Re: [TLS] #445: Enhanced New Session Ticket
Eric Rescorla <ekr@rtfm.com> Fri, 29 April 2016 18:37 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72E6F12D6EB for <tls@ietfa.amsl.com>; Fri, 29 Apr 2016 11:37:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bhHoLI8HpkjP for <tls@ietfa.amsl.com>; Fri, 29 Apr 2016 11:37:31 -0700 (PDT)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3826A12D6E6 for <tls@ietf.org>; Fri, 29 Apr 2016 11:30:42 -0700 (PDT)
Received: by mail-yw0-x234.google.com with SMTP id t10so205708796ywa.0 for <tls@ietf.org>; Fri, 29 Apr 2016 11:30:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OqtUOw8otbHklIpTGnzipD/DxMAtWbsyfp1E2YdU+P4=; b=kCaZ2v71PojI/qxledvYriURTiAmg2Ek3ipj8XQ9dAry8PHCC7AbKvD1+X7oUy1J4K 63IbpINJOh2qHzXSYzqCE3hHGEWp3l7//nNON5nY+xi53fLVhr6vZro4F0n0X7SH2Bwt k/GNSZJBpLeSDcJ3y6LA+ayN2Q6svZy6vxRx3A2rxPJ7PSo51rPsHUWRxXs97rH6xkXp qfTaPD4Br/DBpk6gKelza8CzFQpTETKhAQ9y1o7krNfxF5wgl2VxElWuKKTWh9meyis5 WxcsAjCqR0YxKupiNRc7EqbYZi72eAwBUl8OVLRgWSlGyX8A8IcVKm9V6c1Z1HGNs6rh CrRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OqtUOw8otbHklIpTGnzipD/DxMAtWbsyfp1E2YdU+P4=; b=TRQCLkzA6LRUC/NytdtXeNZCA+UEXD4yYBxK3aH2nDjFnLRhibUUWQtfCdo7m9wLTU 0sxNDIV+DWivBsOLL194/wfOJcd0xq8moO5qZgDWIknn6S4fhWNxzH8v3EwVK3zZvSqo Rxw86lMDgh34gnIbJBkllrt1DWl2rlryTjmEMDHHTHSGLEqYSBWZMggmnpDtUvemOapT Y2ZSXFBfk9Ykkx8WMlsIoBpus9twsFxvWOXJSegQxMdubaa8TeWRGzGRuZDnEPLXZZUG SoC2yBBXM7lwHM5u+TEP+CqJE/eWLjPvE5TS/QKUmnsura1imz8K3XS8sjwbTJly3Bd/ gMOA==
X-Gm-Message-State: AOPr4FV4nTccGXDKiZYZYGX9lDQT71R3DQoSUVyJFFoiu16NDMAX4FwK31nEKWFdFPBiMjPIwhz0XmD53qTfLQ==
X-Received: by 10.13.237.1 with SMTP id w1mr12122324ywe.62.1461954641506; Fri, 29 Apr 2016 11:30:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.132.12 with HTTP; Fri, 29 Apr 2016 11:30:02 -0700 (PDT)
In-Reply-To: <20160429174643.GA17765@LK-Perkele-V2.elisa-laajakaista.fi>
References: <20160428193252.GA16096@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBO2aFuq7PbxLimUoez66u0MkE3_qQi9fdfMS33dFVh_+Q@mail.gmail.com> <20160428214046.GB16096@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBMFg4iC-EN9DocqTpmjp46EYrTBdfi-G5nNMKN_xiHxVA@mail.gmail.com> <20160429055831.GA16405@LK-Perkele-V2.elisa-laajakaista.fi> <CABkgnnUFn_UrUFro-yLmn9wf7YkTpRf8anm7LK-bKgYBBkUVNg@mail.gmail.com> <20160429153831.GA16797@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBO-C5+93b5qax0wCaUhrKgjVeziphHbQse7NuBCwhdSgA@mail.gmail.com> <20160429174643.GA17765@LK-Perkele-V2.elisa-laajakaista.fi>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 29 Apr 2016 11:30:02 -0700
Message-ID: <CABcZeBNUa-Ac8TvT=KbqiGtTnCYhtsxHhvmqXZuFYo4yz1c8Ew@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary="94eb2c0864a815ebb20531a3d74e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/eaB1secDTb4BeT1jdwm51wILRC0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] #445: Enhanced New Session Ticket
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2016 18:37:32 -0000
On Fri, Apr 29, 2016 at 10:46 AM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > On Fri, Apr 29, 2016 at 09:16:07AM -0700, Eric Rescorla wrote: > > On Fri, Apr 29, 2016 at 8:38 AM, Ilari Liusvaara < > ilariliusvaara@welho.com> > > wrote: > > > > > On Fri, Apr 29, 2016 at 04:52:08PM +1000, Martin Thomson wrote: > > > > On 29 April 2016 at 15:58, Ilari Liusvaara <ilariliusvaara@welho.com > > > > > wrote: > > > > > > EDI looks like rather sizable structure currently (even after > compressing > > > the configuration_id by obvious means). > > > > > > > Are you looking at a different document than I am: EDI currently is: > > > > struct { > > select (Role) { > > case client: > > opaque context<0..255>; > > > > case server: > > struct {}; > > } > > } EarlyDataIndication; > > > > And the context is basically a placeholder. > > Ah, I didn't see a PR about it and then looked at Editor's Copy. > Clearly a different document. > Yes, 445 builds on 444. > > > Proposed text would be welcome here. > > Well, the more I think about this, the messier things about interaction > between SNI, "static" PSKs and "dynamic" PSKs seem to be... > > And unlike ALPN, where problems only appear in context of 0-RTT, now you > also get the issues without 0-RTT: > > > > > I mean for the subsequent handshake. Since 0-RTT ALPN and connection > > > > > ALPN needs to match, either: > > > > > > > > > > 1) Take the 0-RTT ALPN implicitly as connection ALPN. > > > > > 2) Signal the same ALPN again, and have that client MUST check it > > > matches > > > > > and abort otherwise. > > > > > > > > I believe that we have to do the latter. Since we can't be sure that > > > > the server knows the ALPN from before if it has to reject 0-RTT. My > > > > plan for this is: > > > > > > > > 1. store ALPN in the ticket/session > > > > 2. if doing 0-RTT, before accepting 0-RTT data, perform the normal > > > > ALPN negotiation > > > > 3. check the negotiated ALPN with the stored value, and if they don't > > > > match reject the 0-RTT data > > > > > > 4. If 0-RTT is accepted, client checks the ALPN server sent and > > > compares it with value it impiled. If those don't match, the client > > > MUST abort. > > > > > > > > > 1) would be: > > > > > > 1. store ALPN in the ticket/session > > > 2. if doing 0-RTT, before accepting 0-RTT data, check if the 0-RTT > > > ALPN is acceptable. If it isn't, reject 0-RTT. > > > 3. If 0-RTT was rejected, select new ALPN, signal it in Encrypted > > > Extensions. > > > > > > That would make ALPN and EDI mutually exclusive in EncryptedExtensions. > > > > > > > This doesn't seem awesome from the client's perspective. I'm trying to > make > > the ordinary PSK-resumption design less of a special case. > > Well, the client needs to keep track of the ALP anyway. If for nothing > else, to check that the server isn't trying to do anything crazy. > I don't see why that's true in the absence of 0-RTt. There's no reason why the server shouldn't be able to select any ALPN offers the client provides regardless of the original offer.. -Ekr > > I think it is easier for the client just to imply the ALP in presence of > accepted 0-RTT. > > > -Ilari >
- [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Martin Thomson
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Martin Thomson
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara
- Re: [TLS] #445: Enhanced New Session Ticket Eric Rescorla
- Re: [TLS] #445: Enhanced New Session Ticket Ilari Liusvaara