Re: [TLS] draft-ietf-tls-tls13 posted
Eric Rescorla <ekr@rtfm.com> Thu, 27 October 2016 05:30 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B579C129BBD for <tls@ietfa.amsl.com>; Wed, 26 Oct 2016 22:30:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x40PrR8UIGnP for <tls@ietfa.amsl.com>; Wed, 26 Oct 2016 22:30:50 -0700 (PDT)
Received: from mail-yw0-x236.google.com (mail-yw0-x236.google.com [IPv6:2607:f8b0:4002:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C72B129BA9 for <tls@ietf.org>; Wed, 26 Oct 2016 22:30:50 -0700 (PDT)
Received: by mail-yw0-x236.google.com with SMTP id p22so15581826ywe.0 for <tls@ietf.org>; Wed, 26 Oct 2016 22:30:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GutMKewEr4rTCqpZWZmJ9ve77NXDohRbqw0kt9Zg86Y=; b=NAsmeIza6EQzLcUfFpGq5LR/HKhUp1+j57zqtNyM2UHvB3JlIIgvI6IykypSlHKLBF Gs8xsdjea70Y7P6L96wkrUR/AwfDo1rASa1QTjyH1CrdxRsTv7Q8pjpTpwGSaFnto3xk wuEO9kd1OVCwvUO5bFjgY4Xn1WWrf/JgHRnP3tb/4HMDkM0p0vgoLD02E77T5GYTdOoT nIY7F2Sq/M3vtpsiI7JzWraGPLHVAc3b69k0UIUBsR+egyFYsiPAnxbEWYNRccb6xEjP MrrOCYMPCkGyIQgh8ay5FL0ccsTPSMhMhsbSLUPtdJ1hO1OoFYrPizCT1TMF00Cf31il /AoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GutMKewEr4rTCqpZWZmJ9ve77NXDohRbqw0kt9Zg86Y=; b=CyXfs5sZUtp9llzpapqRecLt07hchZ0sX/f9jiFrnGvb6E8RKA7bcqAulVJ+aAfxSJ BGf8FFRU1GMkIMjn9xA05b97+KnW36bgmQkH03oOa4nRBLmF6HvZi88BKZiFzwu+GGQ8 fFkGVzujhdU01QzvBbWesNip+a7ma4Fd3bk/wFZNxCb+lcLG4ZvUNAK74AOgtD4Ve9eM ePzGYx2kY6wq5SsM3ETOQ0bmUjSkRg86tv8hkZ2NFoO7Hbu120QAofv6c0EW6bnHfwb5 OWxYSegGx4UivLUtK8l/HYahKCrqLFDYUpYHRMKXIK8Q1Hv6Vi8zbNraHOtkpV4Sb8E2 NGdw==
X-Gm-Message-State: ABUngvcNhtTleFdLeuFgX1Zj/jHARbRPoyw7JpFhSaRrEevA2FJWnnalOR5yc3TrvBM3Q37kmcufp1JQ4coEXg==
X-Received: by 10.129.53.206 with SMTP id c197mr5020546ywa.205.1477546249850; Wed, 26 Oct 2016 22:30:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.82.210 with HTTP; Wed, 26 Oct 2016 22:30:09 -0700 (PDT)
In-Reply-To: <CANatvzwtsDJdxzM0rEwrDK5XCdnjFPT7nx5bi5YLpjDSS+xLyQ@mail.gmail.com>
References: <CABcZeBMRNf3EEtKMus9Rhy=h0y7jjxm8w1AumU=0bwY1zyiXQQ@mail.gmail.com> <CANatvzwtsDJdxzM0rEwrDK5XCdnjFPT7nx5bi5YLpjDSS+xLyQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 27 Oct 2016 16:30:09 +1100
Message-ID: <CABcZeBOc5phUGGVvzk_xExXgVTZZhhiiHLrza4KypdL=vE-YNA@mail.gmail.com>
To: Kazuho Oku <kazuhooku@gmail.com>
Content-Type: multipart/alternative; boundary="001a11421a265cc384053fd20bd2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/U_9xV6REBw3y4qdvVphXQNQMFtM>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-tls13 posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 05:30:54 -0000
On Thu, Oct 27, 2016 at 4:27 PM, Kazuho Oku <kazuhooku@gmail.com> wrote: > Hi, > > Thank you for posting draft-18, and thank you for the simplification of > RMS. > > I have finished implementing resumption and early-data in picotls. The > effort started just before draft-17 was published, so it would be fair > to say that my effort is solely based on the up-to-date specification. > > I am happy to report that all I have found is one minor issue. > > The issue I saw is discordance between PSKIdentity.identity and > NewSessionTicket.ticket. > > In draft-18, PSKIdentity.identity is defined as <0..2^16-1>. OTOH > NewSessionTicket.ticket is <1..2^16-1>. > > Is there any reason to only allow a zero-length identity for the former? > > My understanding is that when resuming a session, the value of > NewSessionTicket.ticket is sent as PSKIdentity.identity. So to me, it > seems more natural if the permitted range of the two arrays were > equal. > > Please forgive me for the fuss if the difference is intentional. > Well, you could have an external PSK which I suppose might be zero length. But I also wouldn't argue if we required this to be nonzero length. -Ekr > 2016-10-26 14:43 GMT+09:00 Eric Rescorla <ekr@rtfm.com>: > > Folks, > > > > I have just posted draft-ietf-tls-tls13-18. > > > > The only wire format change from -17 is that I removed the extra key > > derivation stage computing resumption_psk from RMS. This was a > > holdover from when we also had a resumption context. Now PSK for > > connection N+1 = RMS from connection N. Thanks to Kazuho for > > suggesting this simplification. > > > > This draft also makes a number of minor editorial changes that > > should make for easier reading. > > > > The two remaining open technical issues I am aware of are both > > requirements issues: > > > > 1. Can you resume with a different SNI than the one that the > > connection was initiated with [current answer is "no"]? > > > > 2. Do you need an application profile to do post-handshake > > client auth [current answer is "no"]? > > > > There has been a bunch of discussion of these on the list but no > > consensus declarations from the chairs. These are easy to change > > in the draft once the chairs make the call. > > > > As always, comments welcome. > > > > -Ekr > > > > P.S. NSS will be skipping draft-17 and going right to -18. This > > should happen before Seoul. > > > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > > > > > -- > Kazuho Oku >
- [TLS] draft-ietf-tls-tls13 posted Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls13 posted Kazuho Oku
- Re: [TLS] draft-ietf-tls-tls13 posted Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls13 posted Kazuho Oku
- Re: [TLS] draft-ietf-tls-tls13 posted Martin Thomson