Re: [TLS] Single round trip abbreviated handshake

Ravi Ganesan <ravi@findravi.com> Tue, 09 February 2010 18:34 UTC

Return-Path: <ravi@findravi.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 08D9628C111 for <tls@core3.amsl.com>; Tue, 9 Feb 2010 10:34:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.635
X-Spam-Level:
X-Spam-Status: No, score=-1.635 tagged_above=-999 required=5 tests=[AWL=0.042, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jQZ7xUvv70xr for <tls@core3.amsl.com>; Tue, 9 Feb 2010 10:34:02 -0800 (PST)
Received: from mail-pz0-f190.google.com (mail-pz0-f190.google.com [209.85.222.190]) by core3.amsl.com (Postfix) with ESMTP id F32B23A6821 for <tls@ietf.org>; Tue, 9 Feb 2010 10:34:01 -0800 (PST)
Received: by pzk28 with SMTP id 28so478105pzk.31 for <tls@ietf.org>; Tue, 09 Feb 2010 10:35:06 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.247.15 with SMTP id u15mr5796435rvh.166.1265740506495; Tue, 09 Feb 2010 10:35:06 -0800 (PST)
In-Reply-To: <B2A5E458-6AFC-4D5E-804C-FC719F39B8B3@lurchi.franken.de>
References: <3561bdcc1002022012s2867aac2vaa154013b62e8489@mail.gmail.com> <000601caa694$cf3e2ed0$6dba8c70$@org> <3561bdcc1002051905r24d9dadbi7d815d0d1dc4a19c@mail.gmail.com> <0d6201caa9af$d2217760$76646620$@briansmith.org> <20100209163937.D0DA76E7DF9@kilo.networkresonance.com> <B2A5E458-6AFC-4D5E-804C-FC719F39B8B3@lurchi.franken.de>
Date: Tue, 9 Feb 2010 10:35:06 -0800
Message-ID: <3561bdcc1002091035h4c92965ds497a8a4466caa14e@mail.gmail.com>
From: Ravi Ganesan <ravi@findravi.com>
To: =?UTF-8?Q?Michael_T=C3=BCxen?= <Michael.Tuexen@lurchi.franken.de>
Content-Type: text/plain; charset=UTF-8
Cc: tls@ietf.org
Subject: Re: [TLS] Single round trip abbreviated handshake
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2010 18:34:03 -0000

> I assume that he just "continues to use an existing DTLS connect",
> or am I wrong?
>
> Best regards
> Michael

I do not know about DTLS, but in regular TLS one cannot say open a
fresh socket, send a client_hello with an existing session ID, do a
change cipher_spec and start sending data using keys from old session.
You really need to go through the abbreviated handshake dance for a
number of reasons, including fresh keys to keep cut and paste attacks
at bay, etc. It would be very ironic if we ended up with holes that
were fixed in the SSL 2.0 to 3.0 transition. (See section 3.0 and 4.0
of this paper http://www.schneier.com/paper-ssl.pdf).