IETF Logo Mail Archive

Re: [TLS] Unifying tickets and sessions

Ryan Carboni <ryacko@gmail.com> Wed, 22 October 2014 16:45 UTC

Return-Path: <ryacko@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1B701ACDDA for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 09:45:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B-gBwk8A9Sty for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 09:45:00 -0700 (PDT)
Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E93C11ACD86 for <tls@ietf.org>; Wed, 22 Oct 2014 09:44:59 -0700 (PDT)
Received: by mail-wi0-f170.google.com with SMTP id n3so1316431wiv.5 for <tls@ietf.org>; Wed, 22 Oct 2014 09:44:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=epYwAMbKTLGQMRmrzOQ3rrkNHapitJKrgW7DQtpPWfk=; b=b+RT+eYDKj8xRG+X1MtVHoAkNRuecr33bnvjIvQJLhokGe0iIDaLZTzoVfc8HnCnuo U6f7FbQqgsY7WB+D+kQeiDQmvFqoRGreb+/W4lUPnoRZea8jNtaHTBkArvYgqxgxJHxD H6yXpv0SW0quComYT0i5cw/Cn0G7xGmcBkuFVgIyz4P30t1dUR8oD+Dp0LtgqH0IZckH D4wadqa5FIS5WrkRVqG1JYfJPxJLCDjDiY3gJxAYR1eVAJqUhu8PwaUiU+GzC+t1YD2S eI3FtHUWmJRo+4/ODwVr782IZsko4JN53fwc72E/UakTGsGXmHh3emav+CyAXENJWySl dr8g==
X-Received: by 10.180.24.167 with SMTP id v7mr8913621wif.41.1413996298552; Wed, 22 Oct 2014 09:44:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.242.39 with HTTP; Wed, 22 Oct 2014 09:44:18 -0700 (PDT)
From: Ryan Carboni <ryacko@gmail.com>
Date: Wed, 22 Oct 2014 09:44:18 -0700
Message-ID: <CAO7N=i38zutXpmuMKuv1CHrc3hO-zm6U+nsGgE6NF4YmC54tDQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="f46d0442878616cafc050605abb4"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/hY-j_orsPUxAEU3STZUVLyoAlOM
Subject: Re: [TLS] Unifying tickets and sessions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 16:45:03 -0000

From: "Richard Fussenegger, BSc"

> [*] Better would be 'from all ciphers in use' otherwise one ends up with
> a (insert ridiculous high value here) bit key while only using 128 bit
> ciphers in the configuration. Dropping the key if a new stronger
> configuration is loaded seems like a good idea to me at this point. I'm
> looking at this from a performance perspective and glimpsing over to the
> fact that the cryptography community agrees that 128 bit security will
> be enough for the next 10 to 20 years.[2] I really can't tell if this
> would be problematic from an implementation point of view. I think that
> single hosts won't have a problem here and I guess that it wouldn't be
> for clusters as well. The cluster configuration should be in sync but it
> could become a problem if one node has a differing configuration (for
> whatever reason). What opinion/insights do you have on this?


 Quantum computers are reaching 512-qubits now.
http://www.bbc.com/news/science-environment-27632140

Quantum cryptography would result in key-sizes effectively being halved,
and in 15 to 40 years a quantum computer could potentially be built by a
nationstate to enhance known cryptographic attacks and reduce keyspaces
substantially.

It's unlikely though that the NSA will devote quantum computing to breaking
the encryption of cat videos.

I suggest an advisory that for unauthenticated encryption, 128-bits are
used, and for authenticated encryption 256-bits or more are used. The only
issue is that browsers tell you the whole page is encrypted the same way
even though elements of the page use different sorts of encryption than the
body of the page.

v2.23.0 | Report a Bug | By Email