IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-cross-sni-resumption

David Benjamin <davidben@chromium.org> Wed, 11 August 2021 21:14 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C77EA3A2563 for <tls@ietfa.amsl.com>; Wed, 11 Aug 2021 14:14:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.949
X-Spam-Level:
X-Spam-Status: No, score=-9.949 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQi9szOPk_TR for <tls@ietfa.amsl.com>; Wed, 11 Aug 2021 14:14:13 -0700 (PDT)
Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AEC93A2562 for <tls@ietf.org>; Wed, 11 Aug 2021 14:14:13 -0700 (PDT)
Received: by mail-pj1-x102a.google.com with SMTP id s22-20020a17090a1c16b0290177caeba067so11813680pjs.0 for <tls@ietf.org>; Wed, 11 Aug 2021 14:14:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3aRn6Vs1hQtbWtCyvgpG3O4s76bSGMYXofnelPMCUDE=; b=Y+mguoc5+gOJitMJGBpHJa1iPddAiC6loFMVE8zxwBv9cMzJXk1R47aKBviQXTL0VH spJIzpSsWT/q8kwbjKgNlAJ3OaH32JwkU9bVjOTOkp8x7GMz5M3nn3OXHKXW4gqPyjPO R6ILJNdNDfZ0bI9zlDqDz1g3j7oxfX/R+3U7k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3aRn6Vs1hQtbWtCyvgpG3O4s76bSGMYXofnelPMCUDE=; b=dtYL0iJ869UYttcN9LZJu/8HfBjO7drqwJm4H6MsB0OFEJ2ireg8rh/yCRYGy8JQ/B Va1ODWwZX3bYigpK+PSAbm64gQSqqCbRNFYMsi23UWyKMCCbVUcHe70UR/VkM4CrcQR3 vfGMn5Fan9HJb4WJbEuoNpkQ6glrPJADehmeZfNZs6knkbA21UqBuwlHhqN3zrTVYSth FvN4/cnExnUFcuoL3TZMIXg89c8ubeDwhaWBkOWNNj4wl6a+qNk80dRCYL9Ajpog9hGn c3zrLWOOeRMHvsj2wg0kNKopKWaVbsdWTrNcHhPWmokaRh7eUsh72317bZ1RsQQk8tW/ 80Hg==
X-Gm-Message-State: AOAM53119NYvOPZOoHwwfB6vu1GAoHSvB2Hgw6pcvEDjKPgDByYuYJL7 CM1xMTZmjj492kJqxxtZrb7haChz5EpNvzmveiFS1CA0WQ==
X-Google-Smtp-Source: ABdhPJxiiWj+5BszHWWrGrIEko09pudag31TEBVYnWWUls7Q45TWvoL+f7DLtoAGSn32kttbNHmVBCg+SGRJDJk9Zco=
X-Received: by 2002:a63:e70f:: with SMTP id b15mr688066pgi.182.1628716451020; Wed, 11 Aug 2021 14:14:11 -0700 (PDT)
MIME-Version: 1.0
References: <0ad354da-5300-4b48-8925-f7ab18cdf235@www.fastmail.com> <8d260f7a-7cbe-4980-9ed2-0120764fc476@www.fastmail.com> <9F2E90F8-3461-4D71-A3E7-A3A9FC5DA8E7@icloud.com>
In-Reply-To: <9F2E90F8-3461-4D71-A3E7-A3A9FC5DA8E7@icloud.com>
From: David Benjamin <davidben@chromium.org>
Date: Wed, 11 Aug 2021 17:13:54 -0400
Message-ID: <CAF8qwaDSN40CmwwwbLdXNoYyWmCNepTmcAabHEOAMmG6N=01fQ@mail.gmail.com>
To: Carrick Bartle <cbartle891=40icloud.com@dmarc.ietf.org>
Cc: Christopher Wood <caw@heapingbits.net>, "TLS@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000081121b05c94f19b3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T74MymBZjL6MF9KbOVwqSW9XkY0>
Subject: Re: [TLS] WGLC for draft-ietf-tls-cross-sni-resumption
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Aug 2021 21:14:20 -0000

On Wed, Aug 11, 2021 at 5:00 PM Carrick Bartle <cbartle891=
40icloud.com@dmarc.ietf.org> wrote:

> >  Notably, it still relies on the server certificate being re-validated
> against the new SNI at the
> >  session resumption time.
>
> Where is this specified? I can't find it in RFC 8446. (Sorry if I missed
> it.)
>

Does RFC 8446 actually say this? I haven't looked carefully, but I suspect,
if it says anything useful, it's implicit in how resumption works:

- If the client offers a PSK, it must be okay with the server
authenticating as that PSK for this connection
- Ticket-based PSKs carry over the server certificate from the previous
connection
- Therefore, in order to offer a ticket in a connection, the client must be
okay with that previous server certificate in the context of that
connection. Server name, trust anchors, and all.

This is another one of those cases where cross-SNI resumption is just a
more obvious example of a general principle that needs to be written down
somewhere in TLS proper. (Even with the same SNI, suppose two different
parts of my application use different trust stores. My session resumption
decisions must be consistent with that.)


> >  However, in the absence of additional signals, it discourages using a
> session ticket when the SNI value > does not match ([RFC8446], Section
> 4.6.1), as there is normally no reason to assume that all servers
> > sharing the same certificate would also share the same session keys.
>
> It'd be helpful to describe under what circumstances there is reason to
> assume that servers that share the same certificate also share the same
> session keys (and are able to take advantage of cross-SNI resumption).
>
>
> > On Jul 30, 2021, at 6:57 PM, Christopher Wood <caw@heapingbits.net>
> wrote:
> >
> > Given the few responses received thus far, we're going to extend this
> WGLC for another two weeks. It will now conclude on August 13.
> >
> > Best,
> > Chris, for the chairs
> >
> > On Fri, Jul 16, 2021, at 4:55 PM, Christopher Wood wrote:
> >> This is the working group last call for the "Transport Layer Security
> >> (TLS) Resumption across Server Names" draft, available here:
> >>
> >>
> https://datatracker.ietf.org/doc/draft-ietf-tls-cross-sni-resumption/
> >>
> >> Please review this document and send your comments to the list by July
> >> 30, 2021. The GitHub repository for this draft is available here:
> >>
> >>    https://github.com/vasilvv/tls-cross-sni-resumption
> >>
> >> Thanks,
> >> Chris, on behalf of the chairs
> >>
> >> _______________________________________________
> >> TLS mailing list
> >> TLS@ietf.org
> >> https://www.ietf.org/mailman/listinfo/tls
> >>
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email