[TLS] Earlier exporters

Eric Rescorla <ekr@rtfm.com> Fri, 07 October 2016 15:11 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AECD112965A for <tls@ietfa.amsl.com>; Fri, 7 Oct 2016 08:11:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RxNSUg2r_X9F for <tls@ietfa.amsl.com>; Fri, 7 Oct 2016 08:11:31 -0700 (PDT)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01EE9129635 for <tls@ietf.org>; Fri, 7 Oct 2016 08:11:31 -0700 (PDT)
Received: by mail-yw0-x22f.google.com with SMTP id u124so33867089ywg.3 for <tls@ietf.org>; Fri, 07 Oct 2016 08:11:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=D1LzwZCdJiNhD7b0b3hu8hmXI7p8Iko09aOlxKEOy3M=; b=zfC9hioZz9kDvd1tDjZxuxXhuVLGqA9vx59kVgisz0fyhgnHasy+z6Qg7MEmm3YIIY Y11bCh9kEPx1fT0rgD5+8+4wkIfXAlL+P4X3cEbaAal00jJzodzoCaOoBapAhi0AeunB e7A7VZ3QM9Ea5sKH1istsZDWK8p530O1mPd6WeX/Kw88DepOOOLUwVl7GnDf8zrcRAVV jjay/t+SQLY8bQU5UvDQp96z6uEJyABwUcB3nnDSJJZqAXwT4V1SuSYhHbhx+6iJfsNX 3Q/HRTluvYkB4u9tUjeqlpwXCFwzAfFFyqLfEZ7GK4ITt5HZ4d2Uj4km/j0vDBT3X1aq edBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=D1LzwZCdJiNhD7b0b3hu8hmXI7p8Iko09aOlxKEOy3M=; b=inMl+uKyPcpVoHQ7n6QcgADd/h6RTkUdrBPl4IIMbKmUo5ChlBhaNaWohhgycwaOoa Zi9d/FUUrt5V+Vh4Y5H2FKbodG9D5/0CNpiw2+avoLb1Fl7v4DjuyuFaFoKwNVPXog+7 hqL2iJ7XKaNTl5I1u7ZRrF9BPqXhoESNkR12WUhSQICbuMYbAJx8GJr43PWUkz71GmGc OX0+3EVSuGBgveSRGATN7dpnqTw8monYAr0aswHt35AyHVd/sKzXnQolRq3KwlbZdgcl K0oF0d74LlPXku+hu/lUOwm8E+yA093GpaWusJvDNETmXAh/YhJPnfDHVaGPS7C+4b48 FojA==
X-Gm-Message-State: AA6/9RkLgleyaRfcn/hK9O3fb9FyfCzynHeOboge8HJxym0wLyThwEJn7UVLn74shFlZRg5UFpVL+n8iIICFeg==
X-Received: by 10.129.83.193 with SMTP id h184mr16013630ywb.52.1475853089988; Fri, 07 Oct 2016 08:11:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.75.212 with HTTP; Fri, 7 Oct 2016 08:10:49 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 07 Oct 2016 08:10:49 -0700
Message-ID: <CABcZeBOBmeEW+Ty5W68giBg5MZC11QR9oxMP00CD5zStb2=0fg@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a114d6f1c2bd07a053e47d358"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/l39CKcWMKvI2USahR7Ai6J7DhQA>
Subject: [TLS] Earlier exporters
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 15:11:33 -0000

Please see the following PR:
  https://github.com/tlswg/tls13-spec/pull/673

This includes various changes to make exporters/resumption work better.

Basically:
1. Add a 0-RTT exporter and change the transcript for the regular exporter
so it
    only includes the transcript up to ServerFinished. This gives it parity
with the
    rest of the traffic keys. If we need an exporter with the full
transcript we can
    always add it later

2. Point out that you can predict ClientFinished for NST when not doing
    Client auth. This lets you issue tickets on the server's first flight,
while still
    ensuring that if you do client auth you still bind resumption to the
client's
    full transcript.

These are pretty straightforward changes, so absent objections I'll merge
them early next week.

-Ekr