Re: [TLS] Unifying tickets and sessions
Richard Fussenegger <richard@fussenegger.info> Wed, 22 October 2014 18:42 UTC
Return-Path: <richard@fussenegger.info>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD5481ACFA1 for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 11:42:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NqFHrOQJSnp1 for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 11:42:41 -0700 (PDT)
Received: from mx205.easyname.com (mx205.easyname.com [212.232.28.126]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 857F01ACFC2 for <tls@ietf.org>; Wed, 22 Oct 2014 11:42:41 -0700 (PDT)
Received: from 89-26-76-175.goll.dyn.salzburg-online.at ([89.26.76.175] helo=[192.168.0.11]) by mx.easyname.eu with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <richard@fussenegger.info>) id 1Xh0rl-00044l-25; Wed, 22 Oct 2014 20:42:39 +0200
Message-ID: <5447FA87.40007@fussenegger.info>
Date: Wed, 22 Oct 2014 20:42:15 +0200
From: Richard Fussenegger <richard@fussenegger.info>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Ryan Carboni <ryacko@gmail.com>, "tls@ietf.org" <tls@ietf.org>
References: <CAO7N=i38zutXpmuMKuv1CHrc3hO-zm6U+nsGgE6NF4YmC54tDQ@mail.gmail.com>
In-Reply-To: <CAO7N=i38zutXpmuMKuv1CHrc3hO-zm6U+nsGgE6NF4YmC54tDQ@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms070004000802040608090805"
X-ACL-Warn: X-DNSBL-v4bl
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/bqQtPLTsLF79yz_SzAc6v8ngyQU
Subject: Re: [TLS] Unifying tickets and sessions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 18:42:45 -0000
I noticed that you all try to dictate your believes of security to others, which is actually very interesting to read so please don't stop (there's **really** no sarcasm in this sentence, but maybe you should rename the thread then because this discussion is otherwise not going anywhere). But you just mentioned a *very* important thing: 128-bit are sufficient today for generic web applications. Do we want a fully encrypted web? **Yes!** When do we want it? **Now!** The essence of my previous message (partly quoted below) was, that it is important to ensure within the RFC that a ticket that is storing the state of a SUPER-CRYPTO-9999 cipher isn't going to be encrypted with a GENERIC-CIPHER-128 key. This would simply downgrade the security of the whole agreed upon cipher. But on the other hand if an administrator decided that his web service is only delivering cat photos and that GENERIC-CRYPTO-128 is sufficient in terms of computing power for his server and for his clients, than it doesn't make sense to encrypt the ticket with SUPER-CRYPTO-9999. Of course if the same administrator decided to support both, GENERIC-CRYPTO-128 and SUPER-CRYPTO-9999, then he'll require the SUPER-CRYPTO-9999 for all tickets. Viktor Dukhovni already mentioned that OpenSSL is actually supporting different key strengths, but for instance nginx isn't exposing this setting to administrators. But the RFC would most certainly compel them to do so in the future, which is a good thing. After all, the cat-photo-admin may continue to use fast and insecure ciphers (but still protecting clients and his services from script kiddies) and the nice whistleblower from our neighborhood may use the best available cipher available. Rich Salz said that the RFC should stay silent on which crypto to use and I agree for above reasons and everything you guys brought up. Stating that crypto-X is sufficiently secure is like saying that god is for real; maybe it is true but science and research will eventually prove the opposite in the future. I stated that (the former not the latter, I'd never say such a thing) and made a mistake by doing so. But I hope that this message clarifies my intentions and also that some of you have an opinion about the actual proposal of mine. Regards Richard On 10/22/2014 6:44 PM, Ryan Carboni wrote: > > From: "Richard Fussenegger, BSc" > > [*] Better would be 'from all ciphers in use' otherwise one ends > up with > a (insert ridiculous high value here) bit key while only using 128 bit > ciphers in the configuration. Dropping the key if a new stronger > configuration is loaded seems like a good idea to me at this > point. I'm > looking at this from a performance perspective and glimpsing over > to the > fact that the cryptography community agrees that 128 bit security will > be enough for the next 10 to 20 years.[2] I really can't tell if this > would be problematic from an implementation point of view. I think > that > single hosts won't have a problem here and I guess that it wouldn't be > for clusters as well. The cluster configuration should be in sync > but it > could become a problem if one node has a differing configuration (for > whatever reason). What opinion/insights do you have on this? > > > Quantum computers are reaching 512-qubits now. > http://www.bbc.com/news/science-environment-27632140 > > Quantum cryptography would result in key-sizes effectively being > halved, and in 15 to 40 years a quantum computer could potentially be > built by a nationstate to enhance known cryptographic attacks and > reduce keyspaces substantially. > > It's unlikely though that the NSA will devote quantum computing to > breaking the encryption of cat videos. > > I suggest an advisory that for unauthenticated encryption, 128-bits > are used, and for authenticated encryption 256-bits or more are used. > The only issue is that browsers tell you the whole page is encrypted > the same way even though elements of the page use different sorts of > encryption than the body of the page. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Brian Smith
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Brian Smith
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions David Leon Gil
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions David Leon Gil
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Ryan Carboni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Ryan Carboni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Aaron Zauner
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Aaron Zauner
- Re: [TLS] Unifying tickets and sessions Douglas Stebila
- Re: [TLS] Unifying tickets and sessions Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Stephen Checkoway
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Joseph Salowey
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
- Re: [TLS] Unifying tickets and sessions David Leon Gil