Re: [TLS] Connection ID Draft
"Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com> Wed, 18 October 2017 06:43 UTC
Return-Path: <thomas.fossati@nokia.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94A5A1320CF for <tls@ietfa.amsl.com>; Tue, 17 Oct 2017 23:43:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3zYCeCs5ZKXC for <tls@ietfa.amsl.com>; Tue, 17 Oct 2017 23:43:57 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0090.outbound.protection.outlook.com [104.47.1.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6C2C132026 for <tls@ietf.org>; Tue, 17 Oct 2017 23:43:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=E+YIZtU3YZ2yleZcuduc7Bu4dtx5Lpk6e1af2/6Q/FU=; b=lvyJdRq+BRoGqTYZOrvmkKCGTcJItRQ/Py5gLJeNpLK4hYsjOHjA4PS9ntboSE7t3TVAWK+FLVMle/BGqSVPorT69SfJg4FmwPdOYOtj0a1K3YIjKKmtUpXMMBuxb/MHRkjzY+j++1PfSkwa0hI4OPpNfmgwVZy2YEAdZ0PZGG8=
Received: from VI1PR07MB1102.eurprd07.prod.outlook.com (10.163.168.26) by VI1PR07MB1103.eurprd07.prod.outlook.com (10.163.168.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.5; Wed, 18 Oct 2017 06:43:53 +0000
Received: from VI1PR07MB1102.eurprd07.prod.outlook.com ([fe80::e157:80bf:7ba7:b2ed]) by VI1PR07MB1102.eurprd07.prod.outlook.com ([fe80::e157:80bf:7ba7:b2ed%13]) with mapi id 15.20.0156.004; Wed, 18 Oct 2017 06:43:53 +0000
From: "Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>, Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Connection ID Draft
Thread-Index: AQHTQ6/ei1Eh6DPTUUK7WLQddJSSYqLhT4aAgAfyyQA=
Date: Wed, 18 Oct 2017 06:43:52 +0000
Message-ID: <12771800-934C-4542-9F26-2E07B2C8D684@nokia.com>
References: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com> <1507875665.3178.19.camel@redhat.com>
In-Reply-To: <1507875665.3178.19.camel@redhat.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: spf=none (sender IP is ) smtp.mailfrom=thomas.fossati@nokia.com;
x-originating-ip: [88.109.173.195]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR07MB1103; 6:6/0IvKfigbFanrx163xjYnZyPHrb1TfTDEj8JbkZROcTv7U41/Hn8y+nM2egrbNBLCZpWIs3VUDYUmr9CkZjzMrdkna876F9kpBIiMkCnYONsvErX2wqzTgzJ3ct/vpPtfW7XGJKyYPT/149v83/Qny8BCnuVjt/zs67A6/7S75b1Nb217SZFDuiao2RG8DRkQcOLr0TGWMxj8JQ9vJGZLS9p/XRA29KoCLP34w80wOWBCS2gYLDuw2zwaOjIS0kT+c7pydeCh5C+SpS8hJ8BOgIvXaNFzaDx/zrGTnlTVGbf23yG1V9gpZu/4XL7Sc72pxTLCvSfBCYhrFYFAWQWA==; 5:Pbo50boyNFIHb1AxwNijHGKNOtccseiPMyDnKGGC91Rb5vJvwMBJYxWSaGsIq9l3gD/s2ciSF3RfX/IQHGF1D6G9Eoavhidr9e8kc4txMxzfKR811Jo40cvF3RLwuVcxygkQazZO1ZWl5pyBju3xpw==; 24:JZniTSas1A0FnQ+bL/CV5KzPUd/wEavxGmAZqie9F6xwWUKKtaEQZ0+xZdfe23BbuoF6LogGUcmj6cLlijSP3t9d3wf/IlOhij3Hoh7o3Xs=; 7:mRZ2TVc/X6V5EMXeMNkeQFd7pUve/4QM1afkQmPi7YRWrLTjjqMqs9fBxYuVNAlotfKaP7bkRZj2p/g05/XITWytuzjZ/O7vyj8QCkDQwnLbOtu3KA7etUkbLjlcbTlUSdPTJj2lrGs+HyS10iM8son7zpfXnR0kZtOT1DsxYIAveN53Ke0IId8LMg+ZghGxVIlPLtlL0JSZPsj8in+UTBhueai3bDgfUXiZabyO/3o=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(6009001)(376002)(346002)(39860400002)(199003)(189002)(24454002)(50986999)(2950100002)(7736002)(53936002)(6116002)(4326008)(68736007)(102836003)(305945005)(105586002)(106356001)(2900100001)(66066001)(6512007)(316002)(83716003)(82746002)(99286003)(58126008)(83506001)(36756003)(110136005)(81156014)(54356999)(8936002)(8676002)(76176999)(229853002)(53546010)(6436002)(2906002)(3660700001)(6506006)(86362001)(5250100002)(6486002)(97736004)(5660300001)(6246003)(107886003)(478600001)(3280700002)(189998001)(3846002)(101416001)(25786009)(2501003)(33656002)(81166006)(14454004); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR07MB1103; H:VI1PR07MB1102.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
x-ms-office365-filtering-correlation-id: 47d969c9-cc35-4367-28d3-08d515f398fe
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:VI1PR07MB1103;
x-ms-traffictypediagnostic: VI1PR07MB1103:
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-microsoft-antispam-prvs: <VI1PR07MB11032DAED36C6D869D06A79A804D0@VI1PR07MB1103.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123555025)(20161123562025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR07MB1103; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR07MB1103;
x-forefront-prvs: 0464DBBBC4
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <A22D6B7D95F78240A69BACB518F52E5C@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Oct 2017 06:43:52.9221 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB1103
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/l6OylBJCD7Nv392Ay8SKyFGmAPY>
Subject: Re: [TLS] Connection ID Draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Oct 2017 06:43:59 -0000
Hi Nikos, On 13/10/2017, 07:21, "TLS on behalf of Nikos Mavrogiannopoulos" <tls-bounces@ietf.org on behalf of nmav@redhat.com> wrote: > Another worrying feature is that the client can make the server send > up to 255 verbatim bytes on the wire of his choice. Why was this > feature added? Are there use cases related with it (intro doesn't > mention any), or it was only thought as a make it as generic as > possible approach? If it is the latter, I'd recommend to provide a > simple approach that covers the described use cases. > > The same argument applies to the server being able to set such a long > sequence of verbatim bytes to each of the client packets. I'd like to get a better understanding of your concern here. Is it size? Or is that it creates a potential sub-channel for sending identifying information? If the latter, it doesn't look much different from Random (except it's larger)? And then it gets hashed in the finished message, so, the room for a third party to fiddle with it seems really limited. Exactly, what risk do you foresee?
- [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Nikos Mavrogiannopoulos
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Hannes Tschofenig
- Re: [TLS] Connection ID Draft Eric Rescorla
- [TLS] 答复: Connection ID Draft yinxinxing
- [TLS] 答复: Connection ID Draft yinxinxing
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- [TLS] 答复: Connection ID Draft yinxinxing
- Re: [TLS] 答复: Connection ID Draft Eric Rescorla
- [TLS] 答复: 答复: Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Benjamin Kaduk
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Christian Huitema
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Nikos Mavrogiannopoulos
- Re: [TLS] Connection ID Draft Simon Bernard
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Stephen Farrell
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft Benjamin Kaduk
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Eric Rescorla
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft yinxinxing
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Martin Thomson
- Re: [TLS] Connection ID Draft Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] Connection ID Draft Matt Caswell
- Re: [TLS] Connection ID Draft Simon Bernard