IETF Logo Mail Archive

Re: [TLS] Security review of TLS1.3 0-RTT

Colm MacCárthaigh <colm@allcosts.net> Thu, 04 May 2017 02:15 UTC

Return-Path: <colm@allcosts.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C015C1296D2 for <tls@ietfa.amsl.com>; Wed, 3 May 2017 19:15:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=allcosts-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dfAxN_iE4Fop for <tls@ietfa.amsl.com>; Wed, 3 May 2017 19:15:56 -0700 (PDT)
Received: from mail-yw0-x235.google.com (mail-yw0-x235.google.com [IPv6:2607:f8b0:4002:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BB7712957A for <tls@ietf.org>; Wed, 3 May 2017 19:15:55 -0700 (PDT)
Received: by mail-yw0-x235.google.com with SMTP id k11so347429ywb.1 for <tls@ietf.org>; Wed, 03 May 2017 19:15:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=allcosts-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=xinJljJMz//JmTIGPAhN1rzicU9fW97mdG+i2IFKZ7c=; b=1o6CnvsvTGLX8Xg6SqwZNgMcaR27GkLbNSLi3da2zSiApIeLF5ycipDnHpxJ8Z72F6 n7JViek481o8tnYg8Gwhucf4Fg5qlLJQ9T0nLKbqSqsgw115DVJ1tnleYfPcXfFJjHLn aZ4i7W4yW4mJWcI7/aYcIqOEQCR6Yis6+YgB8fBsm5lIKNg1qmiaBhXZHl4zf6qllz2Q ILAn1uzl3tVGPOTCrGZehoh+vpgiM3rl3oY5cxIdkDOneKlxvo+hqB+YA8WEXWljQakv 9xnW2lMKHowLtOHklP/+AggLQBs0UwqcrbHW4xgO2lplV+RqUCNxVVyNoAfcvpCeQ/jA 9NhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=xinJljJMz//JmTIGPAhN1rzicU9fW97mdG+i2IFKZ7c=; b=jP5mCi5x6jERx7A/EMN4OqcIjrIwuEfuQKtAToXgo1NDshRBvPn3Ho9+B8Fo4y63wj RQAuXLS3LhpaFzlc1s3hFRgcfRYUXedMO3ocsdefA275KsJ0uCAqcZPVpUd2f+p2DzUd b+ooeJ0/yZ/A2GT2TWqDRdjzFyUEosWU70X4Qx0bmoRu6M3SS/qdGrimXDomSN+vJn7B aEetk8BhJ4ExKkktxrZdsjSs+JtMMmU4egOEkw0HUrQIXufZN4mVkUyKJbGfL9iUzxdJ zEz2GLsFF1nuOuyKu308ebNQ8shNDTIAEQPv5dgPaDe9eZoQvSWy7uP70bySobRBGGOH 7v/w==
X-Gm-Message-State: AN3rC/6kWZ/qcS72vYOGC7FtaNT4pE+oW27Mn99i4yA9OdoyyBBgSfWn mpmIbUKTkWehfXpqSo94cSauS2Mbs/F5
X-Received: by 10.129.152.4 with SMTP id p4mr31852753ywg.1.1493864154174; Wed, 03 May 2017 19:15:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.57.67 with HTTP; Wed, 3 May 2017 19:15:52 -0700 (PDT)
In-Reply-To: <3F4F90F1-5446-4183-A972-1074FED7E899@dukhovni.org>
References: <CAAF6GDcKZj9F-eKAeVj0Uw4aX_EgQ4DuJczL4=fsaFyG9Yjcgw@mail.gmail.com> <cb518e35-c214-d11d-a068-c454b2e7ea6a@gmx.net> <CAAF6GDfQ+YXV4gvhBOOZKC=wtYhxQUy1_2_M+dgfbdL25pppiQ@mail.gmail.com> <CABkgnnUwTe627vY=hoLTRv1qmFQLf8ba64X8xHwYdtw7WYn5jw@mail.gmail.com> <CACsn0c=Q94c=Bk-P=FEZOmR6v1odcKfoq3Q89qADjuv1KH4ysg@mail.gmail.com> <CABkgnnURuESnxDsacYDQfmuv1vQx4oevj9Mm2_KHvmOCAmGUEg@mail.gmail.com> <032A35F4-006D-4AE0-8C30-A5D0912A7EC9@dukhovni.org> <CAAF6GDfEeJR-8BX5+tXY60VPDDerTDH-YMKbxyzF5xMA6Gd93g@mail.gmail.com> <3F4F90F1-5446-4183-A972-1074FED7E899@dukhovni.org>
From: Colm MacCárthaigh <colm@allcosts.net>
Date: Wed, 03 May 2017 19:15:52 -0700
Message-ID: <CAAF6GDc+tnYiwRHw20C7r3knV2SQaBPXRfYPeGj5QFvfxW8rhQ@mail.gmail.com>
To: TLS WG <tls@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0bd9ee40d7ee054ea95a32"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/SWbwiQFKHH8m5p6SbbpiI1R3Bmc>
Subject: Re: [TLS] Security review of TLS1.3 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 02:15:58 -0000

On Wed, May 3, 2017 at 6:59 PM, Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

>
> > On May 3, 2017, at 9:39 PM, Colm MacCárthaigh <colm@allcosts.net> wrote:
> >
> > As it happens, DNS queries are not idempotent.  Queries have
> side-effects,
>
> This is sufficiently misleading to be false.


What I'm trying to get at is that idempotency is hard. Even the simplest
things that seem idempotent often are not. It's really really hard to do a
deep review. And that's if people even know to perform the review.

,<Your next two points are good, just cut for length>

> Many providers throttle DNS queries (and TLS is intended as a mechanism
> > to help prevent the ordinary spoof ability of DNS queries).
>
> Again the client is unauthenticated, throttling is by IP address, there's
> no need to repeat the same payload, indeed that's less effective since
> throttling is biased towards queries for non-existent names, ...
>

It's not always by IP address. Anti-DDOS is much more nuanced in my
experience, often take the QNAME into account.

>
> Throttling is mostly for UDP, for lack of BCP-38 implementation.  DNS
> over TLS *is* a good candidate for 0-RTT.  [ I would have chosen a more
> simple protocol for DNS security than TLS, but given that DNS over TLS
> seems to be moving forward, 0-RTT makes sense. ]
>

+1 to that too!

-- 
Colm

v2.23.0 | Report a Bug | By Email