Re: [TLS] Remove DH-based 0-RTT
Wan-Teh Chang <wtc@google.com> Tue, 23 February 2016 19:24 UTC
Return-Path: <wtc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E09271ACD39 for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 11:24:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.385
X-Spam-Level:
X-Spam-Status: No, score=-1.385 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y6W1jd4rsO-P for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 11:24:02 -0800 (PST)
Received: from mail-yw0-x236.google.com (mail-yw0-x236.google.com [IPv6:2607:f8b0:4002:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E47D61ACD25 for <tls@ietf.org>; Tue, 23 Feb 2016 11:24:01 -0800 (PST)
Received: by mail-yw0-x236.google.com with SMTP id h129so155200439ywb.1 for <tls@ietf.org>; Tue, 23 Feb 2016 11:24:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RCCMcsHtGq2IHHhZw9A+wBL3OQVnBNECC2D0f1XrHUY=; b=hwXusX3rU8GCshvSzB6n970Y/0zHQam6uj0dZ+haN+fdDHff5IwhYV1Xt+a5dYqz0P hEOZvIqFZfrRB9Gh2lySzOsTA3I6SXdVxR+C7Bwe7ITU2AOSmQDUqcKaPYHzhSnz/f61 tr7usNdbGkgJN/8FuMgb1x52YY4XIpGlc+5qMKSQ+CkvcipHTWRv/2UIzAlFKMhSKtXl c4+NwV22cs41zmPnOJFQXFFLn/w/5hfbfYomk7CQ4V6ZEniqAHzCLvzgw9FXVhx3+Uw5 P+QQTeqRaPFmF2l7wolFsbgSe5v2sd3xnqdynqns6SqpZ5TWYAhadP8e2IYbl/NtiNcZ NICA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=RCCMcsHtGq2IHHhZw9A+wBL3OQVnBNECC2D0f1XrHUY=; b=jVxWDC3mUAo9HByxo4cmr1crnynhv3CD03jIzgid5k/f9VVVtN7uoZXlg+msdpV/iv Qa0DrKvZTWgHn/2ps4IY5aZdCnM2I9QylQarXnUxwv9Mo4OIbL0iY+KfXxJiwDAh4VHH hPin0gUv2geesfPq+8unv39J5zC+dlAw7oguzebo0bDhFQFVgqbUh/4KnwbXNMlgC767 DIhkdVZlY1RvNJ5LKs2Ov7sQNxT3/QLppYRwnLLzRYLxAX9/qmNHaU24lOd9ocm9KSNO hG+iFZ1RUP6xsIbQC9D3lHXvtEYc2EWuCjyMMl8c2F1pmv4ekLF3Ytcp0kd/CXDf0udi TupQ==
X-Gm-Message-State: AG10YOQfu1snfudosuBOQVsmVLe2VgdeRK1tip4Q5hGUV4eT7KMa2QgJqWKRPgExBqBCrHxmi8p8Km70834ltWo9
MIME-Version: 1.0
X-Received: by 10.13.231.132 with SMTP id q126mr17418198ywe.203.1456255441141; Tue, 23 Feb 2016 11:24:01 -0800 (PST)
Received: by 10.37.119.141 with HTTP; Tue, 23 Feb 2016 11:24:00 -0800 (PST)
In-Reply-To: <CABkgnnUUXQh=aStz4DuPtw5mWaF7aDFozuUwQp_QbJ2EGL0eHg@mail.gmail.com>
References: <CABkgnnUUXQh=aStz4DuPtw5mWaF7aDFozuUwQp_QbJ2EGL0eHg@mail.gmail.com>
Date: Tue, 23 Feb 2016 11:24:00 -0800
Message-ID: <CALTJjxEKL2WYt2BV6QupYwk0tSyHMjTLnfJROKj2G1gYLauBpA@mail.gmail.com>
From: Wan-Teh Chang <wtc@google.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/TbJeAFYVnlgvRy3lp5hIAxZZGBI>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Remove DH-based 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2016 19:24:03 -0000
DH-based 0-RTT requires server configuration, which is all public information and can be safely stored on disk. This makes it easy to do 0-RTT after an application restart. PSK-based 0-RTT requires PSK, which is secret key material. Storing PSKs on disk requires special care. Without storing PSKs on disk, we can't do 0-RTT after an application restart. It seems sufficient to just ban client authentication in replayable DH-based 0-RTT. Why remove DH-based 0-RTT altogether? Wan-Teh Chang
- [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Wan-Teh Chang
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Andrei Popov
- Re: [TLS] Remove DH-based 0-RTT Dave Garrett
- Re: [TLS] Remove DH-based 0-RTT Bill Cox
- Re: [TLS] Remove DH-based 0-RTT Hugo Krawczyk
- Re: [TLS] Remove DH-based 0-RTT Watson Ladd
- Re: [TLS] Remove DH-based 0-RTT Eric Rescorla
- Re: [TLS] Remove DH-based 0-RTT Subodh Iyengar
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Watson Ladd
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Ilari Liusvaara
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Ilari Liusvaara
- Re: [TLS] Remove DH-based 0-RTT Karthikeyan Bhargavan
- Re: [TLS] Remove DH-based 0-RTT Ilari Liusvaara