IETF Logo Mail Archive

Re: [TLS] TLS 1.3 draft-07 sneak peek

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Wed, 01 July 2015 05:17 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6C9F1ACDE0 for <tls@ietfa.amsl.com>; Tue, 30 Jun 2015 22:17:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mMAtNX69RbnO for <tls@ietfa.amsl.com>; Tue, 30 Jun 2015 22:17:15 -0700 (PDT)
Received: from emh07.mail.saunalahti.fi (emh07.mail.saunalahti.fi [62.142.5.117]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 202D21ACDE3 for <tls@ietf.org>; Tue, 30 Jun 2015 22:17:09 -0700 (PDT)
Received: from LK-Perkele-VII (a91-155-194-207.elisa-laajakaista.fi [91.155.194.207]) by emh07.mail.saunalahti.fi (Postfix) with ESMTP id 002B540C3; Wed, 1 Jul 2015 08:17:07 +0300 (EEST)
Date: Wed, 01 Jul 2015 08:17:07 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Dave Garrett <davemgarrett@gmail.com>
Message-ID: <20150701051707.GA24615@LK-Perkele-VII>
References: <CABcZeBOWK_WnHAefsZUBr4UyEkyiZqi1mhoZH8ZeGFftdOqTTw@mail.gmail.com> <201506302131.20214.davemgarrett@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <201506302131.20214.davemgarrett@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/eig_J53Q1lV6s4iNMOAdfuZtGgY>
Cc: tls@ietf.org
Subject: Re: [TLS] TLS 1.3 draft-07 sneak peek
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2015 05:17:17 -0000

On Tue, Jun 30, 2015 at 09:31:19PM -0400, Dave Garrett wrote:
> On Tuesday, June 30, 2015 06:23:18 pm Eric Rescorla wrote:
> > 2. Should we require that PSK cipher suites where the PSK is used for
> > resumption use compatible ciphers?
> 
> The "suitable PSK cipher suite" & "resumption use compatible ciphers"
> issues would be simpler if the NewSessionTicket was just bound to a
> specified cipher suite (or vector of suites, but that's probably not
> needed). We could just add a cipher suite field here so the server
> tells the client exactly what it expects.

Except since actual PSKs presumably don't have such restrictions (any
supported ciphersuite ok), any games with ciphersuites the server
plays would be specific to resumption.

I don't see anything wrong with session being resumed with different
ciphersuite in 1.3 (in 1.2 things worked differently, there there
actually might have been problems if ciphersuite changed).


-Ilari

v2.23.0 | Report a Bug | By Email