Re: [TLS] sessions, contexts, etc.
Ravi Ganesan <ravi@findravi.com> Thu, 31 December 2009 00:47 UTC
Return-Path: <ravi@findravi.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E89B43A6986 for <tls@core3.amsl.com>; Wed, 30 Dec 2009 16:47:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.818
X-Spam-Level:
X-Spam-Status: No, score=-0.818 tagged_above=-999 required=5 tests=[AWL=-1.442, BAYES_50=0.001, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f9WiijsEBB55 for <tls@core3.amsl.com>; Wed, 30 Dec 2009 16:47:11 -0800 (PST)
Received: from mail-pz0-f176.google.com (mail-pz0-f176.google.com [209.85.222.176]) by core3.amsl.com (Postfix) with ESMTP id DBDE53A6966 for <tls@ietf.org>; Wed, 30 Dec 2009 16:47:11 -0800 (PST)
Received: by pzk6 with SMTP id 6so9708532pzk.29 for <tls@ietf.org>; Wed, 30 Dec 2009 16:46:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.114.248.7 with SMTP id v7mr12852350wah.92.1262220409250; Wed, 30 Dec 2009 16:46:49 -0800 (PST)
Date: Wed, 30 Dec 2009 16:46:49 -0800
Message-ID: <3561bdcc0912301646p65923143t1b138fb17b75d9@mail.gmail.com>
From: Ravi Ganesan <ravi@findravi.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="0016e64c3d981f2493047bfb97dc"
Subject: Re: [TLS] sessions, contexts, etc.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2009 00:47:13 -0000
Does something along these lines work as a pedagogical device? Nodes characterized by the parameters of relevance. A root node, three types of ways to spawn a child node. What a child inherits from parent, etc... At the end of a TLS handshake, the Client and the Server share six key pieces of information: (i) a session-id /*Public information */ (ii) a shared master-secret /*Secret. Known only to Client and Server */ (iii) the client-random and /* May be public or secret */ (iv) the server-random. /*May be public or secret*/ (v) authentication knowledge /* Namely, the Client MAY know that is has authenticated the Server (in practice this almost always is true). The Server MAY know that it has authenticated the Client (relatively rare in practice, but an important sub-category). (vi) renegotiation-information /*The newly introduced RI field at the end of the handshake. */ When the Client and a Server share NONE of the above six pieces of data, the Client will typically initiate a completely fresh session using the FULL handshake. Such a session is called a ROOT session. A Client and a Server who have completed a ROOT session can engage in further handshakes to create new sessions, which in turn can create further sessions. Treating each session as a node in a graph we can get a tree rooted at the ROOT. Each node can spawn a child node using three different techniques as follows: i) A node can create a child-node by performing an abbreviated handshake. Such an abbreviated-child inherits the session-id, the shared master-secret and the authentication-knowledge, from its parent (these CANNOT change). It gets new client-random, server-random and starts afresh with renegotiation-information. This technique of spawning a child node is usually used for efficiency considerations (abbrv. handshake requires no PKI operations, which is why it cannot be used to update authentication-knowledge of the other end either). The creation of such a child-node does NOT result in the previous node becoming inactive. ii) A node can create a child node by performing renegotiation, followed by a full handshake. Such a full-renego-child, starts afresh with new values for all of the first five parameters. The only parameter which keeps it tied to this tree is the renegotiation-information, which is derived from the handshake and the parent-node's renegotiation-information. The primary use-case for this technique is to update authentication-knowledge of the Server (i.e. does it know who the Client is?). The creation of such a child node means the parent node can no longer be used. iii) A node can create a child node by performing renegotiation followed by an abbreviated handshake. Such a abbrv-renego-child inherits the session-id, shared-master-secret and authentication-information of its parent. There is a new client-random and server-random, and as in a full-renego-child, the renegotiation-information is derived from the handshake and the the renegotiation-information of its parent. I do not know why this use-case exists; the encryption/hashing keys change but it is questionable if that adds any protection. The creation of such a child node means the parent node can no longer be used. Observe that each of the different child nodes can give birth to any of the other three types of children.
- Re: [TLS] sessions, contexts, etc. Ravi Ganesan
- Re: [TLS] sessions, contexts, etc. David-Sarah Hopwood
- Re: [TLS] sessions, contexts, etc. tom.petch