Re: [TLS] Premaster/Master convention

"StJohns, Michael" <msj@nthpermutation.com> Fri, 01 August 2014 04:15 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D92A51A03CA for <tls@ietfa.amsl.com>; Thu, 31 Jul 2014 21:15:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u9YwtzGFlmFE for <tls@ietfa.amsl.com>; Thu, 31 Jul 2014 21:15:54 -0700 (PDT)
Received: from mail-qa0-f53.google.com (mail-qa0-f53.google.com [209.85.216.53]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B13D31A03C9 for <tls@ietf.org>; Thu, 31 Jul 2014 21:15:54 -0700 (PDT)
Received: by mail-qa0-f53.google.com with SMTP id v10so3357582qac.26 for <tls@ietf.org>; Thu, 31 Jul 2014 21:15:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=y3qygTuNryYQb7QvmONehG96jPpejvyGAp2HBMHk6RI=; b=jGtY5hRHwoy8hnBauP/EeYdkO8qwzFj+LUtKWcvPsiH52OiDo/AYAHed+0D1idvuWr hvpEYFRmjoZSrnewerZ/387mxd6X8vqbjrmNokysabINZ/vWdbumhVQib5YWcMEf998Z M2GTe/BVy6yqBddQ1vbwL+sLk8VIfYWEAFPrEWqPLYzfEnxgOV5ubXZj0iP8Hui8hXcn Jtz7iAIPcSNvR0NrXFXoyCp5A3VMmiFd5Fp9O8OaP11stV7YKz9rqs+ncqfjQkpWji6L /patldzjxq7jQzQaDSmdajkWy1FoYaukUH0X2dhr7+MKOf/9rekTR+uJwxU2XYmVQL1X RYTA==
X-Gm-Message-State: ALoCoQmVRqbtMfz+Qph/sZzUQAciQbay5yDNBFaZETy/F80x/hSceyg9ky5WFWpqRs6inUIzgGSO
MIME-Version: 1.0
X-Received: by 10.140.50.50 with SMTP id r47mr4140056qga.96.1406866553796; Thu, 31 Jul 2014 21:15:53 -0700 (PDT)
Received: by 10.140.108.6 with HTTP; Thu, 31 Jul 2014 21:15:53 -0700 (PDT)
X-Originating-IP: [64.134.236.22]
In-Reply-To: <C1079511-D7A5-45D0-A552-529FB9D306D5@akamai.com>
References: <53D907B0.3000006@nthpermutation.com> <D40A7DE25C5AA54195F82EA553F2446033900BFC0A@USMBX1.msg.corp.akamai.com> <53D91332.9070103@nthpermutation.com> <D40A7DE25C5AA54195F82EA553F2446033900BFC15@USMBX1.msg.corp.akamai.com> <53D95C7D.9060408@nthpermutation.com> <6ECEF2D7-A1AE-4AC4-90C5-62A38075B0BF@akamai.com> <BD068080-2854-4EBA-A96E-1030CB7C1CFF@akamai.com> <53DA7E2A.50905@nthpermutation.com> <C1079511-D7A5-45D0-A552-529FB9D306D5@akamai.com>
Date: Fri, 1 Aug 2014 00:15:53 -0400
Message-ID: <CANeU+ZA0UNMupa3_2PJqR6JGuUu6bWfros5ujTVBVavREbatnw@mail.gmail.com>
From: "StJohns, Michael" <msj@nthpermutation.com>
To: "Gero, Charlie" <cgero@akamai.com>
Content-Type: multipart/alternative; boundary=001a11351d9e2fb63404ff89a59c
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/j-MnlS_46RDnzWdG_wuAIcZmbO8
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Premaster/Master convention
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Aug 2014 04:15:57 -0000

Got it.  Thanks for the clarification.

On Thursday, July 31, 2014, Gero, Charlie <cgero@akamai.com> wrote:

> Sorry for the lack of clarity.  What I mean is, I think Akamai will be
> able to keep our current system working even with PMS to MS removed given:
>
> 1. Removal of the PMS to MS step is done in 1.3 and forward only (this
> seems obvious, but in the argument of explicitness...)
>
> AND
>
> 2. TLS 1.3 removes static RSA key exchange.
>
> AND
>
> 3. TLS 1.3 removes renegotiation.
>
> If any of those constraints break, our current architecture will require
> significant change.
>
> Regards,
> *Charlie Gero*
> Senior Principal System Software Engineer
> Team Lead Engineering - Akamai Labs
> 617.444.3940
>
> On Jul 31, 2014, at 1:34 PM, "Michael StJohns" <msj@nthpermutation.com
> <javascript:_e(%7B%7D,'cvml','msj@nthpermutation.com');>> wrote:
>
> On 7/30/2014 9:18 PM, Gero, Charlie wrote:
>
> Sorry for the second late response.  Hectic day.  Here's a follow up from
> the previous.
>
>  No probs
>
>
>  In addition, as long as TLS 1.3 keeps static RSA key exchange and
> renegotiation out as well as only removing PMS to MS in 1.3 and later, we
> should be ok.  As someone adeptly inferred earlier, this is where things
> would get hairy for us if any of these constraints are violated.
>
>
>
> I couldn't parse this very well - too many missing commas.  Did you mean?:
>
> "In addition, as long as TLS1.3 only removes static RSA key exchange and
> renegotiation we should be ok"
>
> - and -
>
> "If removing the pre-master secret only applies to TLS1.3 and later we
> should be ok"
>
> I thought removing the pre-master regardless of rev was the issue?
>
> Mike
>
>