Re: [TLS] Call for Consensus on removal of renegotiation
Andy Lutomirski <luto@amacapital.net> Fri, 27 June 2014 19:03 UTC
Return-Path: <luto@amacapital.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DDCF1B29CB for <tls@ietfa.amsl.com>; Fri, 27 Jun 2014 12:03:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v2qsUsBfQq21 for <tls@ietfa.amsl.com>; Fri, 27 Jun 2014 12:03:45 -0700 (PDT)
Received: from mail-pb0-f45.google.com (mail-pb0-f45.google.com [209.85.160.45]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90F4E1B29B5 for <tls@ietf.org>; Fri, 27 Jun 2014 12:03:45 -0700 (PDT)
Received: by mail-pb0-f45.google.com with SMTP id rr13so4910994pbb.32 for <tls@ietf.org>; Fri, 27 Jun 2014 12:03:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:date:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=UIuQL4O38dfHfhZhYNJum5TbHCr6C6H3DgwMZYzKAoo=; b=W8sxuraEmwn1Tflwg2qC/M3Oo12fTFiwJgFGGpWb8tANkusaqGu+Xihz7JU7g5Sm+J L6xOX73XweJWGQKhih8HSBpo3p5cPUrYMtLMrO7gKXxpYR7FiNA60mAp2GqDE0mQsZlC k4UuY3eKWeD+/3K7mgxteTC3umLcthFAzE+ZKLd4iOXpEnl15PFibQBc0Xj6tQWjzlB7 7VLTY7Jv9Dgbhf18ckzyuIOQggCHCg+uw3B2kDgTYz130ZIzaP/EinaeB6+Vh2XYxj+9 kkXdr2EUUCzd5ddlXtPYKwizbjQVkE2JmWbAABpgEtpFkaRbWGLYkvb6lVVprLZfQzry Sotw==
X-Gm-Message-State: ALoCoQmxhtVIbJ/F8r9+KLCFNrhPFb9uqUpBA+8iVJ1Et24DTm+DFUEnhxxV0dGeLFwwucFlNq80
X-Received: by 10.68.129.68 with SMTP id nu4mr32984256pbb.76.1403895825112; Fri, 27 Jun 2014 12:03:45 -0700 (PDT)
Received: from amaluto.corp.amacapital.net (50-76-60-73-ip-static.hfc.comcastbusiness.net. [50.76.60.73]) by mx.google.com with ESMTPSA id fv2sm15950486pbd.11.2014.06.27.12.03.42 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 27 Jun 2014 12:03:43 -0700 (PDT)
From: Andy Lutomirski <luto@amacapital.net>
X-Google-Original-From: Andy Lutomirski <luto@mit.edu>
Message-ID: <53ADC00E.4060305@mit.edu>
Date: Fri, 27 Jun 2014 12:03:42 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Watson Ladd <watsonbladd@gmail.com>, "mrex@sap.com" <mrex@sap.com>
References: <B7430912-46B8-49DD-85EC-00FC5BC3B8D3@cisco.com> <20140626143044.F3B0C1AD68@ld9781.wdf.sap.corp> <CACsn0c=3-SdQUADeUaN_eh6wZ4MMTPViizC5gmpmonrJ-wN4wg@mail.gmail.com>
In-Reply-To: <CACsn0c=3-SdQUADeUaN_eh6wZ4MMTPViizC5gmpmonrJ-wN4wg@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/jGOiJFRsD2WKZ0DjahMJbdZ__JM
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Call for Consensus on removal of renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jun 2014 19:03:47 -0000
On 06/26/2014 06:23 PM, Watson Ladd wrote: > On Thu, Jun 26, 2014 at 7:30 AM, Martin Rex <mrex@sap.com> wrote: >> Joseph Salowey (jsalowey) wrote: >>> >>> 1. In favor of removing renegotiation >>> 2. In favor of removing renegotiation with the addition of rekey facility >>> 3. Not in favor of removing renegotiation >> >> >> (3) Leave it in the spec, Make it a true option for implementors. >> with a guidance that clients might need it for interop, but should >> play safe (and nail down identities once they're established) by default >> >> >> I never offered/exposed renegotiation at the API to application callers, >> and since January 2010, I have the server-side reject renegotiation attempts >> from clients. But the installed base of _other_ servers that use >> (or require) it is to large to be ignored, and I don't see it go away >> that easily... >> >> Everything that you change from TLSv1.0/1/2 toward v1.3 will add complexity >> and require more code. This applies not just to adding new features, but >> also to axing existing features that may be in current use. >> >> A TLSv1.3 spec that requires implementors to carefully avoid TLSv1.3 for >> a number of commonly used TLSv1.0/1/2 features may be even harder to >> sell than TLSv1.2 and IPv6. > > I think this is an excellent point: unless we are making TLS 1.3 web > only, and committing to supporting TLS 1.2 (including renegotation!) > for > a long time, we cannot ax this feature. As much as I dislike > renegotiation, it may be that we need to include it as an optional > feature if we want to replace TLS 1.2. Are there any known non-HTTP users of renegotiation for client auth that wouldn't work out of the box with unsolicited client auth during the handshake? The only compelling objection to removing renegotiation for client auth that I heard was that it would be unfortunate for TLS 1.3 to only be usable with an upgraded HTTP stack. That's not a show-stopper, but it's annoying. Allowing delayed client authentication without a new handshake would solve this problem, is cryptographically very simple*, but integrating it into the protocol might be quite complicated. * It would preclude using tricks like triple DH directly, though. --Andy
- [TLS] Call for Consensus on removal of renegotiat… Joseph Salowey (jsalowey)
- Re: [TLS] Call for Consensus on removal of renego… Daniel Kahn Gillmor
- Re: [TLS] Call for Consensus on removal of renego… Joseph Salowey (jsalowey)
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Colm MacCárthaigh
- Re: [TLS] Call for Consensus on removal of renego… Russ Housley
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Salz, Rich
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Salz, Rich
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Salz, Rich
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Colm MacCárthaigh
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Colm MacCárthaigh
- Re: [TLS] Call for Consensus on removal of renego… Salz, Rich
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Nikos Mavrogiannopoulos
- Re: [TLS] Call for Consensus on removal of renego… Hubert Kario
- Re: [TLS] Call for Consensus on removal of renego… Martin Rex
- Re: [TLS] Call for Consensus on removal of renego… Martin Rex
- Re: [TLS] Call for Consensus on removal of renego… Watson Ladd
- Re: [TLS] Call for Consensus on removal of renego… Watson Ladd
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… Nikos Mavrogiannopoulos
- Re: [TLS] Call for Consensus on removal of renego… Eric Rescorla
- Re: [TLS] Call for Consensus on removal of renego… Brian Hamon
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Brian Hamon
- Re: [TLS] Call for Consensus on removal of renego… Tapio Sokura
- Re: [TLS] Call for Consensus on removal of renego… Watson Ladd
- Re: [TLS] Call for Consensus on removal of renego… Peter Gutmann
- Re: [TLS] Call for Consensus on removal of renego… Yoav Nir
- Re: [TLS] Call for Consensus on removal of renego… James Cloos
- Re: [TLS] Call for Consensus on removal of renego… Brian Hamon
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Eric Rescorla
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Brian Smith
- Re: [TLS] Call for Consensus on removal of renego… Brian Hamon
- Re: [TLS] Call for Consensus on removal of renego… Martin Thomson
- Re: [TLS] Call for Consensus on removal of renego… Andy Lutomirski
- Re: [TLS] Call for Consensus on removal of renego… Peter Gutmann
- Re: [TLS] Call for Consensus on removal of renego… Martin Rex
- Re: [TLS] Call for Consensus on removal of renego… Watson Ladd
- Re: [TLS] Call for Consensus on removal of renego… Peter Gutmann
- Re: [TLS] Call for Consensus on removal of renego… Steve Checkoway
- Re: [TLS] Call for Consensus on removal of renego… Alyssa Rowan
- Re: [TLS] Call for Consensus on removal of renego… henry.story@bblfish.net