Re: [TLS] A la carte handshake negotiation
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Mon, 15 June 2015 13:28 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E35B61B3616 for <tls@ietfa.amsl.com>; Mon, 15 Jun 2015 06:28:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qv0XAy4TXkMX for <tls@ietfa.amsl.com>; Mon, 15 Jun 2015 06:28:00 -0700 (PDT)
Received: from emh04.mail.saunalahti.fi (emh04.mail.saunalahti.fi [62.142.5.110]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A5961B2D38 for <tls@ietf.org>; Mon, 15 Jun 2015 06:23:56 -0700 (PDT)
Received: from LK-Perkele-VII (a91-155-194-207.elisa-laajakaista.fi [91.155.194.207]) by emh04.mail.saunalahti.fi (Postfix) with ESMTP id 453D81A26B7; Mon, 15 Jun 2015 16:23:53 +0300 (EEST)
Date: Mon, 15 Jun 2015 16:23:53 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Hubert Kario <hkario@redhat.com>
Message-ID: <20150615132353.GA27040@LK-Perkele-VII>
References: <201506122145.13790.davemgarrett@gmail.com> <3129639.pNdByueU9m@pintsize.usersys.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <3129639.pNdByueU9m@pintsize.usersys.redhat.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/cZaeAMiEt23JAayGDyAq_zmsh0k>
Cc: tls@ietf.org
Subject: Re: [TLS] A la carte handshake negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2015 13:28:07 -0000
On Mon, Jun 15, 2015 at 12:10:39PM +0200, Hubert Kario wrote: > On Friday 12 June 2015 21:45:13 Dave Garrett wrote: > > > > New draft text: > > https://github.com/davegarrett/tls13-spec/blob/alacarte/draft-ietf-tls-tls13 > > .md#cipher-suites Diff with master: > > https://github.com/tlswg/tls13-spec/compare/master...davegarrett:alacarte > > How will the client know which parser it should use to deserialize the Server > Key Exchange? > > Especially when we're close to having DHE, ECDHE, DHE+PSK (and DHE+PSK+RSA?), > ECDHE+PSK (and ECDHE+PSK+ECDSA, ECDHE+PSK+ECDSA?), ADH and AECDH in a single > ciphersuite... > > Especially with the case of overloading the ECDHE to handle the ECDH_anon, it > makes it possible that many implementations will reintroduce state machine > bugs... Well, the server key exchange message is presumably the same for all GDHE key exchanges, so one parser could parse those all (and pure-PSK would be separate, which doesn't even have server key exchange). However, if we were serious about eliminating state machine bugs (and TLS 1.3 state machine is totally different from TLS 1.2), we would eliminate all optional messages (different from context-sensitive messages, like Server key exchange message), and then eliminate handshake message types (except for those which have to have type numbers for backward compatiblity). That way, any state machine bugs just cause handshake failures, not security failures. Regarding the PSK integration work EKR has been doing in the WIP branch: 1) Doesn't support identity hints. Now, these might be something nobody uses and can be deprecated. 2) GDHE_PSK ciphers can't seemingly be safely resumed: Because resumption is PSK, it eats the PSK slot, not leaving space for the primary identity. -Ilari
- Re: [TLS] A la carte handshake negotiation Hubert Kario
- [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Eric Rescorla
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Aaron Zauner
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Aaron Zauner
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- [TLS] ECDH_anon I-D (was: A la carte handshake ne… Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Salz, Rich
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Salz, Rich
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Viktor Dukhovni
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Eric Rescorla
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Eric Rescorla
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Hubert Kario
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Eric Rescorla
- Re: [TLS] A la carte handshake negotiation Hubert Kario
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Hubert Kario
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Daniel Kahn Gillmor
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation David Benjamin
- Re: [TLS] A la carte handshake negotiation Daniel Kahn Gillmor
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Peter Gutmann
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Nico Williams
- Re: [TLS] A la carte handshake negotiation Manuel Pegourie-Gonnard
- Re: [TLS] A la carte handshake negotiation Eric Rescorla
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Dave Garrett
- Re: [TLS] A la carte handshake negotiation Kyle Rose
- Re: [TLS] A la carte handshake negotiation Martin Thomson
- Re: [TLS] A la carte handshake negotiation Ilari Liusvaara
- Re: [TLS] A la carte handshake negotiation Peter Gutmann
- Re: [TLS] A la carte handshake negotiation Kyle Rose
- Re: [TLS] A la carte handshake negotiation Peter Gutmann