Re: [TLS] Unifying tickets and sessions
David Leon Gil <coruus@gmail.com> Wed, 22 October 2014 14:28 UTC
Return-Path: <coruus@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB3E31ACCE3 for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 07:28:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rPFkmLZJlvPQ for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 07:28:11 -0700 (PDT)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 039881ACCDF for <tls@ietf.org>; Wed, 22 Oct 2014 07:27:55 -0700 (PDT)
Received: by mail-lb0-f170.google.com with SMTP id u10so2974610lbd.15 for <tls@ietf.org>; Wed, 22 Oct 2014 07:27:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=y17wkwrL4WToBRKXy8yAp3ZbueBybKyx8PMmplrAZ6U=; b=pmll8Wt4ndhWcA9RbPPlhQJI//qIwlKKyQYiUjpFMq94HNWgYVFUiRb6Y7ysVweUlo BsqLtVvIQ2It7bLMn/FAEqAvqo93Jdw2T2ZkTTw8MxEz6qTKsXPE2ziU1v9nk0267bKI d8yUdshyUGZsRtvK+1Q9e5nMMLis+TDbUv97l9iTjWl5fTtSwicgxDF9Zwh7r/niRVSi 7qeIHpE7Ka6I7vsymoWmXSbCMqB2mvhwcv003kQJehDqz4J/BkVCOuWh3GLIkOBPb7Mv GyS9rjT9snxTjL/Xhcyjhv2Y+sygw59bcFAhTzzIv1LSOiJ8Zg+JBzXgZVBAB2nsnoJD ns1w==
X-Received: by 10.112.11.201 with SMTP id s9mr23735757lbb.79.1413988074193; Wed, 22 Oct 2014 07:27:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.218.145 with HTTP; Wed, 22 Oct 2014 07:27:32 -0700 (PDT)
In-Reply-To: <1659862.HPNNz8lRhl@pintsize.usersys.redhat.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C48AF@USMBX1.msg.corp.akamai.com> <544606E5.2070807@fussenegger.info> <CAA7UWsVmxAmBtdCvpE_+c2e7brJNkPrQ5_69FDXzy2csg6EsyA@mail.gmail.com> <1659862.HPNNz8lRhl@pintsize.usersys.redhat.com>
From: David Leon Gil <coruus@gmail.com>
Date: Wed, 22 Oct 2014 10:27:32 -0400
Message-ID: <CAA7UWsUbxDyh_yxn2t+tghHhLOhuBH+SqiLELJRFq9g=w=OAXw@mail.gmail.com>
To: Hubert Kario <hkario@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/lG2QyHDvLOvuV_NoRWS2WOYkvCA
Cc: tls@ietf.org
Subject: Re: [TLS] Unifying tickets and sessions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 14:28:14 -0000
There are, obviously, two things a server should be able to use for a unified session id/ticket: - An opaque identifier - Encrypted session state using a construction like RFC 5077's. Right now, RFC 5077 recommends: AES-128 with a 128-bit key and HMAC-SHA256 with a 256-bit key. Or, uselessly high 256-bit security against active attackers, and uselessly low 128-bit security strength against global passive adversaries. There should be a recommended session ticket construction at a 256 bit security strength for privacy to replace RFC 5077 s.4's. -- On Wed, Oct 22, 2014 at 8:56 AM, Hubert Kario <hkario@redhat.com> wrote: > That assumes that you have the space to store all those communications, I frankly don't understand this. According to the newspapers, at least, the NSA *does* store *all* encrypted communications pending eventual decryption. So evidently they do, at least. > then you need to have the ability to reference all those 2^50 keys in close to real time. This is a few petabytes of data, or a few thousand 1 TB SSDs. This is not a large amount of data. > Yes, it doesn't require "hard" computation, but it does require massive > amounts of relatively fast memory. No. It doesn't. It requires less than one cipher block per key for most of the computation. (The main expense is memory bandwidth.) > It's a classic memory-time tradeoff, isn't it? No. The gains are better than linear. See http://cr.yp.to/snuffle/bruteforce-20050425.pdf, but for "circuit" read "graphics card/SPU/MIC".
- [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Brian Smith
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Brian Smith
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions David Leon Gil
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions David Leon Gil
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Ryan Carboni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Ryan Carboni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Aaron Zauner
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Aaron Zauner
- Re: [TLS] Unifying tickets and sessions Douglas Stebila
- Re: [TLS] Unifying tickets and sessions Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Stephen Checkoway
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Joseph Salowey
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
- Re: [TLS] Unifying tickets and sessions David Leon Gil