Re: [TLS] Rethink TLS 1.3

Nikos Mavrogiannopoulos <nmav@redhat.com> Wed, 26 November 2014 07:46 UTC

Return-Path: <nmavrogi@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3E7B1A1BCA for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 23:46:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9lXSaURO2lrX for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 23:46:48 -0800 (PST)
Received: from mx4-phx2.redhat.com (mx4-phx2.redhat.com [209.132.183.25]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F6571A000E for <tls@ietf.org>; Tue, 25 Nov 2014 23:46:48 -0800 (PST)
Received: from zmail22.collab.prod.int.phx2.redhat.com (zmail22.collab.prod.int.phx2.redhat.com [10.5.83.26]) by mx4-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id sAQ7kk8c004312; Wed, 26 Nov 2014 02:46:46 -0500
Date: Wed, 26 Nov 2014 02:46:46 -0500 (EST)
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Watson Ladd <watsonbladd@gmail.com>
Message-ID: <24500329.3561152.1416988006072.JavaMail.zimbra@redhat.com>
In-Reply-To: <CACsn0ckqZOf7mrXsjcCh0NGx=MDyoAcK7GT+_TxFe1Do7Xtuyw@mail.gmail.com>
References: <20141124105948.GH3200@localhost> <20141124165601.0E7A71B004@ld9781.wdf.sap.corp> <CACsn0ckcpNYJbnb+vd=nazXQhN5m3=L1DxO+KnLXMVyWOQ-PUQ@mail.gmail.com> <3283678.0WkSFC7mCs@pintsize.usersys.redhat.com> <CACsn0c=7fzAmshr7qamiLZdRUNs8kexQPR4E6n3teqNi4HzOjQ@mail.gmail.com> <CAOgPGoAEyH4MRAjGHyUg1c9PuY2c6SmfB+6jgBegRi6dvVchDQ@mail.gmail.com> <CACsn0ckqZOf7mrXsjcCh0NGx=MDyoAcK7GT+_TxFe1Do7Xtuyw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.5.82.6]
X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF31 (Linux)/8.0.6_GA_5922)
Thread-Topic: Rethink TLS 1.3
Thread-Index: 32+rwyEkLCs0m0tntk3uI3S30AF/tA==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/dqo0yw4Tpva06vjjIWDKBsYURp4
Cc: tls@ietf.org
Subject: Re: [TLS] Rethink TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 07:46:54 -0000

----- Original Message -----
> On Nov 25, 2014 1:10 PM, "Joseph Salowey" <joe@salowey.net>; wrote:
> As for improvents, how about finding an existing, conservatively designed
> signature based key agreement mechanism with the right properties, and
> using it? The current proposal has two distinct client auth mechanisms, one
> in the handshake and the other in update.

That does not need to be in TLS 1.3. New ciphersuites can be defined independently.

> Parsing TLS is one of the biggest issues in implementations. I can't
> promise to write the tool to auto-generate the parser, but we should be
> sufficiently chastised by all those who tried and failed to parse TLS
> records with handwritten C to consider not doing it ourselves.

Where does this come from? TLS is one of the easiest protocols to parse.

regards,
Nikos