Re: [TLS] Remove DH-based 0-RTT
Martin Thomson <martin.thomson@gmail.com> Wed, 24 February 2016 15:54 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B9691ACEF7 for <tls@ietfa.amsl.com>; Wed, 24 Feb 2016 07:54:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ejEAfRGxiAX9 for <tls@ietfa.amsl.com>; Wed, 24 Feb 2016 07:54:28 -0800 (PST)
Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0AB31A92E4 for <tls@ietf.org>; Wed, 24 Feb 2016 07:54:27 -0800 (PST)
Received: by mail-io0-x22c.google.com with SMTP id g203so47670960iof.2 for <tls@ietf.org>; Wed, 24 Feb 2016 07:54:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Od9Vt1ZjuMkdtrn9+GFbTaBwGCo5oRf7T1ymAq/Yvi8=; b=OSSHQNSMJ9Gd6NmHqyKgvjhZGPfPAmHoy9K3C3XiXp1TS3UssmaFHDXYMMX2pspaW2 b6wAyk8oeJOEbVlaKI0pPAHHG9/mvI03E6WZ9mtj7EA3Renh/6wAeIUMThfhOe/2lq4I zejaPBcN9+eUPXkg2AmIsZ/ESIVh34gDnaBmnuFJ154gN2MKSBTdUMVaZomkGTFmHpmB YJfAf1O4Fvg2GQ3lz4PDi5ENnwqjU1nNcW5NWhrKQ1IcjFjtkAxuiIsCk8el7qvJ53r4 F7OakvV4A39pv3h9x8EssJ4k+brFR2Tn1fo/NuceZ2hPddCu0av8C6CmJSj/nArcjApx 2nog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Od9Vt1ZjuMkdtrn9+GFbTaBwGCo5oRf7T1ymAq/Yvi8=; b=U03PSbHt7GMzu5jkK59whgLAT7mM5aTsFvy+AlYViCsTfEJW+5RkH+IMyBw3JQKIaP 574tJhnyN37cV2Ze0grrNgqLbyLP/jzGmGRpofORfKUE/oQviuan6Dlz4fEnUZS2pEQ5 V38f2jLD9RrQW2+A0/+E0YVa9DbFz/Fpx5z4+Z+Wp9eEtLK544VuhwpwJcin0+RMxpST KbwLedRw3U+XdCgtmhjAwcajol59giEblwdPqW8BcpyV/qAoeW2vwKtCYQfTgUl5PzSp c4C9Qs1F1PzSqR9gu4f6O21tzgy9CkXHuqBMVex2rLCfnd+Wz75F1gpeG8Qp9fKH58Sm onpQ==
X-Gm-Message-State: AG10YORtMqhk+R8lvjkCHCwtwRwj5RrqmAmK/0nCOnalURbgk6Pcow9ZVtG9wLsr6SQLE+K5jEHBLeE58HVdLw==
MIME-Version: 1.0
X-Received: by 10.107.131.27 with SMTP id f27mr41809460iod.190.1456329267267; Wed, 24 Feb 2016 07:54:27 -0800 (PST)
Received: by 10.36.53.79 with HTTP; Wed, 24 Feb 2016 07:54:27 -0800 (PST)
In-Reply-To: <974CF78E8475CD4CA398B1FCA21C8E99564E7F92@PRN-MBX01-4.TheFacebook.com>
References: <CABkgnnUUXQh=aStz4DuPtw5mWaF7aDFozuUwQp_QbJ2EGL0eHg@mail.gmail.com> <201602232057.18505.davemgarrett@gmail.com> <CADi0yUP-TAFPWgzG4voFTfUcbrPXcffC5rTTsbsOs+=TQ7jYmw@mail.gmail.com> <CACsn0cnoCNLPY3ic9Z72ZgUuvCwTyxzzGXU5W8LeZ4zBEwpHVw@mail.gmail.com> <CABcZeBNCgfdsBioP8_9E2Jrh0WDLHjW0QS+x=99LqdYnYwsbuw@mail.gmail.com> <974CF78E8475CD4CA398B1FCA21C8E99564E7F92@PRN-MBX01-4.TheFacebook.com>
Date: Wed, 24 Feb 2016 07:54:27 -0800
Message-ID: <CABkgnnX-+_fxAg=uJzDri-58+Ax0w2paQee8AEai-tCGCDv63A@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Subodh Iyengar <subodh@fb.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/X-7eKeEaT3W0vb7WiG3YWCGxuw8>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Remove DH-based 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2016 15:54:29 -0000
On 24 February 2016 at 07:44, Subodh Iyengar <subodh@fb.com> wrote: > Unless we add a way for the client to require a server authentication during > PSK resumption. I have been arguing for this now for a while. If there is an incentive to do "PSK resumption" (there is), and that does not provide the client a way to verify server certificates, then clients are forced to make a choice between performance and checking that the server holds the private key for the certificate. I'd like to see a mode where 0-RTT is grafted on to a full handshake with DHE and signing. Unfortunately, that gives us an almost full matrix of options: PSK only PSK + DHE PSK + DHE + signing DHE + signing But at least we can remove "DH0RTT + DHE + signing" and maybe other combinations (though which ones we have currently isn't 100% clear to me).
- [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Wan-Teh Chang
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Andrei Popov
- Re: [TLS] Remove DH-based 0-RTT Dave Garrett
- Re: [TLS] Remove DH-based 0-RTT Bill Cox
- Re: [TLS] Remove DH-based 0-RTT Hugo Krawczyk
- Re: [TLS] Remove DH-based 0-RTT Watson Ladd
- Re: [TLS] Remove DH-based 0-RTT Eric Rescorla
- Re: [TLS] Remove DH-based 0-RTT Subodh Iyengar
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Watson Ladd
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Ilari Liusvaara
- Re: [TLS] Remove DH-based 0-RTT Martin Thomson
- Re: [TLS] Remove DH-based 0-RTT Ilari Liusvaara
- Re: [TLS] Remove DH-based 0-RTT Karthikeyan Bhargavan
- Re: [TLS] Remove DH-based 0-RTT Ilari Liusvaara