Re: [TLS] Call for adoption: draft-bhargavan-tls-session-hash

Andrei Popov <Andrei.Popov@microsoft.com> Mon, 21 July 2014 21:43 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 429F01A08F8 for <tls@ietfa.amsl.com>; Mon, 21 Jul 2014 14:43:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.832
X-Spam-Level:
X-Spam-Status: No, score=-1.832 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_WEB=0.77, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6OAnEK-J6_ux for <tls@ietfa.amsl.com>; Mon, 21 Jul 2014 14:43:12 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0207.outbound.protection.outlook.com [207.46.163.207]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BA2D1A063C for <tls@ietf.org>; Mon, 21 Jul 2014 14:43:12 -0700 (PDT)
Received: from BL2PR03MB419.namprd03.prod.outlook.com (10.141.92.18) by BL2PR03MB420.namprd03.prod.outlook.com (10.141.92.25) with Microsoft SMTP Server (TLS) id 15.0.990.7; Mon, 21 Jul 2014 21:43:10 +0000
Received: from BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) by BL2PR03MB419.namprd03.prod.outlook.com ([10.141.92.18]) with mapi id 15.00.0990.007; Mon, 21 Jul 2014 21:43:11 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Martin Thomson <martin.thomson@gmail.com>, Michael StJohns <msj@nthpermutation.com>
Thread-Topic: [TLS] Call for adoption: draft-bhargavan-tls-session-hash
Thread-Index: AQHPpPW3yLw3mw3Gjk+IMUj+Y+Di5ZuqyjuAgAAnXQCAAB0FgA==
Date: Mon, 21 Jul 2014 21:43:10 +0000
Message-ID: <ed6eeb1fb1524f0293fed5a3736dee7f@BL2PR03MB419.namprd03.prod.outlook.com>
References: <502C3758-9F12-4ABC-B595-FD0994A28B18@ieca.com> <53CD4F3B.4090704@nthpermutation.com> <CABkgnnWY4vtA-i4ZfZSxo5e0DSZvVjOmruU+8PN0+_n5WmHu5w@mail.gmail.com>
In-Reply-To: <CABkgnnWY4vtA-i4ZfZSxo5e0DSZvVjOmruU+8PN0+_n5WmHu5w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [207.236.147.203]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:
x-forefront-prvs: 0279B3DD0D
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(24454002)(13464003)(377454003)(51444003)(189002)(199002)(81342001)(81542001)(4396001)(19580405001)(19580395003)(83322001)(105586002)(106116001)(85306003)(80022001)(20776003)(64706001)(2656002)(66066001)(77982001)(101416001)(79102001)(87936001)(15975445006)(106356001)(85852003)(83072002)(21056001)(31966008)(107046002)(33646002)(86362001)(76576001)(76482001)(95666004)(86612001)(54356999)(74316001)(92566001)(46102001)(76176999)(74502001)(74662001)(50986999)(99396002)(108616002)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BL2PR03MB420; H:BL2PR03MB419.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/SEscYQEeqgFSEzrvQzZ9UDXWPx4
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for adoption: draft-bhargavan-tls-session-hash
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 21:43:14 -0000

I agree with Martin on this, and also think more generally that TLS 1.3 should not rely on extensions to fix known problems such as triple handshake. Since the issue is known at the time of TLS 1.3 design, IMHO the fix should be an integral part of TLS 1.3.

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Martin Thomson
Sent: Monday, July 21, 2014 3:56 PM
To: Michael StJohns
Cc: tls@ietf.org
Subject: Re: [TLS] Call for adoption: draft-bhargavan-tls-session-hash

On 21 July 2014 10:34, Michael StJohns <msj@nthpermutation.com> wrote:
> How does this work with 1rtt?

There is an open question here, because the 1RTT handshake doesn't allow for the master secret to cover the certificate.  The way that the solution is formulated here (cover the server identity) isn't compatible with an encrypted certificate.  We probably need some analysis here, but the idea that was floated what that covering the (EC)DH shares could be sufficient.

I think that's a separable concern and we should consider this draft to be <= 1.2 only.  We can choose to use this solution, if it is appropriate and can be adapted for 1.3.  However, as I understand it, the current 1.3 structure doesn't allow this exact form for the fix.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls