Re: [TLS] Draft status and updates
Ilari Liusvaara <ilariliusvaara@welho.com> Tue, 01 December 2015 18:57 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F24401B2C47 for <tls@ietfa.amsl.com>; Tue, 1 Dec 2015 10:57:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zviBgMcL6dLC for <tls@ietfa.amsl.com>; Tue, 1 Dec 2015 10:57:37 -0800 (PST)
Received: from filtteri6.pp.htv.fi (filtteri6.pp.htv.fi [213.243.153.189]) by ietfa.amsl.com (Postfix) with ESMTP id 2D6641B2F17 for <tls@ietf.org>; Tue, 1 Dec 2015 10:57:36 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by filtteri6.pp.htv.fi (Postfix) with ESMTP id E2DB256F881; Tue, 1 Dec 2015 20:57:35 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from smtp5.welho.com ([213.243.153.39]) by localhost (filtteri6.pp.htv.fi [213.243.153.189]) (amavisd-new, port 10024) with ESMTP id xiuoP+yyUB3u; Tue, 1 Dec 2015 20:57:35 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-35-116.bb.dnainternet.fi [87.92.35.116]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp5.welho.com (Postfix) with ESMTPSA id 9DAD15BC00A; Tue, 1 Dec 2015 20:57:35 +0200 (EET)
Date: Tue, 01 Dec 2015 20:57:34 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <20151201185733.GB15222@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CABcZeBNxxC=uOg3bKtJP2bpMa9Z7En_RR2q3zn-qduse+Oh8-g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CABcZeBNxxC=uOg3bKtJP2bpMa9Z7En_RR2q3zn-qduse+Oh8-g@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: ilariliusvaara@welho.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/R7K_VsH63CBm1MJKI1EQOMiZ4Ek>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Draft status and updates
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2015 18:57:40 -0000
On Tue, Dec 01, 2015 at 10:11:17AM -0800, Eric Rescorla wrote: > > This clears out the big pipeline stall from PR#316, but probably has > created some bustage. Expect a series of cleanup commits and some > other things that were head-of-line blocked this week and then > draft-11 in the next week or so. Please file PRs and/or github > issues for any issues you see. Looks like the note about the PSK+ClientCert "attack" got lost somewhere. While I don't think that is important as the underlying issue is fixed, I think there might be a note about dangers of using server certificates in any mode where transcript and configuration do not jointly imply SS. Actually, scanning the editor's copy, it looks VERY broken to me: I don't see how server certificate verify (indirectly) signs on the old configuration. Such signing is required for security, as otherwise SS is not impiled by signature, breaking authentication. Previously, the document was clear about this... > In addition, PR#354 (https://github.com/tlswg/tls13-spec/pull/354) > implements the rekey mechanism that we discussed in Yokohama. There > was broad agreement to adopt something like this. I would appreciate > it if a few people could give it a sanity check, but absent strong > objections, I intend to merge this PR on Friday. The restrictions on when the rekey message can be sent: Do those essentially boil down to "any time after sending Finished"? Also, I think the requirement to immediately send the KeyUpdate is problematic. I think it should be requirement to send it as next record(s). The two aren't the same: The first seemingly requires scheduling extra flights, which can be problematic. The second can piggyback on existing flights. -Ilari
- [TLS] Draft status and updates Eric Rescorla
- Re: [TLS] Draft status and updates Ilari Liusvaara
- Re: [TLS] Draft status and updates Eric Rescorla
- Re: [TLS] Draft status and updates Eric Rescorla
- Re: [TLS] Draft status and updates Eric Rescorla
- Re: [TLS] Draft status and updates Ilari Liusvaara
- Re: [TLS] Draft status and updates Ilari Liusvaara
- Re: [TLS] Draft status and updates Eric Rescorla