Re: [TLS] TLS 1.2 Long-term Support Profile draft posted
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Wed, 16 March 2016 18:22 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 281E812DA6F
for <tls@ietfa.amsl.com>; Wed, 16 Mar 2016 11:22:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01,
RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id X4w6fMMxwbxP for <tls@ietfa.amsl.com>;
Wed, 16 Mar 2016 11:22:41 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com
(mail-he1eur01on0055.outbound.protection.outlook.com [104.47.0.55])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 837D812D748
for <tls@ietf.org>; Wed, 16 Mar 2016 11:22:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com;
s=selector1-rhul-ac-uk;
h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=LXIufl+rlFpUOCG3lYOnDgHqY842xskgabzh8eJr4ms=;
b=C9TwKHsrOFT8MA0M6BL/xV+XLvFsP82oNoNqWm8DMh+rigspnwnE/m+ztgIEIWi33htnIt3jXEpzEp+rF3a4/6reduZnvPIFss8ZtIlb+GW/J4upCk+VcV0LghkKXnKiuCiN9J3T8phN2CO/7s/Zs+1jDh9gKSua1vVtwmodAHQ=
Received: from DB5PR03MB1813.eurprd03.prod.outlook.com (10.166.171.146) by
DB5PR03MB1815.eurprd03.prod.outlook.com (10.166.171.148) with Microsoft SMTP
Server (TLS) id 15.1.434.16; Wed, 16 Mar 2016 18:22:37 +0000
Received: from DB5PR03MB1813.eurprd03.prod.outlook.com ([10.166.171.146]) by
DB5PR03MB1813.eurprd03.prod.outlook.com ([10.166.171.146]) with mapi id
15.01.0434.019; Wed, 16 Mar 2016 18:22:37 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Watson Ladd <watsonbladd@gmail.com>, Peter Gutmann
<pgut001@cs.auckland.ac.nz>
Thread-Topic: [TLS] TLS 1.2 Long-term Support Profile draft posted
Thread-Index: AdF/gGiJXC2ZI/lER3iVToFYg5p2egAFHsAAAAb9CQA=
Date: Wed, 16 Mar 2016 18:22:37 +0000
Message-ID: <D30F5342.66E5C%kenny.paterson@rhul.ac.uk>
References: <9A043F3CF02CD34C8E74AC1594475C73F4C2374E@uxcn10-tdc05.UoA.auckland.ac.nz>
<CACsn0cks1tvdcYkVRj9r3TZe1GEcNA5f2x14PQntk3j1Ws+rPg@mail.gmail.com>
In-Reply-To: <CACsn0cks1tvdcYkVRj9r3TZe1GEcNA5f2x14PQntk3j1Ws+rPg@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.1.160122
authentication-results: gmail.com; dkim=none (message not signed)
header.d=none;gmail.com; dmarc=none action=none header.from=rhul.ac.uk;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [92.3.218.210]
x-ms-office365-filtering-correlation-id: 0b0b4331-fc9d-42a6-f1e3-08d34dc7f429
x-microsoft-exchange-diagnostics: 1; DB5PR03MB1815;
5:WvhAQeuop417IT4kxMlvKKyznWiyBi7zfwew0eyQe54ECyGu2WySZW0Hv9fljY6vYzUUNqzCofs5Ngb+BR2IyGTJk36aK1UyFkZGD1Urs2gyHudSW4obvGa1NQ61jP5XTKE/0MvC3L8axSfEpY0kTw==;
24:O7b/oeoWqN3iJuGL3CJEFj2Kc2A52Xz7yyUok8gevaFOsEt6tBZqF2rSTyvgdQcPbVcV/usT2up+9p1HqwWhzGoO63ojpbB1985P6YcG5so=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB5PR03MB1815;
x-microsoft-antispam-prvs: <DB5PR03MB1815C8B858F5BE8824C3E042BC8A0@DB5PR03MB1815.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046);
SRVR:DB5PR03MB1815; BCL:0; PCL:0; RULEID:; SRVR:DB5PR03MB1815;
x-forefront-prvs: 08831F51DC
x-forefront-antispam-report: SFV:NSPM;
SFS:(10009020)(6009001)(377454003)(479174004)(24454002)(4001350100001)(54356999)(5001770100001)(19580405001)(19580395003)(92566002)(74482002)(5004730100002)(87936001)(83506001)(4326007)(3280700002)(1220700001)(1096002)(2906002)(86362001)(586003)(66066001)(6116002)(76176999)(102836003)(3660700001)(36756003)(15975445007)(77096005)(81166005)(5002640100001)(11100500001)(2950100001)(2900100001)(5008740100001)(189998001)(50986999)(10400500002)(122556002)(1720100001)(3846002);
DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR03MB1815;
H:DB5PR03MB1813.eurprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-ID: <45BAB328C17B1F4190EF83CC00216236@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2016 18:22:37.9123 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR03MB1815
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/_jYO2WEPhIFWtT5dnKqFjRwwH1E>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.2 Long-term Support Profile draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2016 18:22:43 -0000
Hi On 16/03/2016 15:02, "TLS on behalf of Watson Ladd" <tls-bounces@ietf.org on behalf of watsonbladd@gmail.com> wrote: >On Wed, Mar 16, 2016 at 5:36 AM, Peter Gutmann ><pgut001@cs.auckland.ac.nz> wrote: >> After a number of, uh, gentle reminders from people who have been >>waiting for >> this, I've finally got around to posting the TLS-LTS draft I mentioned >>a while >> back. It's now available as: >> >> http://www.ietf.org/id/draft-gutmann-tls-lts-00.txt >> >> Abstract: >> >> This document specifies a profile of TLS 1.2 for long-term support, >> one that represents what's already deployed for TLS 1.2 but with the >> security holes and bugs fixed. This represents a stable, known-good >> profile that can be deployed now to systems that can't can't roll out >> patches every month or two when the next attack on TLS is published. >> >> Several people have already commented on it off-list while it was being >> written, it's now open for general comments... > >Several comments: <snip> >The analysis of TLS 1.3 is just wrong. TLS 1.3 has been far more >extensively analyzed then TLS 1.2. It's almost like you don't believe >cryptography exists: that is a body of knowledge that can demonstrate >that protocols are secure, and which has been applied to the draft. This is patently untrue. There is a vast body of research analysing TLS 1.2 and earlier. A good survey article is here: https://eprint.iacr.org/2013/049 (but even this is quite out of date in several respects). The literature for TLS 1.3 is growing, but is an order of magnitude smaller in size. It is pretty much represented in its entirety by the list of presentations at the recent TRON workshop: http://www.internetsociety.org/events/ndss-symposium-2016/tls-13-ready-or-n ot-tron-workshop-programme As far as I know, the only complete analysis so far is this one: http://tls13tamarin.github.io/TLS13Tamarin/ (full disclosure: two of my PhD students are involved). However, even there, the analysis is symbolic and does not include 0-RTT (IIRC). Maybe you'd care to revise your bold statement above? Cheers Kenny
- [TLS] TLS 1.2 Long-term Support Profile draft p... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Watson Ladd
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Wan-Teh Chang
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Paterson, Kenny
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Watson Ladd
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Paterson, Kenny
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Sven Schäge
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Ilari Liusvaara
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Karthikeyan Bhargavan
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Karthikeyan Bhargavan
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Eric Rescorla
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... D. J. Bernstein
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Joachim Strömbergson
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Salz, Rich
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Yoav Nir
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Tony Arcieri
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Tony Arcieri
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Joachim Strömbergson
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile dra... Henrick Hellström
- [TLS] TLS 1.2 Long-term Support Profile vs HTTP... Nikos Mavrogiannopoulos
- Re: [TLS] TLS 1.2 Long-term Support Profile vs ... Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile vs ... Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile vs ... Martin Thomson
- Re: [TLS] TLS 1.2 Long-term Support Profile vs ... Yoav Nir