Re: [TLS] Call for adoption: draft-bhargavan-tls-session-hash

Andrei Popov <> Mon, 21 July 2014 21:43 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 429F01A08F8 for <>; Mon, 21 Jul 2014 14:43:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.832
X-Spam-Status: No, score=-1.832 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_WEB=0.77, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6OAnEK-J6_ux for <>; Mon, 21 Jul 2014 14:43:12 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5BA2D1A063C for <>; Mon, 21 Jul 2014 14:43:12 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.990.7; Mon, 21 Jul 2014 21:43:10 +0000
Received: from ([]) by ([]) with mapi id 15.00.0990.007; Mon, 21 Jul 2014 21:43:11 +0000
From: Andrei Popov <>
To: Martin Thomson <>, Michael StJohns <>
Thread-Topic: [TLS] Call for adoption: draft-bhargavan-tls-session-hash
Thread-Index: AQHPpPW3yLw3mw3Gjk+IMUj+Y+Di5ZuqyjuAgAAnXQCAAB0FgA==
Date: Mon, 21 Jul 2014 21:43:10 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-microsoft-antispam: BCL:0;PCL:0;RULEID:
x-forefront-prvs: 0279B3DD0D
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(24454002)(13464003)(377454003)(51444003)(189002)(199002)(81342001)(81542001)(4396001)(19580405001)(19580395003)(83322001)(105586002)(106116001)(85306003)(80022001)(20776003)(64706001)(2656002)(66066001)(77982001)(101416001)(79102001)(87936001)(15975445006)(106356001)(85852003)(83072002)(21056001)(31966008)(107046002)(33646002)(86362001)(76576001)(76482001)(95666004)(86612001)(54356999)(74316001)(92566001)(46102001)(76176999)(74502001)(74662001)(50986999)(99396002)(108616002)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BL2PR03MB420;; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" <>
Subject: Re: [TLS] Call for adoption: draft-bhargavan-tls-session-hash
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 21 Jul 2014 21:43:14 -0000

I agree with Martin on this, and also think more generally that TLS 1.3 should not rely on extensions to fix known problems such as triple handshake. Since the issue is known at the time of TLS 1.3 design, IMHO the fix should be an integral part of TLS 1.3.

-----Original Message-----
From: TLS [] On Behalf Of Martin Thomson
Sent: Monday, July 21, 2014 3:56 PM
To: Michael StJohns
Subject: Re: [TLS] Call for adoption: draft-bhargavan-tls-session-hash

On 21 July 2014 10:34, Michael StJohns <> wrote:
> How does this work with 1rtt?

There is an open question here, because the 1RTT handshake doesn't allow for the master secret to cover the certificate.  The way that the solution is formulated here (cover the server identity) isn't compatible with an encrypted certificate.  We probably need some analysis here, but the idea that was floated what that covering the (EC)DH shares could be sufficient.

I think that's a separable concern and we should consider this draft to be <= 1.2 only.  We can choose to use this solution, if it is appropriate and can be adapted for 1.3.  However, as I understand it, the current 1.3 structure doesn't allow this exact form for the fix.

TLS mailing list