Re: [TLS] KeyUpdate and unbounded write obligations

Keith Winstein <> Sat, 20 August 2016 03:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 688DD12D59D for <>; Fri, 19 Aug 2016 20:40:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JCH6ZUwfw0iS for <>; Fri, 19 Aug 2016 20:40:54 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4002:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D47E712D593 for <>; Fri, 19 Aug 2016 20:40:53 -0700 (PDT)
Received: by with SMTP id e31so21695119ybi.3 for <>; Fri, 19 Aug 2016 20:40:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=+lIoMlbHxKypy9PBnb28hhcThe5rFyqtALDtAiXFIa4=; b=UjWkejuP/+alTJ/TaJxco65FEyCoVMRy9sgy22xssDaraqNgo+9YNpcqQ3PcaWZAe8 YQrmKuq2K1FK/zD3/rAUmuFFIW+kvh++czZBXoqRMpoHgc/hUGJG04qgCQz+Zt6EWwNz QDRFuK6R9AAVaO0tVw/8lk+GijYaHDmV3Mjp93HnBgkHui2vO0/XVAoF4glnGzPSwnnf F5DJpGIgybMf3UzmhocACnLjYnV4WKh2eywPBH/L4Ca+7h+2CpLNp4g9WV58GvucpBWf OuaAJYN620tN2xAdUaUsw8dCFQ1JcOb8rty1rAjIGEbkk8kFWbyl/Flx9woN41uUiN2I UejA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=+lIoMlbHxKypy9PBnb28hhcThe5rFyqtALDtAiXFIa4=; b=RXNNnmwahsDyShgtOWWlpl6zfKX3acc9qEL2ObELRFD/SbbtUerEF92rkdOiz+OW4h KmVhpJyX8vHmem4OCD7fFP5uEOm7th5wvyP2KbY2DNACcbaAs6jEIGaGRuq7tVuJuscw 9ngcU0dk1gmf0Uzg1bjxgo6BZUM0PAUanj3Ax6DWqCw2hxRnanf0VZDqrraNMPPoJUwQ NraIGesV4YnuHQnSAGGKE8Nyi5stQbU3D5BaGE0TMkjXEYtTampV0XpV1c2tpSFwL8s6 zE1foLszLvaQbeAGIbTbnyZ8QZLRHSNG9M0vAX8JeRH1+Kfd93OSVZmXStfWY3QB/23C XmLw==
X-Gm-Message-State: AEkoous6NWSX4ovLof4BVleQ5G5/QM7xL9BHesVafWJ3WP0HAg96VJCKn+FFTG1/hsj00txIc6Ona9qjAyeSaw==
X-Received: by with SMTP id d84mr8274826ybb.165.1471664453040; Fri, 19 Aug 2016 20:40:53 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 19 Aug 2016 20:40:12 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Keith Winstein <>
Date: Fri, 19 Aug 2016 20:40:12 -0700
X-Google-Sender-Auth: lcjwkQxk_dGL93lj35MQeZKILGU
Message-ID: <>
To: Stephen Farrell <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Cc: Adam Langley <>, "" <>
Subject: Re: [TLS] KeyUpdate and unbounded write obligations
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 20 Aug 2016 03:40:56 -0000

On Fri, Aug 19, 2016 at 2:29 PM, Stephen Farrell
<> wrote:
> And for me, the dodgiest, by far. The scope for an "auditor"
> (what is that?) actually being an attacker is IMO way too
> high to consider standardising that kind of feature and any
> idea that it'd involve informed consent of someone seems to
> me fictional.

I appreciate the sensitivity of this issue to the WG. My read of your
email is that there's a concern that by standardizing a protocol
mechanism that allows a node to learn when its own KeyUpdate has
happened, the WG would imply approval of features that permit
the bad kind of eavesdropping. Here's why I don't think that's the case:

Our PR is for a piggyback integer field to provide security property
P3: "An implementation can learn that its request to rekey its
outgoing traffic has been read by the other side."

KeyUpdate is an *instruction* to the other side: "please update my key
in a forward-secure manner." We think some implementations will want
to know that the instruction has been carried out. And there's an easy
opportunity to do that here as a piggyback, without any extra protocol

A node will naturally care more about forward secrecy, and
confirmation of a forward-secure ratcheting event, the more it has
reason to suspect the keys might later be exposed to a third party. In
Berlin, I described three escalating cases: the (1) node going to
sleep, (2) node closing a connection without a mechanism for secure
bidi close, and (3) node that itself intends to release keys to a
read-only auditor after a ratchet is complete.

By "read-only auditor," we mean a curious person or security
researcher who owns an IoT device and wants to know what the heck it
is sending out of their house, where the device doesn't want to allow
its owner to add trusted certificates for an MITM. (This describes
most such devices today.)

Obviously I think it's valuable to make this mechanism available for
IoT device manufacturers. Having talked to several manufacturers, I'm
cautiously optimistic that some would use this. But the WG doesn't
have to take a position on this. These use cases are up to
implementers. There's nothing stopping an implementer today from
releasing session keys, or allowing complete MITM, as is the case in
the browser context with user- or admin-installed root CA
certificates. The TLS WG hasn't opined on these either.

To restate: Property P3 allows a node to learn that its KeyUpdate
instruction has actually happened, which in our view is useful and a
strict benefit over the status quo. It's also orthogonal to the issue
of unbounded write obligations raised in this thread.