[TLS] PR# 444, 445
Eric Rescorla <ekr@rtfm.com> Fri, 29 April 2016 00:21 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50FCB12D51C for <tls@ietfa.amsl.com>; Thu, 28 Apr 2016 17:21:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.093
X-Spam-Level:
X-Spam-Status: No, score=-1.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SUBJ_ALL_CAPS=1.506] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZqYts33YCoVV for <tls@ietfa.amsl.com>; Thu, 28 Apr 2016 17:21:18 -0700 (PDT)
Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2DD312D51F for <tls@ietf.org>; Thu, 28 Apr 2016 17:21:18 -0700 (PDT)
Received: by mail-yw0-x230.google.com with SMTP id j74so135833514ywg.1 for <tls@ietf.org>; Thu, 28 Apr 2016 17:21:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=DNtC5l1HFCp+qWgN/QffQdWLOAHWLJ65ikXLHQ+gabk=; b=GLvidLdwsapZknx+8V0ktW3GzlEbWIOjqdfTbvSJ0Di2HOC1W8HWJPDOguIFM84O6d od7/bHNkjW0Jyy6n5lSfCte1dUDB85IBxeTXf2Jy+iR/SptKEkysCa3auzgJP+RierRl 0xlrdrTp4UhHqXCKZjR7gorLactKvITnO44F4DqjsDD9M5GqQ6GDxijxE7lnhwXr6JBc oJo8CuDYivm27yuRbJV3VMRxGtvW8S3czyeFf8JnAiv9C2zi6VBkuifWoypy8tLLlqfl Zc10rlautpKULmJYKuGdmRw3jj7XF8xAXYXbiP0s1+xUUY6VhsMyxJfQY2x+o2TnF531 kxhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=DNtC5l1HFCp+qWgN/QffQdWLOAHWLJ65ikXLHQ+gabk=; b=W2yYuOUa64/vE1hOhbRmlLktegkApfZruohQvUm5FXzZMZ7yBgtNO8WBrtaW+Slgzs LSmhJ4g6HvSJyg4kKJpkCpPj8pAH4Qw3tEejPjNlJJvGYBuZylbtk8HDn6lR77iUzWCH n1UVxqQkgcx8FLJL3bZa7xGze14xqhAxxZJli9xym60MnwKF5ODWsrRs2mwX18od+J6q gbpRCTX5vHug1dOfx02aCa8D7PWR8N6WzfDXK3s3r1kYlG/r/ot3XIw5trh3nDeVBuQd DANlGEC54Sx60Y0qoxo81iDD0P2aqTtydpm8UB4EBqn2DER0yKjKVxlP7EqXM4goiVbM VWOw==
X-Gm-Message-State: AOPr4FXKGZ3JJB1ALrBXrtMzM1/C40IfDK7dHOmGfTcWquKl65MN1z5JVb79dQ9QfC/KGfXex1inRbP3eI7WlQ==
X-Received: by 10.37.80.146 with SMTP id e140mr5120114ybb.162.1461889277974; Thu, 28 Apr 2016 17:21:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.132.12 with HTTP; Thu, 28 Apr 2016 17:20:38 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 28 Apr 2016 17:20:38 -0700
Message-ID: <CABcZeBPDd8L-1tsQTexrWYdd_9FcpY22GPsUDa-mSVeifT6K_Q@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a113ea0601d94270531949fb9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ZIbbe6PCZcawHZifPVqEfF7_TKw>
Subject: [TLS] PR# 444, 445
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2016 00:21:20 -0000
Hi folks, I've posted two PRs: https://github.com/tlswg/tls13-spec/pull/444 https://github.com/tlswg/tls13-spec/pull/445 These enact several consensus decisions from Buenos-Aires: 1. Remove 0-RTT (EC)DHE leaving only PSK-based 0-RTT (444) 2. Remove 0-RTT client auth (444) 3. Enhance the NewSessionTicket message to include indicators about permissible cipher suites and whether 0-RTT is allowed (445, but based on 444). These are still a bit of a WIP but should be ready for people to take a look (Ilari already has) to make sure that they are what you expect. In particular, please take a look at the way I've handled the 0-RTT parameters, which is to not expliclty signal any of them and to require that the server use the ones from the ticket and validate that essentially all of them match the newly negotiated parameters for the resumed session. Ilari has suggested that we should instead only require matching for a small number (based on individualized analysis). -Ekr P.S. I know that these are missing EncryptedExtensions from the client. That's on my list to do soon.
- [TLS] PR# 444, 445 Eric Rescorla