Re: [TLS] Rethink TLS 1.3

Henrick Hellström <henrick@streamsec.se> Mon, 24 November 2014 10:53 UTC

Return-Path: <henrick@streamsec.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B71311A1F01 for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 02:53:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.25
X-Spam-Level:
X-Spam-Status: No, score=-1.25 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lzXpzht6Fx2n for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 02:53:28 -0800 (PST)
Received: from vsp7.ballou.se (vsp7.ballou.se [91.189.40.103]) by ietfa.amsl.com (Postfix) with SMTP id 795441A1EFD for <tls@ietf.org>; Mon, 24 Nov 2014 02:53:26 -0800 (PST)
Received: from nmail1.ballou.se (unknown [10.0.0.116]) by vsp7.ballou.se (Halon Mail Gateway) with ESMTP; Mon, 24 Nov 2014 11:53:24 +0100 (CET)
Received: from [192.168.0.195] (c-21cfe555.06-134-73746f39.cust.bredbandsbolaget.se [85.229.207.33]) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id 0DEDB1DE89; Mon, 24 Nov 2014 11:53:24 +0100 (CET)
Message-ID: <54730E1D.8060104@streamsec.se>
Date: Mon, 24 Nov 2014 11:53:17 +0100
From: =?UTF-8?B?SGVucmljayBIZWxsc3Ryw7Zt?= <henrick@streamsec.se>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>
References: <CACsn0ckmYrx+S--pP6P7VgjsmqQsoYnp+m-9hTPT-OJ9waUtkA@mail.gmail.com> <5470742A.8020002@streamsec.se> <CACsn0cnKqkHxw0Hudw0OGM1mVxZKJhj04ig2G3KtURtWhYTacw@mail.gmail.com> <20141124101744.GC3200@localhost> <547308E2.6060809@streamsec.se> <20141124104226.GE3200@localhost>
In-Reply-To: <20141124104226.GE3200@localhost>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/YZAiTT6DhzoETxGm_fwny39cnLU
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Rethink TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2014 10:53:30 -0000

On 2014-11-24 11:42, Nico Williams wrote:
> On Mon, Nov 24, 2014 at 11:30:58AM +0100, Henrick Hellström wrote:
>> Actually, no, it doesn't. The Internet threat model is based on the
>> premise that both ends are uncompromised. If the client is allowing
>> third party javascript to connect to arbitrary HTTPS servers,
>> impersonating the client that runs the script, that client is
>> compromised.
>
> The Internet threat model always will have to assume local security.
>
> We're designing TLS.  We are not really in a prosition to dictate to
> applications that they must not use cookies (though we can and must
> state clearly what applications can expect from TLS), especially not
> since we can (and must) make TLS 1.3 resistant to BEAST/CRIME style
> attacks (we shouldn't make apps change unnecessarily).  This is NOT a
> defense of the web security model, BTW, please don't mistake it as such.

Yes, but the point I am trying to make, is that if the implied goal is 
to make TLS resilient even against BEAST/CRIME style attacks, the threat 
model should be defined accordingly. It makes little sense to ask for 
cryptographic review of the protocol, if it is inherently unclear 
exactly what kind of threats the protocol is designed to withstand.