IETF Logo Mail Archive

Re: [TLS] Call for Consensus on removal of renegotiation

Alyssa Rowan <akr@akr.io> Sun, 29 June 2014 14:35 UTC

Return-Path: <akr@akr.io>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E6141A0537 for <tls@ietfa.amsl.com>; Sun, 29 Jun 2014 07:35:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.003
X-Spam-Level:
X-Spam-Status: No, score=-0.003 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1VJibLkW23bj for <tls@ietfa.amsl.com>; Sun, 29 Jun 2014 07:35:25 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82BA71A052E for <tls@ietf.org>; Sun, 29 Jun 2014 07:35:25 -0700 (PDT)
Message-ID: <53B02420.8010309@akr.io>
Date: Sun, 29 Jun 2014 15:35:12 +0100
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: tls@ietf.org
References: <44DA5A30-015D-40F3-90CA-F15076891BBC@cisco.com> <53AB192F.2040001@fifthhorseman.net> <B7430912-46B8-49DD-85EC-00FC5BC3B8D3@cisco.com>
In-Reply-To: <B7430912-46B8-49DD-85EC-00FC5BC3B8D3@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/fXBHpD5SP_yOvVPURus0TTSPuxM
Subject: Re: [TLS] Call for Consensus on removal of renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jun 2014 14:35:30 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 25/06/2014 21:03, Joseph Salowey (jsalowey) wrote:

> [Joe] to simplify:

I support 2: In favor of removing renegotiation with the addition of
rekey.

TLS <=1.2 renegotiation is hairy - but though it's not the most
commonly-deployed profile right now, rekeying is needed (for large
traffic volumes/long-lived connections, and potentially for
'ratcheting' the forward-security of connections?), as is
client-certificate authentication.

Happily, there are better ways of doing both of these than the current
renegotiation flow - so we can remove renegotiation as it stands, and
address these use-cases with better methods.

If we remove it otherwise, some people who need TLS won't be able to
use TLS 1.3, and I suspect that will be a barrier to adoption we don't
want.

- -- 
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTsCQfAAoJEOyEjtkWi2t6xHoP/irmk1gJwFUoVRhqObWAHzVu
Swl9Xk3B2fTzCpCn7yf+jojW1E/xh2lchN49UQ6Tdk4f3KboDCBFs/ebn/iObxUT
nZL5AGoBI+vTsozX4/zVynHn/TmGhxMrGGl6TsH1M/aQ9jBPpsqgLCHmMGytqjcH
Ui35qhy5QVsYkP3g4CSt581cuaW9gtXCzv/6x4f4kyb7Uvs54zk2W4ANvpFeVADY
zJfKd6ov2zHcP19AaC5/yaej7SBelo34mD4ftcmHnG+TemwyB9pt41wGotI/2aRL
KriC5haFEHBvM0kid6knNHJsOuvtzJr0eFPC9Hq4Ma2XLee8WJmMqJ4IPf8cDtYp
tr6MVrZJcAWxyPFrzud/NnOba5Pycbw7Uvm1vzBH1ZmTjk/v6tDf/wUHlW6wtNdX
ltAIh/IgnRlz0V++xqtGyvxJiJx/Uy03VznubgJTYqdhyr44foKxCNcWgPYrBgTE
A736zZyBIk/3oU4lmmZ1nmnzKSCHxlqL/fdaOPGLiRaPidehLsDrE8U9odc3CNac
vJHBwNLuKA8bB9gT0QfgpTYaoL9GzCZAbGl1szRC3LSTEuFYzwTF+bxMOJ0ysJu2
UXT7v21UNEVyxsbHtrTncREsnPuQc/UMyT7jyhul/4bBpEujkwYS9cQ9s1HqdMRL
P9QFewjaup48ez6Fg9rp
=lM/d
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email