[TLS] OPTLS paper posted
Hugo Krawczyk <hugo@ee.technion.ac.il> Thu, 15 October 2015 22:37 UTC
Return-Path: <hugokraw@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56D9B1A877E for <tls@ietfa.amsl.com>; Thu, 15 Oct 2015 15:37:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 73uPZrvk3r8b for <tls@ietfa.amsl.com>; Thu, 15 Oct 2015 15:37:55 -0700 (PDT)
Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0694D1A8775 for <tls@ietf.org>; Thu, 15 Oct 2015 15:37:55 -0700 (PDT)
Received: by lffv3 with SMTP id v3so53193167lff.0 for <tls@ietf.org>; Thu, 15 Oct 2015 15:37:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to:cc:content-type; bh=ikjGFAiDnL1jgKLEOhuqVQR5iX75zDEEemaBCfWuKuI=; b=joulW7vIG2RCRYuXuotOzPSGox6r9OpJYr3YNsWjeeNYrQlpFEVQYUgO5vYZ4lvfv7 nLLvH7FNHJX5vxeULAbnvDLEAq5wsuu9sNi/mb7lKUNbd1jYlqnn0+cBvgansRcidivt h8gqAlb/SksZDCOKiV03b9SoacckIjlXtBxUNw4RpJzMlXFsI4CoJhyUdiz8GkX+8bU+ 97O6PeOusI5UuLm8rvZliLH+vGUvbcByemM0awlmdQeSWmrr6d3brzaCDbADCjoJ0Ixh bqe/FAktP763Wg1CTHHI5rc/yhlTVhnLUG4eKk3/p76/AbhYw89+IjPv612TIMuyVQLU 5iiw==
X-Received: by 10.25.165.4 with SMTP id o4mr4057817lfe.4.1444948673137; Thu, 15 Oct 2015 15:37:53 -0700 (PDT)
MIME-Version: 1.0
Sender: hugokraw@gmail.com
Received: by 10.25.168.84 with HTTP; Thu, 15 Oct 2015 15:37:23 -0700 (PDT)
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Thu, 15 Oct 2015 18:37:23 -0400
X-Google-Sender-Auth: -Dajkeh_6Im8SyCWoewSjjXb_YA
Message-ID: <CADi0yUOth5bb0s8Gxz62TReUXhJHqQe-AjDBowxOtJDVk8myrQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a113f236261943605222c544e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/V-r4ufJ87lEA1yNVpwoD6EezDxE>
Cc: Hoeteck Wee <hoeteck@alum.mit.edu>
Subject: [TLS] OPTLS paper posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Oct 2015 22:37:57 -0000
The OPTLS paper (preprint) explaining the rationale of the protocol and its analysis is posted here: http://eprint.iacr.org/2015/978. The OPTLS design provides the basis for the handshake modes specified in the current TLS 1.3 draft including 0-RTT, 1-RTT variants, and PSK modes (client authentication is not covered). OPTLS dispenses with elements that are not essential to achieve the basic cryptographic security of the protocol. By following such a "minimalistic" approach, the OPTLS design provides the flexibility of building different protocol variants that provide varied performance trade-offs and security features. Some of these variants give rise to the current TLS 1.3 modes while others may be useful in the future. In the latter class it is worth noting the ability to obtain a protocol that completely eliminates online signatures while keeping most of TLS 1.3 unchanged. The analysis part of the paper covers the basics of key exchange security. More comprehensive analyses including validation of TLS 1.3 specifications and implementations is expected to be covered by future work. We would like to take this opportunity to thank the TLS Working Group for insightful discussions and invaluable feedback that led to this work. Hoeteck and Hugo
- [TLS] OPTLS paper posted Hugo Krawczyk