Re: [TLS] I-D Action: draft-ietf-tls-session-hash-02.txt

Alfredo Pironti <alfredo@pironti.eu> Mon, 06 October 2014 13:27 UTC

Return-Path: <alfredo@pironti.eu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 937961A6F57 for <tls@ietfa.amsl.com>; Mon, 6 Oct 2014 06:27:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.377
X-Spam-Level:
X-Spam-Status: No, score=-1.377 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjQNr-ns5xw2 for <tls@ietfa.amsl.com>; Mon, 6 Oct 2014 06:27:36 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F0561A6F42 for <tls@ietf.org>; Mon, 6 Oct 2014 06:27:19 -0700 (PDT)
Received: by mail-oi0-f48.google.com with SMTP id g201so3540249oib.21 for <tls@ietf.org>; Mon, 06 Oct 2014 06:27:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pironti.eu; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Wx8IgQgKSGBj4otaciMQSz9uD5ydp3PbvkBUGCUnw1o=; b=dPbkj01vz2I5hNH3v/F+UAMWbabRYi1ymWo15gd2RlyT9ueJQIbaRnHr/9Cat9guMi gzdfsBgZGe3ZhYWJCpeEJdAgP5CU7RD0MyvA6pcMJ7CPzzbtgicSGQAQk8/NxqsHnRyG zbxpWNBM6+746dM9mBaI9j6YK/NPw9Fk3oOQ8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=Wx8IgQgKSGBj4otaciMQSz9uD5ydp3PbvkBUGCUnw1o=; b=BXljEiAssFbvc6N5ECFK4f2n4YuUtyJGr2h1J6Ua3kfmzHrxeMdfulWHgpBor4N+TG cC4jp9qEXjymEKfHJb6g+3erldjRJzzBxTISNofhDwAMKCE72mdBO16dnR3wFoq1Tjed T77RhcBAhvR7pkggEnJhQ8DuOfk66jXU4XXhurk3jQA/9aQ/szcAPlZ9iMMLwZeMSd00 T7W2VuJsDSqN35GXJc0T6a14bNQpRcw6kHAn5UN0ku0owzxlx1tf740FCfwtmwz6U10V W1gBKJddIanWD3xa0hLsFQ8+D1816P3/nQSzhK8FI/SrrufIszDIwAM2SQjzS8VnhlQU c1nw==
X-Gm-Message-State: ALoCoQnCcrjmkeqX7BP0eIkbhjnh0XpsFO6sYD8Ftb73BKSS4tPaelDNwRKbsuIPYGQAd263yFy/
MIME-Version: 1.0
X-Received: by 10.60.177.231 with SMTP id ct7mr27313735oec.8.1412602038425; Mon, 06 Oct 2014 06:27:18 -0700 (PDT)
Received: by 10.76.90.168 with HTTP; Mon, 6 Oct 2014 06:27:18 -0700 (PDT)
X-Originating-IP: [2001:660:3013:3:4ded:8ffd:6cca:1578]
In-Reply-To: <20141006131625.5451.13842.idtracker@ietfa.amsl.com>
References: <20141006131625.5451.13842.idtracker@ietfa.amsl.com>
Date: Mon, 06 Oct 2014 15:27:18 +0200
Message-ID: <CALR0uiK6unvNMGGFjKEqtgHTcUX8xukA-Q2ez+7b=2FgJN7jOw@mail.gmail.com>
From: Alfredo Pironti <alfredo@pironti.eu>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="089e01182fc4b5b2c50504c10a73"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/cthyTwPiW9BLtkPc_psqYKvJ85Y
Subject: Re: [TLS] I-D Action: draft-ietf-tls-session-hash-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 13:27:40 -0000

Dear list,

I've updated the extended master secret draft according to your feedback.
In particular, I've clarified
- computation of the extended master secret for the TLS and SSL 3.0
protocols
- differences between the extended master secret computation and the
original one
The draft now uses 23 as the IANA assigned extension number.

We've set up a test server, available at mitls.org:2443. The running
implementation is miTLS, with experimental support for the extended master
secret extension.

Best,
Alfredo

On Mon, Oct 6, 2014 at 3:16 PM, <internet-drafts@ietf.org> wrote:

>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
>  This draft is a work item of the Transport Layer Security Working Group
> of the IETF.
>
>         Title           : Transport Layer Security (TLS) Session Hash and
> Extended Master Secret Extension
>         Authors         : Karthikeyan Bhargavan
>                           Antoine Delignat-Lavaud
>                           Alfredo Pironti
>                           Adam Langley
>                           Marsh Ray
>         Filename        : draft-ietf-tls-session-hash-02.txt
>         Pages           : 9
>         Date            : 2014-10-06
>
> Abstract:
>    The Transport Layer Security (TLS) master secret is not
>    cryptographically bound to important session parameters such as the
>    client and server identities.  Consequently, it is possible for an
>    active attacker to set up two sessions, one with a client and another
>    with a server, such that the master secrets on the two sessions are
>    the same.  Thereafter, any mechanism that relies on the master secret
>    for authentication, including session resumption, becomes vulnerable
>    to a man-in-the-middle attack, where the attacker can simply forward
>    messages back and forth between the client and server.  This
>    specification defines a TLS extension that contextually binds the
>    master secret to a log of the full handshake that computes it, thus
>    preventing such attacks.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-session-hash/
>
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-tls-session-hash-02
>
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=draft-ietf-tls-session-hash-02
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>