBYS5nooXxQ@mail.gmail.com> <765bb5b0-2129-9ea8-2c51-b6b4163748e8@cs.tcd.ie> <CABcZeBNbt-ZB=8jsp=pKkDfS9qKOogfmjeAieN6KC9KBNkWnrg@mail.gmail.com> <016ec9b6-d59e-531a-0930-9f355edb34be@cs.tcd.ie> <CABcZeBP_a_tLkMz87CBNzsv7LCpPCHYMTk2asN8hHHtgN1ZRFQ@mail.gmail.com> <f8e1f136-014c-6471-c5f2-bff31cc54723@cs.tcd.ie> <CABcZeBOKydO+g-73eB-pqGXKgiD9XYjP3JTQGjy1GwphWenPFg@mail.gmail.com> <d5849014-8bea-2ad0-0f2d-b477e269d80a@cs.tcd.ie>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 22 Oct 2017 09:04:53 -0700
Message-ID: <CABcZeBO2v=v91tn06dinOH_EuEVD1haM8ggoQ+RNtgy4aR+v5w@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="f4030435b0103e47de055c24e03c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PQ8Ad4Q4QDgtxf-0uXy8NA7saho>
Subject: Re: [TLS] Connection ID Draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Oct 2017 16:05:36 -0000
On Sun, Oct 22, 2017 at 8:50 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > On 22/10/17 16:41, Eric Rescorla wrote: > > > >> Maybe the thing we could agree at this stage is that the cid scheme > >> has to be usable in that one-message-per-day scenario and needs to > >> provide some way that such messages aren't easily linkable based on > >> cids. > > > > I think that's a requirement in some cases but not others. It might be > > best to settle for the others. > > Sorry, I'm not sure what you mean there. Are you saying that you think > the above requirement can't be met by a generally usable scheme? > > I agree that not all scenarios need to meet the req posited above. > > I'd worry that if DTLS1.3 can't meet the above requirement then folks > will invent something that does, which may be worse than using DTLS > in a bunch of cases. OTOH, one could equally, and maybe fairly, argue > that DTLS really doesn't scale down quite that far, which'd I guess > argue that there's a need for some other security protocol for those > situations. > It's not a matter of DTLS versus non-DTLS. I am unaware of any method of providing conn-IDs that simultaneously meets the requirements of: - Unlinkability - Being able to survive multiple conn-ID changes in one round-trip (which is implicit in both the one-packet per day and the unknown address changes scenarios) - Low bandwidth - Good receiver-side scaling (both state and computational) This is a generic problem, not one limited to DTLS. And as I said earlier, to the extent to which we either need specific schemes that meet different subsets of these requirements or we come up with a better generic scheme, the extension-based approach accommodates it. PS: I fully accept your point that purely napkin-based schemes aren't > good enough and if those're the only kind of hash-chain based proposals > seen, then the WG oughtn't go for one of those. > We've seen others, and they fail the receiver-side scaling test, IMO -Ekr
- [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Nikos Mavrogiannopoulos
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Hannes Tschofenig
- Re: [TLS] Connection ID Draft Eric Rescorla
- [TLS] 答复: Connection ID Draft yinxinxing
- [TLS] 答复: Connection ID Draft yinxinxing
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- [TLS] 答复: Connection ID Draft yinxinxing
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- [TLS] 答复: 答复: Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Benjamin Kaduk
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Christian Huitema
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Nikos Mavrogiannopoulos
- Re: [TLS] Connection ID Draft Simon Bernard
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Benjamin Kaduk
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Simon Bernard