IETF Logo Mail Archive

Re: [TLS] Additional TLS 1.3 results from Chrome

Adam Langley <agl@imperialviolet.org> Tue, 19 December 2017 16:28 UTC

Return-Path: <alangley@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DEEB1270AC for <tls@ietfa.amsl.com>; Tue, 19 Dec 2017 08:28:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.398
X-Spam-Level:
X-Spam-Status: No, score=-1.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99uIIJ3YkWtk for <tls@ietfa.amsl.com>; Tue, 19 Dec 2017 08:28:40 -0800 (PST)
Received: from mail-pl0-x229.google.com (mail-pl0-x229.google.com [IPv6:2607:f8b0:400e:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBA1D129C6E for <tls@ietf.org>; Tue, 19 Dec 2017 08:28:39 -0800 (PST)
Received: by mail-pl0-x229.google.com with SMTP id b96so7261385pli.2 for <tls@ietf.org>; Tue, 19 Dec 2017 08:28:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=enM8oJfRiCdW1CtQK+SY31FnZgKN+XyIv+j/4ee5B0k=; b=HkY1ITPk3QuMrog77AAE84tCuwlEzK5MrlstlO3NdbQne9WMGvqgUWFVrmzU5vUvwL pI+4UCRyKXCsLAwsHKLvI5kWuOGzJt9TdGBFXDYYwkc7PDWIoCZkvB9JKnvzdY38Bdv2 KC/JwVhLugPPv+C9phzIsfvaSwIJREWRsVZBE7uTd3c6DCDPKDSYCEmfsvHdaq7EHM0J yFHPhQRpfdkKiakmAaScGtRFrRgmgdSMLMkb/NHBrZBL+QUekYtdcA+BJZZfu8g3pYBg dSyd49DqENaLDl25desuAjELSnuk5HD0CrXqTR2Qpkt7QWhY6gRvb0P2bQjtDvy2VHWS 95ug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=enM8oJfRiCdW1CtQK+SY31FnZgKN+XyIv+j/4ee5B0k=; b=Z/mtALZ5V7lFw1n/Qt/+7Pbo4K4htiahjRRUR8QhmJZqjbsB2cwK1KoUlt7/XxyrLD x+qIDEMpV9OaiPJ74eIvmEg75EKpdzdaj61yNA5nsCPVLl8yu9+x7KKJCLRTeRxuTnZD BZ4CPukpmmC83suI251xYhJxSfxVXQJz3tx2RW1Xv5QON3w5oda0T8Xrh4fhC7WLuIfW rQdD2oMhJfDCDYbqdCas7psa4DE7VtiTIVDA9Wg8ehtha2CEhn0OVJtqT6XtR78OXa42 i1vBktJn6YDvB0nuvsSi99q9upcvk1JUW9TZBBY9CXfqIQyJM8TenZw5yJR1rednLBMs d7SQ==
X-Gm-Message-State: AKGB3mIIF59XiXIgY02lMAwAjcZXp9QxEpjxCJx2QhzFkAa95H3pruhB G8wpIRprERjdKgdpSrt2pyiq3OLrgLxQuSJpkiA=
X-Google-Smtp-Source: ACJfBotp8KYguZa9i1tBpmVjWUoBhXiyQMdVQwupCLrbUHgeRzpGrCaxO6GL6tlcHJ+nScrIFhv/KlZmRuGXPD9Tv80=
X-Received: by 10.84.196.131 with SMTP id l3mr3785009pld.194.1513700919225; Tue, 19 Dec 2017 08:28:39 -0800 (PST)
MIME-Version: 1.0
Sender: alangley@gmail.com
Received: by 10.100.149.193 with HTTP; Tue, 19 Dec 2017 08:28:38 -0800 (PST)
In-Reply-To: <2da50a0b-4b28-35fc-fe32-44a4afff9f4f@cs.tcd.ie>
References: <CAF8qwaA4su2j-Lh9XRcLbT_Tysg9H24ys=TCC=Rd1bvrFNds7A@mail.gmail.com> <CABcZeBN9ABRSY76NWfqy5QouVE9BJR78nwExNGe-bXsnn1GkmA@mail.gmail.com> <68370EF8-8F21-435C-98F0-D621D142C629@akamai.com> <2da50a0b-4b28-35fc-fe32-44a4afff9f4f@cs.tcd.ie>
From: Adam Langley <agl@imperialviolet.org>
Date: Tue, 19 Dec 2017 08:28:38 -0800
X-Google-Sender-Auth: D31YYyFFMEPsUegEmtpy-oqfgs0
Message-ID: <CAMfhd9XeN8i6_YXCBWVhvgEWCCW8+iBTgYDNA6RSYkD3-211ew@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: "Salz, Rich" <rsalz@akamai.com>, Eric Rescorla <ekr@rtfm.com>, David Benjamin <davidben@chromium.org>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c1889469635530560b3f573"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Q-QC2g_gDDFQ_0wwjzVUmliipr0>
Subject: Re: [TLS] Additional TLS 1.3 results from Chrome
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2017 16:28:41 -0000

On Tue, Dec 19, 2017 at 5:07 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

> I'm not sure I agree renumbering is the right reaction,
> though I don't object to that. This could be a case where
> it's overall better that those specific devices suffer
> breakage, and hopefully then do get firmware updated to
> support TLS1.3 or TLS-without-extended-random-or-dual-ec
> at some point.
>

I think we would like to avoid deliberately breaking these devices with TLS
1.3. (I think TLS 1.3 has been subject to enough friction already.)

If key_share is renumbered, then presumably extension 40 would be reserved
by IANA. Thus other implementations could send extension 40 if they wish
not to interoperate with extended_random-supporting peers.


Cheers

AGL

v2.23.0 | Report a Bug | By Email