Re: [TLS] Rethink TLS 1.3

Nico Williams <nico@cryptonector.com> Mon, 24 November 2014 10:42 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2DAF1A1EF8 for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 02:42:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.533
X-Spam-Level:
X-Spam-Status: No, score=0.533 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YtFZqE9nx-zN for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 02:42:30 -0800 (PST)
Received: from homiemail-a29.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 484581A1EEF for <tls@ietf.org>; Mon, 24 Nov 2014 02:42:30 -0800 (PST)
Received: from homiemail-a29.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTP id 2A4DA674060; Mon, 24 Nov 2014 02:42:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=R/Rhf+omy/dwNPd5n0iz4unzK9E=; b=uahBgujuBcR n8wAKbPMH0rpsdNnU6XJ7BeL943jruo9gEk5fAVB1kt0QLJOFUueaqOuw3/8SKzQ vdi0XNsU8uMlAAHKxlcH3TbjxEpYZ3iKZ/PSTeqBMSdFvnhDdydrXjPOr8ER9spc l8DvxsI73Aodr4atCBVzx+s3cITjTmkg=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a29.g.dreamhost.com (Postfix) with ESMTPA id D60DB674059; Mon, 24 Nov 2014 02:42:29 -0800 (PST)
Date: Mon, 24 Nov 2014 04:42:29 -0600
From: Nico Williams <nico@cryptonector.com>
To: Henrick =?iso-8859-1?Q?Hellstr=F6m?= <henrick@streamsec.se>
Message-ID: <20141124104226.GE3200@localhost>
References: <CACsn0ckmYrx+S--pP6P7VgjsmqQsoYnp+m-9hTPT-OJ9waUtkA@mail.gmail.com> <5470742A.8020002@streamsec.se> <CACsn0cnKqkHxw0Hudw0OGM1mVxZKJhj04ig2G3KtURtWhYTacw@mail.gmail.com> <20141124101744.GC3200@localhost> <547308E2.6060809@streamsec.se>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <547308E2.6060809@streamsec.se>
User-Agent: Mutt/1.5.21 (2010-09-15)
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/i7tjzA36Fan1sR43VIM-ZOffogs
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Rethink TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2014 10:42:31 -0000

On Mon, Nov 24, 2014 at 11:30:58AM +0100, Henrick Hellström wrote:
> Actually, no, it doesn't. The Internet threat model is based on the
> premise that both ends are uncompromised. If the client is allowing
> third party javascript to connect to arbitrary HTTPS servers,
> impersonating the client that runs the script, that client is
> compromised.

The Internet threat model always will have to assume local security.

We're designing TLS.  We are not really in a prosition to dictate to
applications that they must not use cookies (though we can and must
state clearly what applications can expect from TLS), especially not
since we can (and must) make TLS 1.3 resistant to BEAST/CRIME style
attacks (we shouldn't make apps change unnecessarily).  This is NOT a
defense of the web security model, BTW, please don't mistake it as such.

Nico
--