IETF Logo Mail Archive

Re: [TLS] Call for Consensus on removal of renegotiation

Andy Lutomirski <luto@amacapital.net> Fri, 27 June 2014 19:03 UTC

Return-Path: <luto@amacapital.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DDCF1B29CB for <tls@ietfa.amsl.com>; Fri, 27 Jun 2014 12:03:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v2qsUsBfQq21 for <tls@ietfa.amsl.com>; Fri, 27 Jun 2014 12:03:45 -0700 (PDT)
Received: from mail-pb0-f45.google.com (mail-pb0-f45.google.com [209.85.160.45]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90F4E1B29B5 for <tls@ietf.org>; Fri, 27 Jun 2014 12:03:45 -0700 (PDT)
Received: by mail-pb0-f45.google.com with SMTP id rr13so4910994pbb.32 for <tls@ietf.org>; Fri, 27 Jun 2014 12:03:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:date:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=UIuQL4O38dfHfhZhYNJum5TbHCr6C6H3DgwMZYzKAoo=; b=W8sxuraEmwn1Tflwg2qC/M3Oo12fTFiwJgFGGpWb8tANkusaqGu+Xihz7JU7g5Sm+J L6xOX73XweJWGQKhih8HSBpo3p5cPUrYMtLMrO7gKXxpYR7FiNA60mAp2GqDE0mQsZlC k4UuY3eKWeD+/3K7mgxteTC3umLcthFAzE+ZKLd4iOXpEnl15PFibQBc0Xj6tQWjzlB7 7VLTY7Jv9Dgbhf18ckzyuIOQggCHCg+uw3B2kDgTYz130ZIzaP/EinaeB6+Vh2XYxj+9 kkXdr2EUUCzd5ddlXtPYKwizbjQVkE2JmWbAABpgEtpFkaRbWGLYkvb6lVVprLZfQzry Sotw==
X-Gm-Message-State: ALoCoQmxhtVIbJ/F8r9+KLCFNrhPFb9uqUpBA+8iVJ1Et24DTm+DFUEnhxxV0dGeLFwwucFlNq80
X-Received: by 10.68.129.68 with SMTP id nu4mr32984256pbb.76.1403895825112; Fri, 27 Jun 2014 12:03:45 -0700 (PDT)
Received: from amaluto.corp.amacapital.net (50-76-60-73-ip-static.hfc.comcastbusiness.net. [50.76.60.73]) by mx.google.com with ESMTPSA id fv2sm15950486pbd.11.2014.06.27.12.03.42 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 27 Jun 2014 12:03:43 -0700 (PDT)
From: Andy Lutomirski <luto@amacapital.net>
X-Google-Original-From: Andy Lutomirski <luto@mit.edu>
Message-ID: <53ADC00E.4060305@mit.edu>
Date: Fri, 27 Jun 2014 12:03:42 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Watson Ladd <watsonbladd@gmail.com>, "mrex@sap.com" <mrex@sap.com>
References: <B7430912-46B8-49DD-85EC-00FC5BC3B8D3@cisco.com> <20140626143044.F3B0C1AD68@ld9781.wdf.sap.corp> <CACsn0c=3-SdQUADeUaN_eh6wZ4MMTPViizC5gmpmonrJ-wN4wg@mail.gmail.com>
In-Reply-To: <CACsn0c=3-SdQUADeUaN_eh6wZ4MMTPViizC5gmpmonrJ-wN4wg@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/jGOiJFRsD2WKZ0DjahMJbdZ__JM
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Call for Consensus on removal of renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jun 2014 19:03:47 -0000

On 06/26/2014 06:23 PM, Watson Ladd wrote:
> On Thu, Jun 26, 2014 at 7:30 AM, Martin Rex <mrex@sap.com> wrote:
>> Joseph Salowey (jsalowey) wrote:
>>>
>>> 1.  In favor of removing renegotiation
>>> 2.  In favor of removing renegotiation with the addition of rekey facility
>>> 3.  Not in favor of removing renegotiation
>>
>>
>> (3) Leave it in the spec,  Make it a true option for implementors.
>>     with a guidance that clients might need it for interop, but should
>>     play safe (and nail down identities once they're established) by default
>>
>>
>> I never offered/exposed renegotiation at the API to application callers,
>> and since January 2010, I have the server-side reject renegotiation attempts
>> from clients.  But the installed base of _other_ servers that use
>> (or require) it is to large to be ignored, and I don't see it go away
>> that easily...
>>
>> Everything that you change from TLSv1.0/1/2 toward v1.3 will add complexity
>> and require more code.  This applies not just to adding new features, but
>> also to axing existing features that may be in current use.
>>
>> A TLSv1.3 spec that requires implementors to carefully avoid TLSv1.3 for
>> a number of commonly used TLSv1.0/1/2 features may be even harder to
>> sell than TLSv1.2 and IPv6.
> 
> I think this is an excellent point: unless we are making TLS 1.3 web
> only, and committing to supporting TLS 1.2 (including renegotation!)
> for
> a long time, we cannot ax this feature. As much as I dislike
> renegotiation, it may be that we need to include it as an optional
> feature if we want to replace TLS 1.2.

Are there any known non-HTTP users of renegotiation for client auth that
wouldn't work out of the box with unsolicited client auth during the
handshake?

The only compelling objection to removing renegotiation for client auth
that I heard was that it would be unfortunate for TLS 1.3 to only be
usable with an upgraded HTTP stack.  That's not a show-stopper, but it's
annoying.

Allowing delayed client authentication without a new handshake would
solve this problem, is cryptographically very simple*, but integrating
it into the protocol might be quite complicated.

* It would preclude using tricks like triple DH directly, though.

--Andy

v2.23.0 | Report a Bug | By Email