[TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support

Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 22 November 2024 09:55 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BA17C1D8768 for <tls@ietfa.amsl.com>; Fri, 22 Nov 2024 01:55:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.005
X-Spam-Level:
X-Spam-Status: No, score=-2.005 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.auckland.ac.nz
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O8HmJM_fpWMo for <tls@ietfa.amsl.com>; Fri, 22 Nov 2024 01:55:45 -0800 (PST)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01on2181.outbound.protection.outlook.com [40.107.107.181]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 968C2C1D6FCE for <tls@ietf.org>; Fri, 22 Nov 2024 01:55:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=uKHHFoEQyrU0Ql1g+w+D/jYH59+CKSF7cKf3ta2rfwbh6mxGnUCYY+xHk5Bcv3wiaWZHJpCgt63+MaE40ztHrETSmRe+rjkoM8aV42jBhjmLSi4d4X5QGj1okwZXrAoSdMXMGM//T/VIyAWJm6FNP3jEK6wTQ01qLQ8BXrWXxx9vd3B/HjaubkA5H5amTVCr5Gd9ItfAcaXAvSgSxyL3y+0mG6vgKi8TwV7m2bkhUC7fiMrhnHMXW3y9NkKCVe6eGtZfvA9VjxaXc0x9PQ+ks63LQNRY92HMe4cc380TIcGCF5+MrcDdffxzdv6jmw2VKTc2vtfY57R/LS4Qv9HgqA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Dv7pQPNUC1XtOhmiRG0lpZ6aIztouW39WAqUSrku9yw=; b=CWe5jsP2QEzX+LOp5aNcgVxhhihXWXb+/rNXNL5HiLZ3lvRz+9Hf0SvCCr487f52rlq29BfUFv+dbh0cfwAdHN68SQ/C3UYUY2lfu/WvOptECnm/mdHTuYn9vrrMw60sO2GqLCSJGn5ZxaH4YM6g58CRgOYKNrgis1LdDzAcBXPUtn1B450n18A+HlXSdBuMHDAnDnyT+n2uTA6TExfyhRHiyxV71gKHUdfQQgUEC4OcqZq/JFSTzTUpsJr18d6cOJ3B2Rz/2E+kEBWUccbV5uh8EaR+7ojZqnNGZJ27/A6mtvYGtG5HB0EI52jgZ5AF5AHxWb7jtOG8npP0SPoobQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.auckland.ac.nz; dmarc=pass action=none header.from=cs.auckland.ac.nz; dkim=pass header.d=cs.auckland.ac.nz; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.auckland.ac.nz; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dv7pQPNUC1XtOhmiRG0lpZ6aIztouW39WAqUSrku9yw=; b=C6GMMmjX6S0Zw2qKrbJTFPA7sR39RvvbUpxVoM22NjM4DHCyj73GSPK9drrND47wN0wTKNopNdGKG+VpPY0sM4tsDZQKILVJk5jlZzhayVIHEZkfd75h3Yp5uSlQdyPqqszmAjGogr2StlLL7j52r9LjYiqtx+VY1/eHMrWWCwDrFRhnbrmZjIrVe1HFWRG/84h+hxPuwL9uS1pyWmD6i9CuASSX+49kOfGO2qghs3Y62JCXs9N6PKE0ziYI7IEMwZ+XJRKv/Z3YNSJ2i6ev3/02sHmkfjFoHVF+5O2dKIUUiCK5CKLMP5xtg4ybvIK6x7f572teDrAE38+MLNlefA==
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:229::18) by SY7P300MB0735.AUSP300.PROD.OUTLOOK.COM (2603:10c6:10:288::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8182.18; Fri, 22 Nov 2024 09:55:42 +0000
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::2b6:430a:4d2a:5c52]) by ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::2b6:430a:4d2a:5c52%3]) with mapi id 15.20.8182.014; Fri, 22 Nov 2024 09:55:41 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: David Benjamin <davidben@chromium.org>
Thread-Topic: [TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support
Thread-Index: AQHbL7U0CRlDS0ZuQUmAB4nfWN7L+7LAg4sAgAAZG4D///zTgIACj/1Q
Date: Fri, 22 Nov 2024 09:55:41 +0000
Message-ID: <ME0P300MB0713CDA3D52EC96C470B21D9EE232@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
References: <278163DF-0CB8-472F-84CB-0B8236FEC7C1@sn3rd.com> <231D5F24-E1AE-4F7C-9860-F6B0FF79D6FF@akamai.com> <CWXP265MB5153A14B88F7E5CC94E9BF9AC2212@CWXP265MB5153.GBRP265.PROD.OUTLOOK.COM> <67DD955A-3D13-E04F-9398-F5B37786F79A@hxcore.ol> <CAF8qwaBg_Qjeic9k_7vKU9iTvLxrsOZ5uyPCkvMiQN+x2cXT5Q@mail.gmail.com>
In-Reply-To: <CAF8qwaBg_Qjeic9k_7vKU9iTvLxrsOZ5uyPCkvMiQN+x2cXT5Q@mail.gmail.com>
Accept-Language: en-NZ, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.auckland.ac.nz;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: ME0P300MB0713:EE_|SY7P300MB0735:EE_
x-ms-office365-filtering-correlation-id: 387b7bb4-eb57-4442-015b-08dd0adbd37a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018;
x-microsoft-antispam-message-info: lH+ZHCYVimRIl9kdplO1qXYTPNhtOo+JbrtLtmk6pC7H38RMddB98cGTFi5fIAViCCQKhyfHu0JJ155y/2NOBCxlTmgfB2zC7PhYhf2nTYgIHsv2cZMfV7+vvYvzdrrQqvWN/AxkakSaeqX+Id6RSINwMwj1nlBSRUbLvWh1/YyijnwiprzjRRCQgOCRBqgZmaPqYQpYyLVy7o72/4ziHCivYvziMvUKjeoo3xMQWZ2IJdeM7M3TVgK3NpLT5imJTWleP0dEg7pqstZdFihgSYaGvUjiVtfVS2qs9MQxjspTwGa2sfDajmwbm7bKue0DCS8q2oCJ63c12stgvCPjqeNdwWVNFWXKtFz23aa6gdpTu0baK9vi193G6aZjdxy7BMWrRdV+rGNyztX+9a7J3Mb3Y7C1ra2mAY8WnqbzfmfWpZ1LOwUkqIWs360KDbK69mtMEAF2ANkcdinnxl/wBnoIJlLcDFNld6A0KKtliAks2HM80RvRo1Vdn4/WE2GFdzyiEezwru5s0PrTUOimFk2i3dhs4/5UxV2/6usXvoCj7HbwMTaNfWUhHo8ccwzQT7Ek2SV9FvUvsrqAacgPfoujQDk7u2p/3nGmxpiG4CEZcAu8kspbv5sy/qev3AcH2bYGqvA2W0ay35+eSUSxGf+P3YH7uVVNd4rmB2ZjKTNm1LI2xxsTuHig2m0dhSiGreL6jVf7cxm6UBbLJvphgT12n2AHuwfQ43n5OB/BuOTWCNP/0x/TJnWG4zAyYNPu4pG+iWst1WgadXAxnoJtPm8OKQoFThp9iItSbTpos6UCQr2LkJ8537xbUNASV65Ydt3avsY2O3vqyImCpoZ/8GnnLYpjS8ouckCojQv3vdBGkwhkVlWgTtzQoptr8QVhaGgvsr+gnbW0YrxxPVgeHiGhh7WYiQEYH1WUeTWJ6NJpXs8onIK5J56GDsj+1ilmBLMQG1ah4hw4jIyMP3xSFDsetzuiwJ/Qt9fBWiVrEjQ8Cpexu898hTVMjaVL+jlmKzG7GsW1vc8OlnTdjb7HaW36GZekUMT4bmsDx/e/0tvgEuD/tGXV2FHMa/GTxOmTt/0+ntMS3lrmF4CEa9qNRfYvFB2BlryfN57pRvlbMYtWQHW9CZ7DVoZS84ck8ONqAwmbDbMyTzW0LZD9qqDap54Rb3AQEGATlJF007MY2gQf4z2w/0mgUgXmePKgRR+Dl5xB/CaneYmdHj9x/xZvivqK5qqtHqjfiuOO5QiC8c4NEK/+Qc2Y3v/dHNg4XL7BbGGhnBofCh1A3unldnefGskklPF6w7d+EntqbCaEDb1/dxjloPfQb4eCAJygCib84sPgng472gNUIJc7UIOS5hisRQNMZauLOORob9V3GuU=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6MyHJ9O+0s8vAongSMjmCuTJc38qppTGGG301m9QsMPjcwYVLlskJk9j3v4u0oYPDoMsVHrK5NVk+74Pc8xJWu3q9T2ZLUjmsjrMqZBOGkVw3SXJPynGU4WS9B7oBHqqytZMlRJJgLHyvtNtplCA4E2GmhcqQ7ckMbuvYsDVFncwLu6dkplNc9gB8cTQo61f0W7t6NqdcTWVvjtKXlHRZhjgFPpux2lfXOMd2bTBCE39kkyGaVLFJl6wAJjYbnljbVtB+ymyRb3bau8WMgiNW11QC+VueaVEEVAn0kSEoejYsQt4YE96Su7hNL+gPGBBC7y2AovhtYt0Ac2B1DLEIrqReyzHRl8L1yHIgC1ZpLTXhs0RTJfzd7mj02OIjuu+bIvjd5rKRfOVUcoDx575WbjNl5C/lShkTKvfANSKWsKz80gMXIlLFdpEar8NPQli0Jkl/Ihy8sys853KFgGLSqwHTChBqcpvf4djK/OniYJmrlN5YepqFL3/1P4BxjQKWpf2GvJfW6U3Qiv4sxsrDXAqnqLN1SCnESjwhklnfpUbhu5oIKmxygORADmHV2ISgTDN0lsfLfGnbVCZHI8elPoDFQbTfCiMKBvZe/9mZET2uithp6GiSrJipPwrjCJ2B6Q47TDUBlaaKcbGpMV3jyA/ymHOTji4JzKfbLffOTXQK1O98EYpT3S0Z0OjkczR4eRLliMsJEEChtpwFshldjYr3NQ68rK6QDXL450Vw4Ng+2uukJ9HqknC9a2/uJ+TjtiLylu2TdF8Kj7kKaQRhdky3V7IlFGnfkxj6VRUA4KzISI2TJHvOjOaZJ2xfgdJL75DGlccER/HyYQA6njSjUorqebtJ5XUhuozVO+kAJwo8uI4Fl0Pq41YZQ5DLMpLWIVYpGzesi62rZZ38RUbh59y+4u75u+7KU8kGXMfTw6GEfVOcy3V9ncrICtkMRWczWbPgOcIVsDurjwmevP2nQcCjhTxKpOY8QWUa02lgCxbZu6lnMVIGk05VawpWqHF7kVdRKWgu63SdmuLVyiVMdqPpJ8Gkkt7vIIqwom/T1Vw5yAN/ovK07IeQ3WgEyC5E2kjabPt/cI9GK61aCdGdM/H3WfME9Fp3TYZZWzlX8XvKtsDwZzmo2k4MORgb86U8tfzfSFG/WVef8WI6aGHVEpr5JCoxxzYhzZG/siAK3qDibrgwSZqR9WdL9rZAr9B3t1zjschDuMFM2lGJHpoE9fbOSEdaaJut4CmDWAN7RP7LxfWhnskVMcdjs2gS+XAQhVOL1n7hPzvIGxTkYQdYqlIuWci+zDHRXdAwmRW+rseQlMq1Pck1yaCsWxmHbRTjx7JNtTnKhNWoBJpg+hqcp8H7iNeuM31RcIDb3Qr8XgFTQ2OQ1lYxTdM7As6Ni5mzd+t+5sNuLtGiNs/AjPzDhf3Pr8gfVrL32e78ui2F+rSjNfJ1PI1sTGwA4WxlLlAulWmf9xcO2auEzUH6cHWULyoUbjfUUgNG/GjTM1zgTd5uvd+SuFUrMyH26nox4Gf3H0r6D2Bo3NHZ2R5H/mqGm0EwZvclERCAR6/jqUSS6maJNdGclF70KCZHjqhgmEU
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 387b7bb4-eb57-4442-015b-08dd0adbd37a
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Nov 2024 09:55:41.7969 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KHRRr1Y5Sjcrk7ham3Fw6rG3uBCUdo8bwhfOi3oRRy8vw2gZKCo3y6lEdtAWwmB0wqHIqUEFGismy9I7qpGosZPWw6jTgdCdwh/jFqUaH3s=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY7P300MB0735
Message-ID-Hash: OXLPABVYGTMU7627P247LT6O6GKGFJ6D
X-Message-ID-Hash: OXLPABVYGTMU7627P247LT6O6GKGFJ6D
X-MailFrom: pgut001@cs.auckland.ac.nz
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Adoption call for TLS 1.2 Update for Long-term Support
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Xuo0iJM8c-pb-6JrxLg4S08vAxw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

David Benjamin <davidben@chromium.org> writes:

>Given that the new client_server_hello_hash fully overlaps with the old
>client_random (totally under the client's control) and then the new params
>overlap with the old server_random (totally under the server's control),
>it's... not immediately obvious to me whether this is fine.

If I'm reading your comment correctly then I'm not sure how that could be
exploitable, an attacker only controls one side and even if they didn't, to
move the signature across from LTS -> TLS you'd have to stuff the entire
client and server hello into the client/server_random contained within them in
order to get the same hash value.  Since this is fixed at 32 bytes, or 64 if
you control both client and server, it's not really possible, and going TLS ->
LTS is a complete non-starter.

Peter.