Re: [TLS] KeyUpdate and unbounded write obligations

Keith Winstein <> Wed, 24 August 2016 23:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C329212D743 for <>; Wed, 24 Aug 2016 16:02:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id u65cXC22hTw5 for <>; Wed, 24 Aug 2016 16:02:28 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4002:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 065DA12D7A4 for <>; Wed, 24 Aug 2016 16:02:27 -0700 (PDT)
Received: by with SMTP id j12so19569616ywb.2 for <>; Wed, 24 Aug 2016 16:02:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=5p4KEF9adTHbvIDw4012NrCN/AkkQceWROF9OsbXblM=; b=G2/0Q+JjiOSfQiJ73qb/fnb8eiWgeDFf7Fk7ZCFH7CfI1Fz1zX/J6adJGnwguVhOKH F6xJzdBFT2x3k0uOZfLT/IDBmOUp24lOlMp16kNN0uZIfGcnceJnmOmYRYnyvx7sK3d7 aeukcMa002zLvdMbgzRC5wUmT/yF1HChGTiDEEuztC2iA9dXz1wY5/BXKV09uKW66+ua 0mXHo+dTlnWhkwo2v4/9vh3niWm0ZFok7V5W7oi7QLynROF0v/1vSmoBxk1e7uWgcrVs aeFf2EXbR7wvWnmPtsWxSVKjjtJFSHv38/JZJXPBZMND/v+zfl0if8yV2Oyfudf09Y1k RqVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=5p4KEF9adTHbvIDw4012NrCN/AkkQceWROF9OsbXblM=; b=X3iuBEj21CVPuYrQnAE1AGunXurOx9P6N/sX47gt91CiCAmw5IAcmmRy+GduapV5vJ RynqzUhGqcKZuXJMigg+EBjlvfSlxbZsM4qN084M9AUbGNIVfpvn02ZTy1N1+SWf8PeN 4N0KM7l/XNZNHlNrq24Ry+5b8R6/fTQ8GGAqLonTIFQF16cQuN4W+/kjbG2H4PD72y9m iPy3WYKCXVB/DPpEU7DacoFGGgJzrqvoCcdgLqqhPNL/gkfxt0ixDR3ZTC7gISCrshpE rj1iG6Y6fssMQ4EzvL6KzvrMWtCQA1aVi44tNcDFGT7gyIqy3ZqddfLEf9qS09gnT+vI dWPA==
X-Gm-Message-State: AE9vXwNdD44HtcSMAMnO6VoPPBY7b3TloHlxb9AHPO/1q/BbHdBX3qtSYdZFAkCUybHJ/sdSGEUk1MB5uBuojA==
X-Received: by with SMTP id y184mr4555121ywe.85.1472079746164; Wed, 24 Aug 2016 16:02:26 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 24 Aug 2016 16:01:45 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Keith Winstein <>
Date: Wed, 24 Aug 2016 16:01:45 -0700
X-Google-Sender-Auth: Dp92vxn1COGzacHmscRhacrg8Fw
Message-ID: <>
To: Subodh Iyengar <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Cc: Adam Langley <>, "" <>
Subject: Re: [TLS] KeyUpdate and unbounded write obligations
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Aug 2016 23:02:31 -0000

Hi Subodh,

Interesting points.

On the form of the generation identifier: The draft does already
specify the generations as integers (traffic_secret_N, N+1, etc.), and
the semantics of a KeyUpdate are that when you receive one, you
increment the generation of the receive key. So the proposed
"receive_generation" field is really just echoing the generation
number back. I could imagine a different system where the KeyUpdate
instead includes an opaque identifier, and the receiving
implementation is then supposed to echo back the most recent opaque
identifier that it got. That would also provide Property P3, and so I
would be totally fine with it. But now we're talking about adding
*two* fields to a KeyUpdate (the sender's opaque identifier, and also
an echo of the most recently received opaque identifier), instead of
one field, so I'd be surprised if there were more consensus around
this alternate approach!

On the API that a TLS implementation would expose: Obviously the WG
doesn't have to specify this, but here are three APIs I could imagine:

(1) No change to current APIs. The TLS implementation itself triggers
KeyUpdate when it wants to (e.g. per recommendation on when the
underlying cipher wants to be rekeyed), but doesn't expose this to the

(2) Fire-and-forget. The TLS implementation exposes a
`rekey_session()` function, which initiates a KeyUpdate. [If we adopt
the proposal described earlier in this thread, maybe there's a boolean
parameter about whether to request a reciprocal rekey from the other

(3) Fire-and-later-check. The TLS implementation exposes #2 above, but
also `tls_session_generations()`, which returns a pair of integers
giving the current sending and receiving generations.

Any application we might want to build can be built on top of #3.


On Tue, Aug 23, 2016 at 11:47 AM, Subodh Iyengar <> wrote:
> For people that currently use keyupdates or who are planning to use key updates, which layer are you planning to trigger a key update? Would the TLS implementation itself trigger the update or would the application trigger it? For renegotation, I believe it was mostly triggered by the application.
> For the use cases you mentioned Keith, they seem to be specific to application triggered key updates, i.e. key updates do not mean anything to the TLS layer apart from I got a key update and I must change keys. The fact that other side has thrown away it's key is only meaningful to the higher layer protocol. I imagine protocols like HTTP would not add these semantics, and these semantics would be added to very specific IoT protocols? Would the scope of the auditor be defined as a part of that protocol, or does it need to be defined as a part of TLS?
> If key update is an application triggered mechanism, does the generation identifier need to be an integer to be understood by the TLS layer or could it also be an opaque identifier sent by the application. It would be much simpler not to have to deal with the requirements of consistency at the TLS layer and would make the API simpler.
> Subodh
> ________________________________________
> From: TLS [] on behalf of Keith Winstein []
> Sent: Friday, August 19, 2016 8:40 PM
> To: Stephen Farrell
> Cc: Adam Langley;
> Subject: Re: [TLS] KeyUpdate and unbounded write obligations
> On Fri, Aug 19, 2016 at 2:29 PM, Stephen Farrell
> <> wrote:
>> And for me, the dodgiest, by far. The scope for an "auditor"
>> (what is that?) actually being an attacker is IMO way too
>> high to consider standardising that kind of feature and any
>> idea that it'd involve informed consent of someone seems to
>> me fictional.
> I appreciate the sensitivity of this issue to the WG. My read of your
> email is that there's a concern that by standardizing a protocol
> mechanism that allows a node to learn when its own KeyUpdate has
> happened, the WG would imply approval of features that permit
> the bad kind of eavesdropping. Here's why I don't think that's the case:
> Our PR is for a piggyback integer field to provide security property
> P3: "An implementation can learn that its request to rekey its
> outgoing traffic has been read by the other side."
> KeyUpdate is an *instruction* to the other side: "please update my key
> in a forward-secure manner." We think some implementations will want
> to know that the instruction has been carried out. And there's an easy
> opportunity to do that here as a piggyback, without any extra protocol
> messages.
> A node will naturally care more about forward secrecy, and
> confirmation of a forward-secure ratcheting event, the more it has
> reason to suspect the keys might later be exposed to a third party. In
> Berlin, I described three escalating cases: the (1) node going to
> sleep, (2) node closing a connection without a mechanism for secure
> bidi close, and (3) node that itself intends to release keys to a
> read-only auditor after a ratchet is complete.
> By "read-only auditor," we mean a curious person or security
> researcher who owns an IoT device and wants to know what the heck it
> is sending out of their house, where the device doesn't want to allow
> its owner to add trusted certificates for an MITM. (This describes
> most such devices today.)
> Obviously I think it's valuable to make this mechanism available for
> IoT device manufacturers. Having talked to several manufacturers, I'm
> cautiously optimistic that some would use this. But the WG doesn't
> have to take a position on this. These use cases are up to
> implementers. There's nothing stopping an implementer today from
> releasing session keys, or allowing complete MITM, as is the case in
> the browser context with user- or admin-installed root CA
> certificates. The TLS WG hasn't opined on these either.
> To restate: Property P3 allows a node to learn that its KeyUpdate
> instruction has actually happened, which in our view is useful and a
> strict benefit over the status quo. It's also orthogonal to the issue
> of unbounded write obligations raised in this thread.
> -Keith
> _______________________________________________
> TLS mailing list