Re: [TLS] Unifying tickets and sessions
Ryan Carboni <ryacko@gmail.com> Wed, 22 October 2014 16:45 UTC
Return-Path: <ryacko@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1B701ACDDA for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 09:45:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B-gBwk8A9Sty for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 09:45:00 -0700 (PDT)
Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E93C11ACD86 for <tls@ietf.org>; Wed, 22 Oct 2014 09:44:59 -0700 (PDT)
Received: by mail-wi0-f170.google.com with SMTP id n3so1316431wiv.5 for <tls@ietf.org>; Wed, 22 Oct 2014 09:44:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=epYwAMbKTLGQMRmrzOQ3rrkNHapitJKrgW7DQtpPWfk=; b=b+RT+eYDKj8xRG+X1MtVHoAkNRuecr33bnvjIvQJLhokGe0iIDaLZTzoVfc8HnCnuo U6f7FbQqgsY7WB+D+kQeiDQmvFqoRGreb+/W4lUPnoRZea8jNtaHTBkArvYgqxgxJHxD H6yXpv0SW0quComYT0i5cw/Cn0G7xGmcBkuFVgIyz4P30t1dUR8oD+Dp0LtgqH0IZckH D4wadqa5FIS5WrkRVqG1JYfJPxJLCDjDiY3gJxAYR1eVAJqUhu8PwaUiU+GzC+t1YD2S eI3FtHUWmJRo+4/ODwVr782IZsko4JN53fwc72E/UakTGsGXmHh3emav+CyAXENJWySl dr8g==
X-Received: by 10.180.24.167 with SMTP id v7mr8913621wif.41.1413996298552; Wed, 22 Oct 2014 09:44:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.242.39 with HTTP; Wed, 22 Oct 2014 09:44:18 -0700 (PDT)
From: Ryan Carboni <ryacko@gmail.com>
Date: Wed, 22 Oct 2014 09:44:18 -0700
Message-ID: <CAO7N=i38zutXpmuMKuv1CHrc3hO-zm6U+nsGgE6NF4YmC54tDQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="f46d0442878616cafc050605abb4"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/hY-j_orsPUxAEU3STZUVLyoAlOM
Subject: Re: [TLS] Unifying tickets and sessions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 16:45:03 -0000
From: "Richard Fussenegger, BSc" > [*] Better would be 'from all ciphers in use' otherwise one ends up with > a (insert ridiculous high value here) bit key while only using 128 bit > ciphers in the configuration. Dropping the key if a new stronger > configuration is loaded seems like a good idea to me at this point. I'm > looking at this from a performance perspective and glimpsing over to the > fact that the cryptography community agrees that 128 bit security will > be enough for the next 10 to 20 years.[2] I really can't tell if this > would be problematic from an implementation point of view. I think that > single hosts won't have a problem here and I guess that it wouldn't be > for clusters as well. The cluster configuration should be in sync but it > could become a problem if one node has a differing configuration (for > whatever reason). What opinion/insights do you have on this? Quantum computers are reaching 512-qubits now. http://www.bbc.com/news/science-environment-27632140 Quantum cryptography would result in key-sizes effectively being halved, and in 15 to 40 years a quantum computer could potentially be built by a nationstate to enhance known cryptographic attacks and reduce keyspaces substantially. It's unlikely though that the NSA will devote quantum computing to breaking the encryption of cat videos. I suggest an advisory that for unauthenticated encryption, 128-bits are used, and for authenticated encryption 256-bits or more are used. The only issue is that browsers tell you the whole page is encrypted the same way even though elements of the page use different sorts of encryption than the body of the page.
- [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Brian Smith
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Brian Smith
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions David Leon Gil
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions David Leon Gil
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Ryan Carboni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Ryan Carboni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Aaron Zauner
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Aaron Zauner
- Re: [TLS] Unifying tickets and sessions Douglas Stebila
- Re: [TLS] Unifying tickets and sessions Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Stephen Checkoway
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Joseph Salowey
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
- Re: [TLS] Unifying tickets and sessions David Leon Gil