IETF Logo Mail Archive

Re: [TLS] Semi-Static Diffie-Hellman Key Establishment for TLS 1.3

Christopher Wood <christopherwood07@gmail.com> Wed, 07 March 2018 01:28 UTC

Return-Path: <christopherwood07@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BB54126BF7 for <tls@ietfa.amsl.com>; Tue, 6 Mar 2018 17:28:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LMBrjL_-5XYB for <tls@ietfa.amsl.com>; Tue, 6 Mar 2018 17:28:04 -0800 (PST)
Received: from mail-qt0-x236.google.com (mail-qt0-x236.google.com [IPv6:2607:f8b0:400d:c0d::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5120F120227 for <tls@ietf.org>; Tue, 6 Mar 2018 17:28:04 -0800 (PST)
Received: by mail-qt0-x236.google.com with SMTP id g60so743624qtd.11 for <tls@ietf.org>; Tue, 06 Mar 2018 17:28:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:message-id:in-reply-to:references:subject:mime-version; bh=z3A3sWwKs2etZ/dHqtvy2CbhnUx7Q5LwSchIQ/DNNRg=; b=nHTOHTpTq8ER7heLssRPidH/b5iZMcdx9y1hIN08JAmb49dSbrWx9RJUCVcq66aOvJ 6RDGFTvuEcD2/HxqmlrQzOjP8uRNdD7yXt8BH+7zHficJL7Ly4HlYXvYuvwxA8B4QTiL UMt7W1JUGBvJ0anzmrYtdnwvswo22tfq4wuLaGyUE/SLsZKpcbLBZo03j65jrTtCFHEQ k8k2w8pR999TLJvmYd6e0v9mfwaIcpqZhGpTHklhUqZpiHJyQVhTkv2i3tkcnoavP9sM 6Grt8CDVjVwsqiCmGdNV7L62JIyRYO+h/b2IzlLBbP1rBStgX/2g7yHFJgGQw4u82vbk GvwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:message-id:in-reply-to:references :subject:mime-version; bh=z3A3sWwKs2etZ/dHqtvy2CbhnUx7Q5LwSchIQ/DNNRg=; b=B2C/Z70uOllu3xenACeQG6Obuxr5P5y9vhbTzSEo0R1IdLAEgW8e8j5fYUS6XgW+78 oVuHVFqPqsVAQ4sTk8e/Vr9n3kkK+1BVZRx1nKzVjjLXqP+jh/iqYr4GZlLYQsT6UEwt kbjwyXSmAdG4HyDHIaYXZ/IoVRVWcuz9zCzG0NM/UiQBomUZE+GY/2DJ4WBCyI+AgWob K7aPQV87x2iGsWb6lFj72GAHOqr3z4WXFCJ0wmtBkCeNiT1Ts55kSXS2k+bJ+IhleD2h ndZ49YprUNsL3zSf5auaHP/AACfXStjc41xYhlbQ22aDtE61NuzubF7L7u9OxzbsQEpy zGQg==
X-Gm-Message-State: AElRT7F/BFoa0vBXjRrUAYmY3KPBGHXx6Hx1au3YgQkBhaS4i8FY8pc1 txUUYQvETbFj5dSI2Los40C0XOCJ
X-Google-Smtp-Source: AG47ELtxaeqQiGpwT8v9F4KnzwHkV0+dAOIvS5s4HQvY2no94L6lwEKA79jLfetPPcPiRiU9KK5gkg==
X-Received: by 10.200.47.212 with SMTP id m20mr32212832qta.170.1520386083194; Tue, 06 Mar 2018 17:28:03 -0800 (PST)
Received: from [192.168.2.161] (cpe-67-246-123-177.twcny.res.rr.com. [67.246.123.177]) by smtp.gmail.com with ESMTPSA id v17sm5286681qkl.0.2018.03.06.17.28.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Mar 2018 17:28:02 -0800 (PST)
Date: Tue, 06 Mar 2018 20:26:21 -0500
From: Christopher Wood <christopherwood07@gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>, Eric Rescorla <ekr@rtfm.com>
Message-ID: <b76b0d82-5714-4e1e-82ff-3f8af59c2c3e@Spark>
In-Reply-To: <CABcZeBON1KiUUFx9h863APxB31Poy-czNpYS1+HwZjyQxn6wEw@mail.gmail.com>
References: <CABcZeBON1KiUUFx9h863APxB31Poy-czNpYS1+HwZjyQxn6wEw@mail.gmail.com>
X-Readdle-Message-ID: b76b0d82-5714-4e1e-82ff-3f8af59c2c3e@Spark
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="5a9f4021_2d1d5ae9_7b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Tsjd7bZm49Tv7McCLjzkGb4rQzA>
Subject: Re: [TLS] Semi-Static Diffie-Hellman Key Establishment for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 01:28:06 -0000

Thanks for putting this together! I’m in favor of the mechanism and look forward to discussing it. Negotiating with signature_algorithms is a simple way to roll this out, it fits in cleanly with the key schedule, and the benefits outlined in the introduction (PRNG hardening, plausible deniability, etc.) seem worth the effort. Although the approach has its roots in OPTLS, we will certainly need to re-assess its impact on the handshake. (I know of some folks actively working on this.) We also need to spend more time thinking about the open issues — specifically, the story around early data encryption. This variant has the benefit of enabling early data with public key encryption, as opposed to (trackable) symmetric key encryption. It’s unclear to me whether or not we need to address the static share publication issue for this benefit.

Anyway, thanks again for the draft. I’ll read it carefully before London.

Best,
Chris

On Mar 5, 2018, 4:14 PM -0500, Eric Rescorla <ekr@rtfm.com>, wrote:
> Hi folks,
>
> Here's another entry in the DH-only pile.
>
> I've just posted:
>    draft-rescorla-tls13-semistatic-dh-00
>
> This implements a semi-static DH exchange mostly borrowed from
> OPTLS [0]. There are obviously connections with draft-putman, but
> this is more oriented towards implementing a 1-RTT style
> exchange where the client has no foreknowledge of the server's
> capabilities (though it's extensible to 0-RTT) than towards
> pre-distributed DH keys, and has less invasive changes to the
> key schedule.
>
> We'd like 10 minutes to discuss this in London.
>
> Thanks,
> -Ekr
>
> [0] http://ieeexplore.ieee.org/abstract/document/7467348/
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email