Re: [TLS] draft-ietf-tls-tls-13-17 posted
Kazuho Oku <kazuhooku@gmail.com> Thu, 20 October 2016 19:43 UTC
Return-Path: <kazuhooku@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 096101296DC for <tls@ietfa.amsl.com>; Thu, 20 Oct 2016 12:43:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PopMFRGjutB6 for <tls@ietfa.amsl.com>; Thu, 20 Oct 2016 12:43:36 -0700 (PDT)
Received: from mail-lf0-x22f.google.com (mail-lf0-x22f.google.com [IPv6:2a00:1450:4010:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1AA81296B6 for <tls@ietf.org>; Thu, 20 Oct 2016 12:43:35 -0700 (PDT)
Received: by mail-lf0-x22f.google.com with SMTP id x79so106187024lff.0 for <tls@ietf.org>; Thu, 20 Oct 2016 12:43:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=iNh8REcsHhnOXF2W9O65o2MYN6LuCiARtCk7WfzFylY=; b=HImnwI05V8fzYTAzAUPvlff3l7gS+GmwUzB3Xihf8mFSG7WNybLow/qg05c/H3wN8S kLb2jirfo1wqADYFOstlG66SA0t9weDrxu03dlFq2Bx1hYtz5Vhc2KH0aboaq2FMzsgy kshnxUuHt7h9TvtDQrK8paMDWvyrP+CCBDfb6vMqk+XqplKkeaORtrLq0EWgATMBf8ss SO6mTXH6Iwo0HYUNwHsF5JwEoeUANUuZf67+eqtlHLbrcAO/WLouxML+ceyPglvVI/jf Md9hlwMwAacsJNcdULeKyDCj5NR31sRbEKz4QJKkf7OFfnCnDNjTnphZ27Mfh8vbQvco Ofyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=iNh8REcsHhnOXF2W9O65o2MYN6LuCiARtCk7WfzFylY=; b=m5uyMI3/c8uSwffgKuNsYoBiXTV/uzCjGxicn1LPAyMEj/1HXMT9tZ989ZpYMHA0g1 FZz+Q93R28oxayLvN1T+KpQB5E+SUUza2uPc3hHb9Qq2dw6+Vj4rn2x+92UcOCAlnpul QD85b7dlW9OtN8IsMbBVuqffUNNTGI0QCJ5RTz/NbDQ61TrzkCAgFc+xEOmJMq2bbj9k SUKcfZ3mhOJHt+NK97Uv0wxgAb8w9ULLZh3dooV9HN4KVISDt84zx7Hr5YXofTGWBbet JqBVHI2To37D7K6391n0NSKamKhhCMuyL/iFj9Avsxp1zxWup0GLA9yOYH4+7Q5Xdjqm Euvw==
X-Gm-Message-State: AA6/9Rl/NkW/HNgfJlf5Bo2qwG3jxBckKtjSkV2i4Gy3eyaBPRGlkOJBNJiUnJFuZUTuTVU2jb9K8kWr/eAOXQ==
X-Received: by 10.28.64.133 with SMTP id n127mr7061124wma.31.1476992613879; Thu, 20 Oct 2016 12:43:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.163.69 with HTTP; Thu, 20 Oct 2016 12:43:33 -0700 (PDT)
In-Reply-To: <CABcZeBP6pzqtcT3rmmpjr_4R+fb6ZyiAduxQiJ87B9hnRzVBXA@mail.gmail.com>
References: <CABcZeBP6pzqtcT3rmmpjr_4R+fb6ZyiAduxQiJ87B9hnRzVBXA@mail.gmail.com>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Fri, 21 Oct 2016 04:43:33 +0900
Message-ID: <CANatvzybB2LGPP+H_n+5kx++RDN70Xe29_jXT73foT_V_OCd4A@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Wwcsmfn9HUvCNq7sBzQCEUym7uI>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-tls-13-17 posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2016 19:43:38 -0000
Hello, It's great to see draft-17 being published. Thank you all for the effort. Maybe the addition of extensions field to the Certificate message got lost in the changelog? https://github.com/tlswg/tls13-spec/pull/654 My understanding has been that it was a post-16 change and it changes the wire protocol. 2016-10-21 1:32 GMT+09:00 Eric Rescorla <ekr@rtfm.com>: > Folks, > > I have just uploaded draft-ietf-tls-tls13-17. > > The major change in this draft is the removal of the 0-RTT Finished > and resumption_context constructs and their replacement with the > psk_binder. This has a number of side effects: > > - Binds in the original transcript into the resumed handshake > whenever resumption-PSK is used. > > - Provides proof of possession of the RMS by the client (subject > to replay issues). I've moved the obfuscated_ticket_age field > out of the early_data_indication so that it now provides the > same limited anti-replay for non-0-RTT PSK. > > - Removes the need for any early handshake encryption. This change, > along with the dual key ladders we introduced in -16, also allowed > us to simplify the traffic key expansion so we don't need explicit > labels for each key (they are already used in Derive-Secret). > > > Other changes included: > - Tweaking the PSK key exchange modes a bit (and removing the > inoperative ability to specify PSK auth modes, while leaving > a hook to do it later). > > - Cleaned up the cipher suite requirements for resumption and 0-RTT. > You can resume/do PSK as long as the PSK KDF matches, but to do 0-RTT > you need the whole cipher suite must match. > > > This revision resolves all the outstanding technical PRs [0] and all but > one of the non-parked technical issues (#144, whether we should remove the > redundant TLSCipherText.opaque_type and TLSCipherText.record_version > fields). We are pursuing measurements to resolve whether this will > be a compat problem but we don't have them yet. > > As usual, comments welcome. We are already working on implementing > -17 in NSS/Firefox and should have it before Seoul. > > -Ekr > > Full Changelog > - Remove the 0-RTT Finished, resumption_context, and replace with a > psk_binder field in the PSK itself (*) > > - Restructure PSK key exchange negotiation modes (*) > > - Add max_early_data_size field to TicketEarlyDataInfo (*) > > - Add a 0-RTT exporter and change the transcript for the regular exporter > (*) > > - Merge TicketExtensions and Extensions registry. Changes > ticket_early_data_info code point (*) > > - Replace Client.key_shares in response to HRR (*) > > - Remove redundant labels for traffic key derivation (*) > > - Harmonize requirements about cipher suite matching: for resumption you > need to match KDF but for 0-RTT you need whole cipher suite. This > allows PSKs to actually negotiate cipher suites. (*) > > - Explicitly allow non-offered extensions in NewSessionTicket > > - Explicitly allow predicting ClientFinished for NST > > - Clarify conditions for allowing 0-RTT with PSK > > > [0] The two remaining outstanding PRs are: > #680: Forbid post-handshake authentication except when permitted by > application profile. This is almost entirely a requirements-level > change, though it would allow clients to send "unexpected_message" > when receiving an unexpected CertificateRequest. > > #612: TLS 1.3 -> TLS 2.0 > This has no change on the wire format. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Kazuho Oku
- [TLS] draft-ietf-tls-tls-13-17 posted Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls-13-17 posted Kazuho Oku
- Re: [TLS] draft-ietf-tls-tls-13-17 posted Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls-13-17 posted Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-tls-13-17 posted Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls-13-17 posted Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-tls-13-17 posted Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls-13-17 posted Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-tls-13-17 posted Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls-13-17 posted Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-tls-13-17 posted Sean Turner
- Re: [TLS] draft-ietf-tls-tls-13-17 posted Kazuho Oku