IETF Logo Mail Archive

Re: [TLS] comment on draft-kinnear-tls-client-net-address

"Martin Thomson" <mt@lowentropy.net> Wed, 27 March 2019 13:51 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 916541202B0 for <tls@ietfa.amsl.com>; Wed, 27 Mar 2019 06:51:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=gk8j7Q2x; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=3d/NlfrS
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PCdBFEYukLxy for <tls@ietfa.amsl.com>; Wed, 27 Mar 2019 06:51:46 -0700 (PDT)
Received: from wnew3-smtp.messagingengine.com (wnew3-smtp.messagingengine.com [64.147.123.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8838C12027C for <tls@ietf.org>; Wed, 27 Mar 2019 06:51:46 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailnew.west.internal (Postfix) with ESMTP id C67054665; Wed, 27 Mar 2019 09:51:45 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Wed, 27 Mar 2019 09:51:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=2C8OidA9Z0hY3tXopoh9bQ6wz1U26hS fUoJkxBcbjcE=; b=gk8j7Q2xpyDmoCjbQubDglyS0TnoD6LZ5lTpRAzJEtU2s0W uX0la4Tdu/ODMf3Uy6ZG2h9V5WRYmI4wE01/nTVBcSKDsEVoqcE8R2ZTxrWUyMbF Cw3NFanx56QDZ88RqVAiQ12eI7wLcvE60fjzUhZv2Euj5NncZcsocm8xI0z73h7P GWI2a1KF6oqaPNMxZBrLtEgdJXAcMPHnxCCesgOmEFfRvmfkBGlXssPDB8miJJsY p/t6CoHPtx+GtcX1talEYJ6wCpevN25HLJxn1HEEkBdmIUbCjWXM7kp5+xw9LSYD OoflSCcOO56eqgEiZ/XAFMWBIo2mnLv815TQmFg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=2C8Oid A9Z0hY3tXopoh9bQ6wz1U26hSfUoJkxBcbjcE=; b=3d/NlfrSwfRD1caeruYnOx EWdi+zVFi7wYW1vYRh5w7OFwShU0UIsR95dM8eYA8A+aYH/0Nle97GAxaLiPxMre 7ck2zok0xnspWVhB4cNsg42bQBtMOr/rzrWggqLZ04IjCelOo2oLisbyZRtHagaJ stjMQ26En1SJlHX0WhcWutZ5QaMYxmVo1LtSgIKmo+eLeCmQ483iq9WQDWlXOtLp t/p9bUQ70EfMKfotuIPkWHM9HYo0YRSpgpRjUvqCHcnqZuUPyiTDA5pvlKPi7+Ac 3LupYYGiD3oXdW1V6qhncsnZg8jdVuDQO3ttHe9P+WlGdiYctg7CKGp6jvxtMXJQ ==
X-ME-Sender: <xms:8H-bXPLaK9IZpQLlGI2XapPZWyz0QMNNtHo41Jdov-uJhI6p-QA7_A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrkedvgdehvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfofgrrhht ihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenucfrrg hrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvthenucevlhhu shhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:8H-bXBot5LUsInWZZz4ng-4L2rjqIsdef8eu_axc23gyWzTjrhsZJw> <xmx:8H-bXDPPwjBRmeYdQ5gbUFiYlHT6Gy3WWq0cCeCAtG1zo4T7Fyo6Dw> <xmx:8H-bXCiemeiQFKw3lY1LBjHrvLyadLZlzru4PxwCim3op7ZOxALHsQ> <xmx:8X-bXCbWYtYPQROEHbsdCTSo-FX3jHmn9P1bBLqkOBVV9RbUAQ5RDk38olE>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 99F327C4D0; Wed, 27 Mar 2019 09:51:44 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-976-g376b1f3-fmstable-20190314v3
Mime-Version: 1.0
X-Me-Personality: 92534000
Message-Id: <22d6eb96-4cff-4d0c-a6ee-630db2478383@www.fastmail.com>
In-Reply-To: <1926037.HuMTMFzkit@pintsize.usersys.redhat.com>
References: <1635428.JdYyXqVr20@pintsize.usersys.redhat.com> <2062204.Nc9QnJUuNR@pintsize.usersys.redhat.com> <80242775-4f36-4421-8756-5edd179e868e@www.fastmail.com> <1926037.HuMTMFzkit@pintsize.usersys.redhat.com>
Date: Wed, 27 Mar 2019 09:51:43 -0400
From: Martin Thomson <mt@lowentropy.net>
To: Hubert Kario <hkario@redhat.com>, tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_yQgAGQFipAeke_rIRQyoiF1mis>
Subject: Re: [TLS] comment on draft-kinnear-tls-client-net-address
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2019 13:51:47 -0000

On Tue, Mar 26, 2019, at 14:30, Hubert Kario wrote:
> On Tuesday, 26 March 2019 09:07:51 CET Martin Thomson wrote:
> > We don't trust that the key share or certificate is good either, but once we
> > have a Finished message, that is retroactively authenticated and can be
> > used.  We rely on this property for a bunch of things.
> 
> yes, but those things are part of the protocol, not destined for application 
> (or even if they are, they are actionable only after the handshake finished)

Yep, but that's something that QUIC relies on already.  As does ALPN.  And it is likely that there are other things that I can't think of in my current frazzled state.

v2.23.0 | Report a Bug | By Email