IETF Logo Mail Archive

Re: [TLS] Call for Consensus on removal of renegotiation

Yoav Nir <ynir.ietf@gmail.com> Wed, 25 June 2014 21:06 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D804D1A050E for <tls@ietfa.amsl.com>; Wed, 25 Jun 2014 14:06:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5lroDfOhTsPw for <tls@ietfa.amsl.com>; Wed, 25 Jun 2014 14:06:19 -0700 (PDT)
Received: from mail-we0-x231.google.com (mail-we0-x231.google.com [IPv6:2a00:1450:400c:c03::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21E221A046A for <tls@ietf.org>; Wed, 25 Jun 2014 14:06:18 -0700 (PDT)
Received: by mail-we0-f177.google.com with SMTP id u56so2607517wes.36 for <tls@ietf.org>; Wed, 25 Jun 2014 14:06:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=QPN0QEo7YTzIc6C/yuckhCgFcZMPSlc1gSLOS+kSjOc=; b=RWfS+xL+0U/e/L8+HY5aiq79MKI/FMQKcQtn6zWizzR285q4W0ORqEaaSgpukR7Zkl hsQSE7Ep0o75j2BTeyIfmiATt4LU+fbJRMkFD/dbo4mQVFi2aMSChtiYLlGiJ3UP9Tq1 vGXS+FWEDmqebqPSnZdMsu+O9dzJH2uPZYLIAFv/8ZqzHhKLeFmZ0qF2lmu/O1qtWeij hUxOU5CDD/+6EKwPo2UYQFpDVTmOxtBtidZGkPLDun7gcb3yb9FWQhN1h6Wvdr9VzYhu rKutxFSgTGM4pbf2Wfh4oA24lbjUuIrs0DIva2I9rkTrtA6PmRPyCH8lp4zN9yFra2o7 ClHg==
X-Received: by 10.194.186.178 with SMTP id fl18mr12249509wjc.83.1403730376156; Wed, 25 Jun 2014 14:06:16 -0700 (PDT)
Received: from [192.168.1.104] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id ft20sm16355749wic.14.2014.06.25.14.06.15 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 25 Jun 2014 14:06:15 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C71854BEF1A5@USMBX1.msg.corp.akamai.com>
Date: Thu, 26 Jun 2014 00:06:11 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <3E3ED127-E1DE-469A-A322-8B14856CFEE9@gmail.com>
References: <44DA5A30-015D-40F3-90CA-F15076891BBC@cisco.com> <53AB192F.2040001@fifthhorseman.net> <CAAF6GDdkkuB=Eko55vqaPS9Krc0XmiQk0vo2c_q5n6kydpkYuQ@mail.gmail.com> <B18B3440-8CBF-4B04-B792-F81FBF0CE8AC@gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C71854BEF192@USMBX1.msg.corp.akamai.com> <6B247363-E6E2-4A81-92D8-FE2F02C14227@gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C71854BEF1A5@USMBX1.msg.corp.akamai.com>
To: Rich Salz <rsalz@akamai.com>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/jWS-hMcWeSjE7Rf8ox6buBOPccs
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Call for Consensus on removal of renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jun 2014 21:06:21 -0000

On Jun 25, 2014, at 11:52 PM, Salz, Rich <rsalz@akamai.com> wrote:

>> If that application ever ran enough traffic that renegotiation for rekeying was
>> needed, upgrading to the next OpenSSL that includes TLS 1.3 would not be as
>> smooth.
> 
> Unless that next OpenSSL knew enough to do the re-key work. Hm. This would argue that Martin's approach is probably less disruptive than my preferred approach.

Even if OpenSSL knows enough to start a new connection, the application needs to be able to bind the old connection to the new, unless we add some kind of session management to TLS. But that would trade new complexity for old complexity, so I don’t think we want that.


>> BTW: This discussion is totally missing the other use of renegotiation - to
>> move from server-authenticated to mutually-authenticated. Unless that
>> need is addressed (by some mechanism), I can't support removing
>> renegotiation.
> 
> I believe the consensus is to adopt http://datatracker.ietf.org/doc/draft-thomson-tls-care/ which I prefer to think of as "do have any idea who I am”

I must have missed when they called consensus on that. In that case, I’m with the “remove it entirely (1)” camp. We use 128-bit ciphers today. Even with CBC, you will replace the client and the server long before you’ve encrypted so much that you need to rekey.  Periodic rekeying is something that auditors like, but is very rarely needed in HTTPS, SMTP and the like. I’m fine with forcing the few applications that need to to adapt.

Yoav

v2.23.0 | Report a Bug | By Email