Re: [TLS] Negotiating with known_configuration

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Tue, 21 July 2015 13:08 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA5F01A87B3 for <tls@ietfa.amsl.com>; Tue, 21 Jul 2015 06:08:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cB4hxvt5JCo9 for <tls@ietfa.amsl.com>; Tue, 21 Jul 2015 06:08:57 -0700 (PDT)
Received: from emh03.mail.saunalahti.fi (emh03.mail.saunalahti.fi [62.142.5.109]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13C9C1AD0C9 for <tls@ietf.org>; Tue, 21 Jul 2015 06:08:53 -0700 (PDT)
Received: from LK-Perkele-VII (a91-155-194-207.elisa-laajakaista.fi [91.155.194.207]) by emh03.mail.saunalahti.fi (Postfix) with ESMTP id AA1441888FD; Tue, 21 Jul 2015 16:08:50 +0300 (EEST)
Date: Tue, 21 Jul 2015 16:08:50 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <20150721130850.GA21741@LK-Perkele-VII>
References: <CABcZeBOEUuVKHYRs5+DY6h8vcQ9uLWW9SXzN=VH=ovHbnEK0AA@mail.gmail.com> <CABkgnnUn5_Wo9XDRe=KQKO64MWcBGw0Pk6aviyigR+H7yVBaUg@mail.gmail.com> <CABcZeBP-2GudRXCHWBnWV7fnTuv-4nAzyxxY_FJx7UsPF_6KFg@mail.gmail.com> <CABkgnnVswNWk-ZOD32EvfJ=ORQWTXBPAKs51k9tRq3vspzi3jQ@mail.gmail.com> <CABcZeBNXqkJrEYFm1Z7cW4pzNcxBhsDVNZv_HNQFcXOG2x9_pg@mail.gmail.com> <20150721124110.GA20920@LK-Perkele-VII> <CABcZeBMzhsFUGDG_-8U_BJFppRzkby3B2sgz1BFargoSW+DQhg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CABcZeBMzhsFUGDG_-8U_BJFppRzkby3B2sgz1BFargoSW+DQhg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/RLRGvvKiPyRn18hHcvzpl2gVylg>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Negotiating with known_configuration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2015 13:08:59 -0000

On Tue, Jul 21, 2015 at 02:55:33PM +0200, Eric Rescorla wrote:
> On Tue, Jul 21, 2015 at 2:41 PM, Ilari Liusvaara <
> ilari.liusvaara@elisanet.fi> wrote:
> 
> > For 0-RTT/Early handshake data you want cipher that the server
> > supports and accepts. If it is about this, there could be multiple
> > allowed ciphers.
> >
> 
> In principle this is true. However, there are two complications, ISTM:
> 
> 1. The client has no way of knowing which ciphers the server would support
> other than the one it negotiated with the client previously (assuming
> in-band)

Well, if it is about supported ciphers, there could be multiple, and
the proposal has slot for only one.

> 2. I'm trying to avoid questions about the security of the negotiation for
> the 0-RTT data, and we already have negotiated parameters.

Can you give some examples of such questions?

> I haven't done any analysis of what happens if the server doesn't check
> that it would negotiate the parameters that the client provides. That might
> be fine, but I'm trying to be conservative.

I think it would either work fine (client picks something server supports/
accepts) or it would not work at all (client picks some unknown cipher).


-Ilari