IETF Logo Mail Archive

Re: [TLS] extending the un-authenticated DTLS header

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 16 November 2016 02:03 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DB64129411 for <tls@ietfa.amsl.com>; Tue, 15 Nov 2016 18:03:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.798
X-Spam-Level:
X-Spam-Status: No, score=-5.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XDm4ftyhH-Yo for <tls@ietfa.amsl.com>; Tue, 15 Nov 2016 18:03:32 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BACBD128874 for <tls@ietf.org>; Tue, 15 Nov 2016 18:03:31 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id EEF5BBE39; Wed, 16 Nov 2016 02:03:28 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v_CYf2LghwDs; Wed, 16 Nov 2016 02:03:27 +0000 (GMT)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 3394ABE38; Wed, 16 Nov 2016 02:03:27 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1479261807; bh=ZOCoFozzBRTKsLo/rudU3kVQfU6ek5OMHXXZ3gf3EM0=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=OqdM6NGchuW92wtgUsTViFVxE7Qr3k5swPYkHVVSWdXPmoUBL/XKtf/NU1NNDnSsn OZ+LmTIWnMhxvm1X1PvzTB0/hlqkRR6W+CeoFzQ51PgEdR4QoLRXY1g1vgo4O6w+kC iGSnbrL20EDvqYCTjvX7j3PI0FGY8bhv8YSrhwXA=
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Eric Rescorla <ekr@rtfm.com>
References: <1479128315.2624.62.camel@redhat.com> <058f1681-9ecf-22db-1b88-2313491c7b72@cs.tcd.ie> <CABcZeBNGFGx60gjp41YV8a9G0GOPfbdhAQuzqpBrFjRq6WnogA@mail.gmail.com> <HE1PR0802MB2475780DD8B4516827AF0BF9FABE0@HE1PR0802MB2475.eurprd08.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <a79f678a-1e21-7585-18c6-7153ef3c8b50@cs.tcd.ie>
Date: Wed, 16 Nov 2016 02:03:27 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <HE1PR0802MB2475780DD8B4516827AF0BF9FABE0@HE1PR0802MB2475.eurprd08.prod.outlook.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms090901050506040307070405"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ZuhKc35lYi2z0losClj0Ufp2wRY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] extending the un-authenticated DTLS header
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 02:03:34 -0000


On 16/11/16 01:59, Hannes Tschofenig wrote:
> Ø  I'd be interested in an analysis of the potential privacy
> impacts of this. Isn't this more or less the same as doing
> SPUD-for-DTLS? (If not, sorry for dragging in controversy:-)
> 
> I don’t know SPUD but I see this work providing the same functionality as the Security Parameter Index (SPI) in the IPsec ESP RFC.
> So far, I have not heard terrible concerns about the privacy properties of IPsec ESP.
> 

Yes, to be fair - having had a quick look at the draft it
does not seem to have the problems that SPUD/PLUS could have
had.

Cheers,
S.

> Ciao
> Hannes
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>

v2.23.0 | Report a Bug | By Email