[TLS] Updated TLS-LTS draft posted

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sun, 26 June 2016 13:13 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 2D9D212B04D for <tls@ietfa.amsl.com>; Sun, 26 Jun 2016 06:13:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.626
X-Spam-Status: No, score=-5.626 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id JVELHa2ujXOU for <tls@ietfa.amsl.com>; Sun, 26 Jun 2016 06:13:04 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz []) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1519112B017 for <tls@ietf.org>; Sun, 26 Jun 2016 06:13:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1466946784; x=1498482784; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=yNpg1e8C5WGLJjSZ4Xr02mwALROGT3Fz55txh/dq17w=; b=Xy8O8AA3PbAXJS7nBjvHab2YwFhFDe2vxHj2XzW0Sjkl+PwqJmMfQ7X5 zL4jtdrBsHyi9891p9IlCkrcXmWHJAIzEbx6aP5e6tbPX83nWnA3Kpm3J BocrZKYGrgAjxLhBDYRukODogBmroHxKYdfyrEkaQew1H4gLOM21vOOnm uL3BPbbCA8rE6XNBx2kgyfOrC0HIheGPSkHJpSiPUSzwVpwgXgja6g3hg Qc77oWv+L+yEJ/uSUgEhE3V8OOWs2w5F4lvEYZTLntjuP97ZpOi712HP7 fc9NumqHz3hDQMWUUeHBlxRFqsxw+bxVJeSQnNFCfcTdheTCQnTxvnmjA g==;
X-IronPort-AV: E=Sophos;i="5.26,531,1459771200"; d="scan'208";a="93307613"
X-Ironport-Source: - Outgoing - Outgoing
Received: from uxchange10-fe3.uoa.auckland.ac.nz ([]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 27 Jun 2016 01:13:02 +1200
Received: from UXCN10-5.UoA.auckland.ac.nz ([]) by uxchange10-fe3.UoA.auckland.ac.nz ([]) with mapi id 14.03.0266.001; Mon, 27 Jun 2016 01:13:02 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Updated TLS-LTS draft posted
Thread-Index: AdHPrHdP1mw8CLpOTwyvXTkqp2Q3gg==
Date: Sun, 26 Jun 2016 13:13:01 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4CB077A@uxcn10-5.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aw9BOS4HJ9uum0snEZqSuKA4BYw>
Subject: [TLS] Updated TLS-LTS draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jun 2016 13:13:08 -0000

I've just posted the latest draft, as per Russ' comments and Hubert Kario's
suggestion this removes any mention of the term "profile" from the text, it's
now called an update.  It also clarifies some issues that were encountered
during testing, for example what happens during a rehandshake and how
signalling of LTS vs. extended master secret and encrypt-then-MAC are handled.

There's also an open question as to what should happen when a suite with e.g.
SHA-512 is negotiated.  The LTS mandatory suites all use SHA-256, but it's
possible to negotiate a suite with SHA-512 while still using LTS.  Presumably
this means the hash size will change to 64 bytes rather than 32.

Finally, there's now a LTS test server available for interop testing,
temporarily using the next free extension value 26 until a value is
permanently assigned for LTS use, see the draft for details.