IETF Logo Mail Archive

Re: [TLS] Separate APIs for 0-RTT

Timothy Jackson <tjackson@mobileiron.com> Fri, 23 June 2017 02:10 UTC

Return-Path: <tjackson@mobileiron.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E1CB129C09 for <tls@ietfa.amsl.com>; Thu, 22 Jun 2017 19:10:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.689
X-Spam-Level:
X-Spam-Status: No, score=-4.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mobileironinc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5aZ_jAxviFBM for <tls@ietfa.amsl.com>; Thu, 22 Jun 2017 19:10:34 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0067.outbound.protection.outlook.com [104.47.32.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B915129329 for <tls@ietf.org>; Thu, 22 Jun 2017 19:10:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mobileironinc.onmicrosoft.com; s=selector1-mobileiron-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=c1Un90kivqB9A9xriJn0H8JZb0uL9ihYbUgVfYlZaiU=; b=R600QF8VGp1A3biEBsPAP3lrZAZEFUIzo8M6IJp8mDHi5XqZlQ3KHSoRacL5Fa3ukcJvxaEhx0QIOOS+F/HL3EweX8lLdILZ/UcVBEmasq5bdRD0xhK37IAloHTwzjl2RQuGk438ckhyYJMD2iEzChD0aK1OPYGmtO4+4/KVn5Y=
Received: from CY4PR10MB1734.namprd10.prod.outlook.com (10.172.69.9) by CY4PR10MB1733.namprd10.prod.outlook.com (10.172.69.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1178.14; Fri, 23 Jun 2017 02:10:32 +0000
Received: from CY4PR10MB1734.namprd10.prod.outlook.com ([10.172.69.9]) by CY4PR10MB1734.namprd10.prod.outlook.com ([10.172.69.9]) with mapi id 15.01.1178.023; Fri, 23 Jun 2017 02:10:33 +0000
From: Timothy Jackson <tjackson@mobileiron.com>
To: Martin Thomson <martin.thomson@gmail.com>, David Benjamin <davidben@chromium.org>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Separate APIs for 0-RTT
Thread-Index: AQHS5B826ocFwaUKVUu/TtaM+BWK4KIit00AgAABTICAAD7KgIAABLeAgAAS9ICAAAKWgIAABRGAgAAA6oCAAAfUAIAAA2CAgAACoYCAACEVAIAAnPmAgADkkgCAABJdAIAAFyAAgAGxtQCACyBEwA==
Date: Fri, 23 Jun 2017 02:10:32 +0000
Message-ID: <bi1n55pr8mut29311935117k.1498183830709@email.android.com>
References: <CABcZeBMpeBhcKoJYuMwLyER0VBh+RtVr6amWMPos3CJipXYHcA@mail.gmail.com> <DM2PR21MB00916718A71749E5D2CB19C38CC20@DM2PR21MB0091.namprd21.prod.outlook.com> <CABcZeBO+Qprg4DTwNJrFU1PXDPyKbbdakMrF9fhe02jRL50cow@mail.gmail.com> <8e206c83-645f-6389-a7bd-ddd51e747ea2@akamai.com> <CAAF6GDfyqMndibTujY83_Xha2dZn7qvaCpZJw7xZ--b=-EOaYA@mail.gmail.com> <bf4506e7-13ce-ce7f-d20e-67a0d73c642a@akamai.com> <CAAF6GDePg9FL0JgzrWrTcrK7X=J0_fKjHVCj9EScvyQobJWTKA@mail.gmail.com> <20170613183536.GA12760@LK-Perkele-V2.elisa-laajakaista.fi> <63c8ac33-489c-0ace-d4ba-b960cd965281@akamai.com> <DM2PR21MB0091B8DC8780B4FA67464F0A8CC20@DM2PR21MB0091.namprd21.prod.outlook.com> <20170613205530.GB13223@LK-Perkele-V2.elisa-laajakaista.fi> <e5ab9945-054b-67bf-beef-9fce7a4a6f36@nic.cz> <CAF8qwaCuDk3oemXeKyEzzRgg2oCMA22qMBXQaL4YW3yWAeXUvA@mail.gmail.com> <DM2PR21MB009176844759F65141E1D6EA8CC30@DM2PR21MB0091.namprd21.prod.outlook.com> <CAF8qwaCwHYJP3p569CAN-9Fmd_ddDjg9d9wPi8j3uSrno_wHyw@mail.gmail.com>, <CABkgnnXr=YaFVuXraOCJjqsfy+D98bEfasW8jLgDw50DhKkyww@mail.gmail.com>
In-Reply-To: <CABkgnnXr=YaFVuXraOCJjqsfy+D98bEfasW8jLgDw50DhKkyww@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=mobileiron.com;
x-originating-ip: [204.8.168.222]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR10MB1733; 7:IgU3R2XRAhkdhyylb9+JiAD0WJqwx2cjauKKXu3U0tjupHt7qfwdOgSNrAqE7d3o7g0ckCQb81zYrxTMJwZqBVOav1+MJZFJP5sJ9XiXxMz3+M5Bemq+7P9dmyOA1REIG+kwcvwv4iNIJGbiGRtpGPEvQZ1NtCnq8Np9bPc0UdVZEHzYKDt2VinyOJp2CwxCwshEaYIocloLclcEsvkhcWYWvaJWXz+KmTtYiv+x4cvBfgGWowYmX4pmJDRmiSo/0xbNShbLbeh4P7kgPoc1khNrV3AbeaX3NPeVphx8b6QerKxHZnFHApXlML464EByU9cU4EXHknk7z5zj3OFxRA4rl/fiP44Xnblkzz5rU2hUpeoqdTdbesAjqvOUXtnyNaO3x9B5CDTye0Z749hldJXosHNCSiCjhMcQijcGrtvkmebKbPT6DJ9z2vqiLkpKAHFY3fg2Pzg0n3vaRRjiL31focj+WDLbKxM9L0/jY4zLq7Qc3wTm6spQuXkZ7iwcbV86pTjUfSFFTEn+T356yxl2vfKR/Msr6Qjo1dWmFqloq2UxsVBHBsT2vLBcjUD4zqtN3EQCXyG+1/b6v5qa1pMsXICsRBBu0cEhgzsCup7UhhuV3DjP5oGK+0bscd/pZ7RjIVjFDTKBNpZFM+69LiUfNqfG0gdYiku4LH8agO8wG37wnwGYQcD6cQ8sBzsfVPZlBVNlavyNaUhyQcKLoIvz4rEPfZOc8APGEM5k7N9MbHEDVgrygoaItqcq5bAeysDfTDjW+oO2SnayZCM9Hmka9rmFyiOvxQ+HGUxL8cU=
x-ms-office365-filtering-correlation-id: 9fd1a656-c55a-49f2-1475-08d4b9dd0777
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:CY4PR10MB1733;
x-ms-traffictypediagnostic: CY4PR10MB1733:
x-microsoft-antispam-prvs: <CY4PR10MB1733EBC1A9028B6E704A5246AAD80@CY4PR10MB1733.namprd10.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(20161123558100)(20161123555025)(20161123564025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR10MB1733; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR10MB1733;
x-forefront-prvs: 0347410860
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39840400002)(39410400002)(39400400002)(39450400003)(39850400002)(24454002)(377454003)(229853002)(39060400002)(6436002)(966005)(2950100002)(2906002)(25786009)(3280700002)(3660700001)(478600001)(77096006)(6486002)(63666004)(122556002)(14454004)(93886004)(51650200002)(4326008)(7906003)(6506006)(3846002)(86362001)(7736002)(102836003)(5660300001)(53546010)(6116002)(606005)(66066001)(2900100001)(8936002)(33646002)(68736007)(6512007)(95246002)(53936002)(50986999)(189998001)(6306002)(38730400002)(99286003)(6246003)(236005)(54896002)(54356999)(9686003)(76176999)(81166006)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR10MB1733; H:CY4PR10MB1734.namprd10.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_bi1n55pr8mut29311935117k1498183830709emailandroidcom_"
MIME-Version: 1.0
X-OriginatorOrg: mobileiron.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2017 02:10:32.7725 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8392379d-8a98-4cb4-8cfe-5e7fa92e4e60
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR10MB1733
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/hVRJ_2-S9aPE-sqUfgJ8qYO82eQ>
Subject: Re: [TLS] Separate APIs for 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jun 2017 02:10:38 -0000

+1 and a preference for MUST, just so people understand the importance.

Since we're agreed that 0-RTT data and 1-RTT data have (almost) the same security properties once the handshake completes, it seems to me, unless I've missed something, that a lot of protocols will accept 0-RTT but withhold the response until after the handshake completes. I expect this massively simplifies the analysis the for the app developers.

Clientdata = readData()
Reply = CreateReply(client data); //time intensive operation (e.g. Database, CDN cache lookup)

While(!clientFinished())
Wait(); //do nothing until 1-RTT finished

Send(reply)

This has the benefit of allowing slow lookups/processing to happen against 0-RTT, while delaying the "risky actions" until after 1-RTT. If I'm not mistaken, it would also make timing attacks harder since any cache misses would be at least partly masked by the time required for the 1-RTT handshake.

Dual streams seems to just add complexity here. What I really care about as a developer is whether I can fully trust the 0-RTT data, which is determined by whether the handshake is finished.

Cheers,

Tim
--
Tim Jackson

Senior Product Security Architect, MobileIron Inc.

________________________________

From: "Martin Thomson" <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>>
Date: Thursday, June 15, 2017 at 5:16:29 PM
To: "David Benjamin" <davidben@chromium.org<mailto:davidben@chromium.org>>
Cc: "tls@ietf.org" <tls@ietf.org<mailto:tls@ietf.org>>
Subject: Re: [TLS] Separate APIs for 0-RTT

On 15 June 2017 at 08:23, David Benjamin <davidben@chromium.org> wrote:
> When accepting 0-RTT as a server, a TLS implementation SHOULD/MUST provide a
> way for the application to determine if the client Finished has been
> processed.


I'm going to throw my support behind this distinction.  Though I would
phrase this more simply as "the handshake is complete".

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email