IETF Logo Mail Archive

Re: [TLS] OPTLS: Signature-less TLS 1.3

Watson Ladd <watsonbladd@gmail.com> Mon, 10 November 2014 23:46 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 839031AD0A8 for <tls@ietfa.amsl.com>; Mon, 10 Nov 2014 15:46:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8dP8t9luN70I for <tls@ietfa.amsl.com>; Mon, 10 Nov 2014 15:46:00 -0800 (PST)
Received: from mail-yh0-x230.google.com (mail-yh0-x230.google.com [IPv6:2607:f8b0:4002:c01::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7DCD1AD0A7 for <tls@ietf.org>; Mon, 10 Nov 2014 15:45:59 -0800 (PST)
Received: by mail-yh0-f48.google.com with SMTP id v1so1848985yhn.35 for <tls@ietf.org>; Mon, 10 Nov 2014 15:45:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=pLzrxvBkGH7Rer5JczUlFV1AdZZXPFnFOoOOGHaVHJ4=; b=0TvGG7HM8issO3hBXxpMdhonS/HN8491uVZ3JsN+lkMqdrap6sAgIzIG1Bo8+IC0c0 43nU4wisO6Y0xjIm1IOF6IkZtFSj/ItzNO1xbYuvqsVnuEDj0/Ip7XUrj++0p8Wx3Uob GavXiwN2gjMpwhufLfLjdT9dY0G0mIlnGlsWGDEG8oHHO2qXBN/zmj0fCuF1PuxErebo wA4IrNZHuULu6XBZ8XlMOch6Heyz+ozrO+Td+IAX26yalTkmhjn5tH+QtakoblVk8EAj 4uXv3xW6Fk3PLTfxKwENgY/QKM9YKbVDxi8VswmtwOILRHBmtY62Uf5M2dSbnJ0suJRL rGuA==
MIME-Version: 1.0
X-Received: by 10.236.30.197 with SMTP id k45mr34216464yha.163.1415663159201; Mon, 10 Nov 2014 15:45:59 -0800 (PST)
Received: by 10.170.195.203 with HTTP; Mon, 10 Nov 2014 15:45:58 -0800 (PST)
Received: by 10.170.195.203 with HTTP; Mon, 10 Nov 2014 15:45:58 -0800 (PST)
In-Reply-To: <CABkgnnXWAZ78ir-62cnsZM080GAFzScNSv52SKGAc6ZRYM+++w@mail.gmail.com>
References: <CADi0yUObKsTvF6bP=SxAwYA05odyWdzR1-sWutrDLUeu+VJ1KQ@mail.gmail.com> <CABcZeBNQBC1XXFR5sGo=V8WmxmL5thaBpeHSasy3SordbqNRTQ@mail.gmail.com> <CADi0yUMM6C=NpvFsc67J6Dc6uEO3OZ490tFWhAYmD362mC+D4A@mail.gmail.com> <CABcZeBNKpTMg+xhMK5TnO_W99MotoPw+_m9yrTqTUSwqyPpUPA@mail.gmail.com> <CACsn0cnkRZ5ZzX0bHfVFsvsrNoJxU2Txs0O2YW386fsg9GF1vQ@mail.gmail.com> <CABcZeBMQc5Mb_FK3davMxi0oBgzawqCMaYp1DqGYgg3nEHYHHw@mail.gmail.com> <CADi0yUOZ8LqsJbTTZmYL6XgrTjWvTMqvFMd7euzv+xQPU9vPJg@mail.gmail.com> <CABcZeBM+CcG8Tr_+XZ6nkw4xJP8DGFXguvRvLGhTUXYdhEOUqA@mail.gmail.com> <87r3xdfzi1.fsf@alice.fifthhorseman.net> <CABkgnnWqppL-1VJORYfrwuKn8n=NO-rZX6LDTiq+-qxddsp1mg@mail.gmail.com> <87r3xawv8a.fsf@alice.fifthhorseman.net> <CABkgnnXWAZ78ir-62cnsZM080GAFzScNSv52SKGAc6ZRYM+++w@mail.gmail.com>
Date: Mon, 10 Nov 2014 15:45:58 -0800
Message-ID: <CACsn0c=nh1yDUcYGYSMBhUs0OnJJJeOh5CRT3qyz8ZEVQsdokA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="089e01634d34b9d5ac050789c336"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/cDwmFaTxviBSHdUBLEEN8DIzOoo
Cc: tls@ietf.org
Subject: Re: [TLS] OPTLS: Signature-less TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 23:46:05 -0000

On Nov 10, 2014 3:30 PM, "Martin Thomson" <martin.thomson@gmail.com> wrote:
>
> On 10 November 2014 14:23, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
wrote:
> > i agree that X.509 is a disaster here, but i think making up a new
> > delegation protocol won't necessarily be a non-disaster -- we could
> > instead just rehash some of the sharp bits of the X.509 mess
> > (revocation, duration, transparency, identity, etc) in a different
> > format if we're not clear about what we're doing :/
>
> Prior to the discussion yesterday, I was really warming to this idea.
> After it, particularly the discussion around the creation of a
> delegation point, I think that I've been convinced that we shouldn't
> do this.

Every 0-RTT solution involves a similar delegation, as the client is using
data sent from the server in the prevoius interaction or OOB to encrypt the
early data.

What exactly was the problem mentioned at the meeting?

>
> Aside fro the delegation advantage, the real benefits of this are
> largely seen in the short term for RSA certificates.  Moving to ECDSA
> obviates one of the big performance advantages, and the concerns
> around getting delegation right make me now against pursuing this.
>
> I don't think that this is categorically bad, or that we should not do
> this ever, but it's a big change and one that is much harder to get
> right than I originally thought.

So what is the alternative exactly? Is it hacking 0-RTT and 1-RTT modes
onto TLS 1.2 and hoping miTLS fixes the mistakes?

ECDSA only obviates the performance advantage for genus 1. For genus 2 is a
different story. Furthermore,  eliminating online certificates enables
isolation of certs without a performance penalty.

>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.31.3 | Report a Bug | By Email | System Status