Re: [TLS] Channel ID and server load: comment on draft-balfanz-tls-channelid-00

Adam Langley <> Fri, 25 October 2013 15:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 50B2011E8341 for <>; Fri, 25 Oct 2013 08:00:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MTM7pc6jTWsH for <>; Fri, 25 Oct 2013 08:00:45 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400c:c02::22e]) by (Postfix) with ESMTP id B603711E81C9 for <>; Fri, 25 Oct 2013 08:00:40 -0700 (PDT)
Received: by with SMTP id 10so2555186vbe.33 for <>; Fri, 25 Oct 2013 08:00:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=8q9vyLdH7Lt0eFINKssbZLMOAon674CWAyJKmVLohAA=; b=hgwdOW1Eo4EdZ7gWsV3rCsugQErBCl4j5gLlvCoYutHbuA/m668rTYxlotQt+LcbNE aJf8VoqxUMKp6w5EW8jYFyUJ/ltTV1XGBuyFEfQLyv1vZlY2RnrgvNnggjzxBZGTO/FN 6YZPEgVh2RG1dsfG9Jo/TAbyzItr9Oq3b/EQ6BIQN8XKlygNRgs6vDNR3203JZZjTioo Sqwf0MhklsFjCuqmEqPy9G9e+S1vbUiN9ee051/M4lJQn8D0qPAc/5EburxSqg251QwO Ttq1rDnEGH05YFmYJF/OkiqFhAvch80/WcPMLaUqYUWSfSQs8Txz1idXnVO/s4k6qo8I Il2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=8q9vyLdH7Lt0eFINKssbZLMOAon674CWAyJKmVLohAA=; b=cqLx0L6gkW7HSnMsbRERs80YLjmaSp0TkhcpRfHEH85mqDPnT9HF34jXs0S1gLIx4t E6SilXaQkJqeleRX9FE+6mVHkXuLR6+yJ/TypWjc0QpnDT16m44VtDyT1KTVS4itLxKZ GWaKr9jLp6z+yp7uRQevlxTp2C9r7lBaHlzO8Yo+su36H+QXI9Mkpr3oUVzeF76FdVHm D+SmSivfqXn4xHqT1BZzYKEEjjDD/4f8p7NXKrEopJUd7AJMviYdgj5LkBK77AvLJ4OP NpJz8nGH8Kf4jraDItNNUFmn1TyJz/q4t8VXZF9BndOuV82EC9xU3plpjgJVKBJ3XYoh yv6Q==
X-Gm-Message-State: ALoCoQmVKp11BpivVD1BdqTkUufngM5EtvU6KO2Cl2+0NIq1H60v9N4aFNuQiS/yyL1vGEcYyGtXegw7dV7akpngycy+TC63gr6GUbvj9OU4A2EDpbbaQih1AZK7x+y52IUTbmwXw8qGmQ24mOxDsq46LKr3Pf+RfJ3ZJtMeS+UFSxv7w+kLmGCxj9VW3UGoTMxH38YNv8ju
X-Received: by with SMTP id lq4mr591656vcb.31.1382713205042; Fri, 25 Oct 2013 08:00:05 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Fri, 25 Oct 2013 07:59:44 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <>
From: Adam Langley <>
Date: Fri, 25 Oct 2013 10:59:44 -0400
Message-ID: <>
To: Watson Ladd <>
Content-Type: text/plain; charset=UTF-8
Cc: "" <>
Subject: Re: [TLS] Channel ID and server load: comment on draft-balfanz-tls-channelid-00
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 25 Oct 2013 15:00:46 -0000

On Thu, Oct 24, 2013 at 3:52 PM, Watson Ladd <> wrote:
> Nope: the attacker could provide their own ChannelID and force the
> user to reauthenticate,
> thus causing their secret key to be trusted.
> They could disable ChannelID entirely and force fallback to cookies,
> which they then steal.

Likewise, someone could undermine the confidentiality of TLS by
failing to set the secure flag on a cookie.

Just because you could design a system that uses ChannelID and has
these drawbacks isn't terribly meaningful.

> Online attack cleans
> out a bank account just as quickly as offline.

That is rarely true in my experience. Rate limiting of transfers seems
to be common practice.

> Steal a resumption ticket and you have the same attacker issue for $n minutes.

Session resumption tickets do not carry the authority of the
ChannelID. The (hypothetical) reauthorisation idea prevented an
attacker from taking over a connection, perhaps because the computer
continues to run even though the user has stepped away.