Re: [TLS] Limiting replay time frame of 0-RTT data
Brian Smith <brian@briansmith.org> Sat, 12 March 2016 19:33 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DA6412D804 for <tls@ietfa.amsl.com>; Sat, 12 Mar 2016 11:33:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=briansmith-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OZj_x9XFDmra for <tls@ietfa.amsl.com>; Sat, 12 Mar 2016 11:33:39 -0800 (PST)
Received: from mail-ob0-x231.google.com (mail-ob0-x231.google.com [IPv6:2607:f8b0:4003:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 244E812D801 for <tls@ietf.org>; Sat, 12 Mar 2016 11:33:29 -0800 (PST)
Received: by mail-ob0-x231.google.com with SMTP id ts10so143036374obc.1 for <tls@ietf.org>; Sat, 12 Mar 2016 11:33:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=briansmith-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=wO7Rut2jb0Ea8iRZ1cipxjXYkJoJ6p9Ix5boUOdICqY=; b=O3/yT68wcO7qL49DQTfTfYdmG2TamLLBd+6QsfQqZYSmpr+1JhQM9KSPjQwkCxQPBZ 2t/9YzemRIAVim4TDa7w2fQw03W5G474VoC5YHzlgaAqnJ/6g70oPPllaUNQW1krKOre pzsZO5EEeT7kmguoWKxNISgWqlj2mArzATvjaOaXtwfCzMJT7nEDiHKXqmda55NCZy35 j6eqwLdBqHXk+VVOt5sUO/6DRePRpHHePJP3qua5ZQwHp7/CkSpPCE6wwo9qq6eq2GYL F1Q/IctEqRa9AgKMkqL5iwM2r/vFU3OtJrO0it7y24rfOxlfHHxp/8xdUJ36ye7cPNlr ofPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=wO7Rut2jb0Ea8iRZ1cipxjXYkJoJ6p9Ix5boUOdICqY=; b=kY9iKm1djlTQxTpvgLgMje+QRgN0c4YmrcTJvZMcgMdn5LTB4aaazMdoPLwNYqi7AE rAwUMBTrwDryl3iA99TcnUmSCbK5GGBYfY0d8MgshDEULYymPdYFSy066O4Trp4B5LIp wlxc7LmSFc1k0ogxzcMYn/m5R3+HjpImQthhg581cuWx2GI5up/4x/Rrw9xQ+sE3SYTG pqElsh4XBaCaiKiKg/QsV0KrLDpkQSzOrGSyxmIm4IcNq+Gkk3eQtTfuqkUljYefxB1z TkWvFsLBs9ulqz3YHLDUckGSn6SiXzp3CnTMM2Gd/PsEjU9FxnZ2b8YgY/C1909+pSq0 H4cw==
X-Gm-Message-State: AD7BkJJ87i500RzwqMicA9UnVoZyw8CGmBbhI6+AkdWzt1jaeE5tHlP+41t8MQCXC9QzhXXGo86wYFSB3rCV5w==
MIME-Version: 1.0
X-Received: by 10.60.128.163 with SMTP id np3mr9962369oeb.16.1457811208510; Sat, 12 Mar 2016 11:33:28 -0800 (PST)
Received: by 10.76.37.231 with HTTP; Sat, 12 Mar 2016 11:33:28 -0800 (PST)
In-Reply-To: <8A79BFEDF6986C46996566F91BB63C860D64EA3F@PRN-MBX02-1.TheFacebook.com>
References: <8A79BFEDF6986C46996566F91BB63C860D64EA3F@PRN-MBX02-1.TheFacebook.com>
Date: Sat, 12 Mar 2016 09:33:28 -1000
Message-ID: <CAFewVt4c9P7TPHvFp57C2Tinjdm1o7oEHfi5AfUW89AWDjykMA@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Kyle Nekritz <knekritz@fb.com>
Content-Type: multipart/alternative; boundary="047d7b417dc73bbbad052ddf1ff9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/VNe6Km-Eu5584t25NWMbPYM0HZ4>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Limiting replay time frame of 0-RTT data
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Mar 2016 19:33:43 -0000
On Fri, Mar 11, 2016 at 10:21 AM, Kyle Nekritz <knekritz@fb.com> wrote: > Note: it’s also useful for the server to know which edge cluster the early > data was intended for, however this is already possible in the current > draft. In ECDHE 0-RTT server configs can be segmented by cluster, and with > tickets, the server can store cluster information in the opaque ticket. Shouldn't the server also put a 0-RTT timestamp in the opaque ticket and then implement the same time limiting you suggest using that timestamp? That way, the timestamp would be authenticated and would not leak the client's system time information. Note that this would be better than relying on HTTP timestamps because it would work for any protocol, not just HTTP. Cheers, Brian -- https://briansmith.org/
- [TLS] Limiting replay time frame of 0-RTT data Kyle Nekritz
- Re: [TLS] Limiting replay time frame of 0-RTT data Eric Rescorla
- Re: [TLS] Limiting replay time frame of 0-RTT data Karthikeyan Bhargavan
- Re: [TLS] Limiting replay time frame of 0-RTT data Brian Smith
- Re: [TLS] Limiting replay time frame of 0-RTT data Erik Nygren
- Re: [TLS] Limiting replay time frame of 0-RTT data Martin Thomson
- Re: [TLS] Limiting replay time frame of 0-RTT data Bill Cox
- Re: [TLS] Limiting replay time frame of 0-RTT data Jeffrey Walton
- Re: [TLS] Limiting replay time frame of 0-RTT data Ryan Hamilton
- Re: [TLS] Limiting replay time frame of 0-RTT data Kyle Nekritz
- Re: [TLS] Limiting replay time frame of 0-RTT data Colm MacCárthaigh
- Re: [TLS] Limiting replay time frame of 0-RTT data Jeffrey Walton
- Re: [TLS] Limiting replay time frame of 0-RTT data Eric Rescorla
- Re: [TLS] Limiting replay time frame of 0-RTT data Ryan Hamilton
- Re: [TLS] Limiting replay time frame of 0-RTT data Eric Rescorla
- Re: [TLS] Limiting replay time frame of 0-RTT data Bill Cox
- Re: [TLS] Limiting replay time frame of 0-RTT data Martin Thomson
- Re: [TLS] Limiting replay time frame of 0-RTT data Eric Rescorla