Re: [TLS] tls-unique

Eric Rescorla <ekr@rtfm.com> Thu, 08 October 2015 10:05 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B5C31ACD76 for <tls@ietfa.amsl.com>; Thu, 8 Oct 2015 03:05:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wq_3kVDWZEKW for <tls@ietfa.amsl.com>; Thu, 8 Oct 2015 03:05:32 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75C6F1A9172 for <tls@ietf.org>; Thu, 8 Oct 2015 03:05:32 -0700 (PDT)
Received: by wicfx3 with SMTP id fx3so17607780wic.0 for <tls@ietf.org>; Thu, 08 Oct 2015 03:05:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=0+o+THzp/UFlMzuwZbDOaxM+NOv22hFKpFh2FovP+i8=; b=ECAGMXlgv+w5+IslJ6S2sPsW8y2hMQpG/Td04qGmx8q8UbSNRpij+aziaAHg9F+NGX 0ScjIhSWZcqW5XQh6XmD2ffy3GJZfxjYCpCaHj0P/Qgkw+JGIJKMPyck0uAE9HrGTpPq QKoUdDGpPFLfIR8ESbfK8yxlgy55NU9bF/poNdOxyBAP53fQBBCp31+JeNY5DRj1W16t fS3eW1JV2YklbF9EEhjuHOFfE7Y13Wzibu/8mjTh+hrczCwNeP6AZ4ySe6SiJPOiQVH7 0qFDHQdC5VQs2XpwPrAqbR+YQn++tgZk06ZxVI2FJ7L1kRoqqYW/YWbywOTMaQlUD+fB BGdg==
X-Gm-Message-State: ALoCoQndcjmDTv+HYVXYgjuZOBBP84yxt30cHZ7zJwfdSxerkipewaUqBriA/2XwmL+QAo0bBl29
X-Received: by 10.194.133.129 with SMTP id pc1mr6711595wjb.148.1444298730886; Thu, 08 Oct 2015 03:05:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.79.200 with HTTP; Thu, 8 Oct 2015 03:04:51 -0700 (PDT)
In-Reply-To: <87vbahu2r2.fsf@latte.josefsson.org>
References: <A1F63168-7736-452D-BC1B-23B665D81989@sn3rd.com> <87vbahu2r2.fsf@latte.josefsson.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 8 Oct 2015 12:04:51 +0200
Message-ID: <CABcZeBNuSCB8i--TqYouiPyrPu6ZSunNeK40JHaO+DdBEnUL+A@mail.gmail.com>
To: Simon Josefsson <simon@josefsson.org>
Content-Type: multipart/alternative; boundary=089e01227d94cdfd6305219500d5
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/QWSe0vzNO5Xx3iX7sYxosW--dVM>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] tls-unique
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2015 10:05:34 -0000

On Thu, Oct 8, 2015 at 11:29 AM, Simon Josefsson <simon@josefsson.org>
wrote:

> The notes from the interim meeting mentions 'tls-unique' and points to
> issue #228 on github.  I want to get your attention on the draft below.
> Doesn't it do what you are looking for?  There is a little in the way of
> a problem statement in the TLS interim meeting notes, so it is hard to
> tell what the perceived problem with 'tls-unique' is in this context.
> Does my draft need to be updated for TLS 1.3 in any way?  It might serve
> as a starting point for future work.
>
> https://tools.ietf.org/html/draft-josefsson-sasl-tls-cb-03


Well, TLS 1.3 doesn't have a PRF, but instead explicitly uses HKDF.

With that said, I don't really understand the structure of your draft:
Instead of referencing the PRF and session_hash directly, why not instead
use RFC 5705 exporters and require the use of the session_hash extension?
Then TLS 1.3 can just define exporters for 1.3 and we'll be done.

-Ekr


> /Simon
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>