Re: [TLS] Consensus call for keys used in handshake and data messages
Yoav Nir <ynir.ietf@gmail.com> Tue, 14 June 2016 08:33 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DCCF12B032 for <tls@ietfa.amsl.com>; Tue, 14 Jun 2016 01:33:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lI7DaQ-Fvk6L for <tls@ietfa.amsl.com>; Tue, 14 Jun 2016 01:33:16 -0700 (PDT)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDD8512B02C for <tls@ietf.org>; Tue, 14 Jun 2016 01:33:15 -0700 (PDT)
Received: by mail-wm0-x233.google.com with SMTP id n184so110470686wmn.1 for <tls@ietf.org>; Tue, 14 Jun 2016 01:33:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=7K3XEJINbmjdZfKZ/bPsn3QbUG9EABQjxa+Gon2L7yo=; b=KRguAhNcVjN/KZQqUMjqUF4rdCxKgrglmyFPJdVUWtEsdTxU4X4S8tR9NL5i7aXhjj jeXwEIzo6QNQlfx26vQ+e4a1gNd2Z7/KYoYfpLGz8hP9gE4DZ1FzWxEcNrQrcvJfp1de t04580fkXUmtd9mEkWWKuVSGbMiMT8vldY/bDiqoX++mCKzXhKslnUm8R0mgmMPU7PrM UTafORQ0u2YqUn+7Q8OF1PL1NTqnQPGZfyxQ146v4E6l36mLlo4QPRuYE7pyI/9jFg6p 0drREJGPYSp3taQZVNnUUiO77BqpFMc7fxVXRZHy5pS0L5Nldjv1qh6M6wQmHcsRrh6i 02Vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=7K3XEJINbmjdZfKZ/bPsn3QbUG9EABQjxa+Gon2L7yo=; b=e7asCQQrcmkcMrIiSJ2JnG9XWmAc4wBWJIFFhiJ4En5ldHDuObqjJxCIMMkXs4K+qa FYMoOTykkUGJ1ZuDIMLpkLx0WnqbQrQI/diRfd+zuUOM/E9/XJmBj7zuxoEuRYzOBpK0 +ybDvQ8ZuIFr/04cZOFK+GxqKBnZAhe+AQmcVcHH66ai18yGJPf0IAECIaZT7KRFGnyg bQMR+0hVhIt8bZ6lUxR1MmhmdcEIuAATzffLY3wgpYDR+FyRdB+qv7Dt4LBJuULfPIIV fR8Bd4870W7/RE70fO74KDbUdRO4f/NAJRWtGaFdWAkKZqDMrX5bGkMLt+j4pepi+e2C oOwg==
X-Gm-Message-State: ALyK8tKYck+O6zS7jZg4Q5ynMov+rgqnMm6S9Dw8QWSRHK+kfZJzNHtoNzm63ybF3YfoDA==
X-Received: by 10.28.44.87 with SMTP id s84mr4892666wms.61.1465893194408; Tue, 14 Jun 2016 01:33:14 -0700 (PDT)
Received: from [172.24.248.248] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id r16sm2846168wmb.23.2016.06.14.01.33.13 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 14 Jun 2016 01:33:13 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_7F1868A1-DA39-4C7B-857C-7007E8EC3797"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CAOgPGoDRZdJN7DY10tDoEEidVkxeKabCcW_U3vQqaaH6x162gw@mail.gmail.com>
Date: Tue, 14 Jun 2016 11:33:11 +0300
Message-Id: <95ACB42E-A0FF-4E46-87E9-212DAF033F42@gmail.com>
References: <CAOgPGoDRZdJN7DY10tDoEEidVkxeKabCcW_U3vQqaaH6x162gw@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/R1GP9PmprXEe7ruN3nAZvjCwD5I>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Consensus call for keys used in handshake and data messages
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2016 08:33:20 -0000
> On 13 Jun 2016, at 10:00 PM, Joseph Salowey <joe@salowey.net> wrote: > > For background please see [1]. > > Please respond to this message indicating which of the following options you prefer by Monday June, 20, 2016 > > 1. Use the same key for handshake and application traffic (as in the current draft-13) > > or > > 2. Restore a public content type and different keys > > Thanks, > > J&S (1) One important (for me) use case for handshake messages after the original handshake is client certificate authentication. Disclosing that the user has just touched the magic resource that causes certificate authentication reveals actual information about what the user is doing. I haven’t seen an argument about why using the same key is similarly harmful. Yoav
- Re: [TLS] Consensus call for keys used in handsha… Eric Rescorla
- Re: [TLS] Consensus call for keys used in handsha… Will Serumgard
- Re: [TLS] Consensus call for keys used in handsha… Björn Tackmann
- Re: [TLS] Consensus call for keys used in handsha… Subodh Iyengar
- Re: [TLS] Consensus call for keys used in handsha… Ilari Liusvaara
- Re: [TLS] Consensus call for keys used in handsha… Dave Garrett
- Re: [TLS] Consensus call for keys used in handsha… Colm MacCárthaigh
- Re: [TLS] Consensus call for keys used in handsha… Eric Rescorla
- Re: [TLS] Consensus call for keys used in handsha… Daniel Kahn Gillmor
- Re: [TLS] Consensus call for keys used in handsha… Hugo Krawczyk
- Re: [TLS] Consensus call for keys used in handsha… Martin Rex
- Re: [TLS] Consensus call for keys used in handsha… Paterson, Kenny
- Re: [TLS] Consensus call for keys used in handsha… Paterson, Kenny
- Re: [TLS] Consensus call for keys used in handsha… Ilari Liusvaara
- Re: [TLS] Consensus call for keys used in handsha… Daniel Kahn Gillmor
- Re: [TLS] Consensus call for keys used in handsha… Hubert Kario
- Re: [TLS] Consensus call for keys used in handsha… Dave Garrett
- Re: [TLS] Consensus call for keys used in handsha… Daniel Kahn Gillmor
- Re: [TLS] Consensus call for keys used in handsha… Nick Sullivan
- Re: [TLS] Consensus call for keys used in handsha… Dan Harkins
- Re: [TLS] Consensus call for keys used in handsha… Ilari Liusvaara
- Re: [TLS] Consensus call for keys used in handsha… Daniel Kahn Gillmor
- Re: [TLS] Consensus call for keys used in handsha… Yoav Nir
- Re: [TLS] Consensus call for keys used in handsha… Nikos Mavrogiannopoulos
- Re: [TLS] Consensus call for keys used in handsha… Benjamin Dowling
- Re: [TLS] Consensus call for keys used in handsha… Ilari Liusvaara
- Re: [TLS] Consensus call for keys used in handsha… Felix Günther
- Re: [TLS] Consensus call for keys used in handsha… Björn Tackmann
- Re: [TLS] Consensus call for keys used in handsha… Martin Thomson
- Re: [TLS] Consensus call for keys used in handsha… Yoav Nir
- Re: [TLS] Consensus call for keys used in handsha… Watson Ladd
- Re: [TLS] Consensus call for keys used in handsha… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Consensus call for keys used in handsha… Henrik Grubbström
- Re: [TLS] Consensus call for keys used in handsha… Hannes Mehnert
- Re: [TLS] Consensus call for keys used in handsha… Cas Cremers
- Re: [TLS] Consensus call for keys used in handsha… Eric Rescorla
- [TLS] Consensus call for keys used in handshake a… Joseph Salowey
- Re: [TLS] Consensus call for keys used in handsha… Andrei Popov
- Re: [TLS] Consensus call for keys used in handsha… Karthikeyan Bhargavan