Re: [TLS] Rethink TLS 1.3

Henrick Hellström <henrick@streamsec.se> Sat, 22 November 2014 11:32 UTC

Return-Path: <henrick@streamsec.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DA841A0AC8 for <tls@ietfa.amsl.com>; Sat, 22 Nov 2014 03:32:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.25
X-Spam-Level:
X-Spam-Status: No, score=-1.25 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z70EnL4-9bv4 for <tls@ietfa.amsl.com>; Sat, 22 Nov 2014 03:32:35 -0800 (PST)
Received: from vsp1.ballou.se (vsp1.ballou.se [91.189.40.82]) by ietfa.amsl.com (Postfix) with SMTP id CCD131A0ABD for <tls@ietf.org>; Sat, 22 Nov 2014 03:32:33 -0800 (PST)
Received: from nmail1.ballou.se (unknown [10.0.0.116]) by vsp1.ballou.se (Halon Mail Gateway) with ESMTP for <tls@ietf.org>; Sat, 22 Nov 2014 12:32:30 +0100 (CET)
Received: from [192.168.0.195] (c-21cfe555.06-134-73746f39.cust.bredbandsbolaget.se [85.229.207.33]) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id DB4B21DE89 for <tls@ietf.org>; Sat, 22 Nov 2014 12:32:30 +0100 (CET)
Message-ID: <5470742A.8020002@streamsec.se>
Date: Sat, 22 Nov 2014 12:31:54 +0100
From: =?UTF-8?B?SGVucmljayBIZWxsc3Ryw7Zt?= <henrick@streamsec.se>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: tls@ietf.org
References: <CACsn0ckmYrx+S--pP6P7VgjsmqQsoYnp+m-9hTPT-OJ9waUtkA@mail.gmail.com>
In-Reply-To: <CACsn0ckmYrx+S--pP6P7VgjsmqQsoYnp+m-9hTPT-OJ9waUtkA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/fQKinV8KGOQ7R5zMK8tWEOnFY-k
Subject: Re: [TLS] Rethink TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Nov 2014 11:32:37 -0000

On 2014-11-22 01:57, Watson Ladd wrote:
> Was the TLS 1.3 draft written by a cryptographer? No.
> Has it been reviewed by cryptographers? Unclear.
> Are the mechanisms secure? Unknown.
> Is it easy to analyze TLS 1.2? No.
> Was TLS 1.2 secure? No.
> Has TLS 1.3 fixed flaws in TLS 1.2? Some: session_hash remains
> unincluded, but the record layer is finally fixed.

I think such discussions would benefit from the basic premise that 
"secure" is a relative notion. It is completely pointless to ask if a 
protocol is secure or not secure, unless you first present an exhaustive 
list of security claims. That is, you can't ask if TLS 1.3 is secure or 
not, without first describing what security is to be expected from 
different scenarios.

In a sense, *every* protocol has the potential of becoming broken, 
unless it is unambiguously defined what is proper and improper usage of 
the protocol.