IETF Logo Mail Archive

Re: [TLS] Closing on 0-RTT

Mark Nottingham <mnot@mnot.net> Mon, 26 June 2017 22:15 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 228CE12EB77 for <tls@ietfa.amsl.com>; Mon, 26 Jun 2017 15:15:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=LsNmyJdT; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=byMZSQbX
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZAPxQzPsyCXa for <tls@ietfa.amsl.com>; Mon, 26 Jun 2017 15:15:43 -0700 (PDT)
Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 270DC12EB74 for <tls@ietf.org>; Mon, 26 Jun 2017 15:15:43 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailnew.nyi.internal (Postfix) with ESMTP id 84C7FE9F; Mon, 26 Jun 2017 18:15:42 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute3.internal (MEProxy); Mon, 26 Jun 2017 18:15:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=Uyig2aytbZwIq+5J5w MN1GTEELrGJEbH9qWSuc8OKts=; b=LsNmyJdTuxoMx79MigksoaCAkYAQq89L3w POIRxdhViOk5wd56D44dmQY2cVap0dCPbiarJVpq67aI80H1n1pAC+TUoQyCRNys Jy/tjTO/6fXxNkuVOWKxgAR4ZUtg1hJXdxyoy+Qx8wllDRMG6vzWTtkr7XTiH2ST at507WPLJceoILraPouzyXxuV3yZBetnEzNelN7IPqd9noEUx49g6Cyw4tG93UGo /dGdJC6XEod4G1I8808pY9nRQoblJTE5+lYqDJqg00t66YoNArPnUXPc1jfKQXm3 /27lKVkpBCmD7hcMW+XFCUW4P4lEt/+XOWZLV/jwhCM70eXTEAZw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= fm1; bh=Uyig2aytbZwIq+5J5wMN1GTEELrGJEbH9qWSuc8OKts=; b=byMZSQbX yhDNABgbH94VgMTYs/I6DIQCJYpR7wFO8XodPGVL+J9srPVUNPXePBOopqnSv1tI MHBtT7suhgbMJ9uEKTWutOFvjqdx9B4DdpM/9K7vK6biS69eDdGpCoFjTml0Q0ts fD+IJMwyhVW8rPdpCvHrdTcA3h8YvHwq/vHg2Lerge+A/3r28cJvzjQ4kZChslJE ecHBu6yflNQdgylp2oNJFp2cI65OZwW0S/FKhS5RIIIbDdT90D/biFwdR8ni6Wn3 /OSy39o6mBB/TtmGQVyGAlpIXVP1E5BHvwiNNnVLVgCzkjB+rFo8E2zVcMWJ8tyu 9IOxH8X9HeiYog==
X-ME-Sender: <xms:jodRWQyniJwudnN4dJkZnHeSzZDWjs-kjpNxh917PEEJBZAwzvt_WA>
X-Sasl-enc: XnljYae3nlsKpxZXKVGsCFnd6kuvmFc8nolebzdnlcqR 1498515341
Received: from [192.168.1.18] (cpe-124-188-19-231.hdbq1.win.bigpond.net.au [124.188.19.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 0EEC17E263; Mon, 26 Jun 2017 18:15:40 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAAF6GDeGZVft6ZHtTHYKOdzBeU_LJ8JN2qsT4uG1f0GHc09m6Q@mail.gmail.com>
Date: Tue, 27 Jun 2017 08:15:38 +1000
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, "tls@ietf.org" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <AC1C185F-4E9B-41FA-9EDE-C39DF0FBC2CC@mnot.net>
References: <CABcZeBNLo51y4-MYS6NTQn9OWg5jTYYpwxn1fiKKNL5bWA37TA@mail.gmail.com> <20170613113232.GC8983@LK-Perkele-V2.elisa-laajakaista.fi> <CAH9QtQG0uk+eUozJxxMRwvcROO7x5FhKd5zDbwpCKuXj9zrecQ@mail.gmail.com> <20170613205113.GA13223@LK-Perkele-V2.elisa-laajakaista.fi> <CAH9QtQFez=tUVJOd7ztBaWFtVs5dAAojg8JrixGqjwqN5go+8A@mail.gmail.com> <20170614174531.GA17930@LK-Perkele-V2.elisa-laajakaista.fi> <CAOgPGoAmo1p9BwfxyeA=iWbOpVtbxJsVpdN0TzVuV=bVyFiWEA@mail.gmail.com> <CABcZeBPw94Pn9J2LDLBSijs+aZhhOsTiGKHj0wgBq0Ev8kf=xA@mail.gmail.com> <20170624052727.26n4spscu77nlnlw@LK-Perkele-VII> <CABcZeBNSVu3BA=Zv8qH2QOzbu1xDcq_+3E6yBL==fg1uQ3K5vw@mail.gmail.com> <20170626064320.aguxkeikwdfhpnk5@LK-Perkele-VII> <CAAF6GDeGZVft6ZHtTHYKOdzBeU_LJ8JN2qsT4uG1f0GHc09m6Q@mail.gmail.com>
To: Colm MacCárthaigh <colm@allcosts.net>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lm9MDZKf-JUECbysZRaV74Pv9mE>
Subject: Re: [TLS] Closing on 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2017 22:15:46 -0000

> On 27 Jun 2017, at 3:25 am, Colm MacCárthaigh <colm@allcosts.net> wrote:
> 
> 
> 
> On Sun, Jun 25, 2017 at 11:43 PM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
> I understood that the cache probing attack requires much less replays
> than the other side-channel ones. And furthermore, distributing the
> replays among zones makes the attack easier (because replay with the
> cached data hot doesn't tell that much).
> 
> In practice with real world HTTP caches, one replay is often sufficient. That's because in addition to the faster load time you can look at the cache headers (like max-age)

I think you mean Age. 

> to pinpoint that it was the replay that put the item in the cache. This would work with DNS too, where TTL or RRSET cycling leaks more information in the same way.  
> 
> Using more zones does help, and if the attacker were targeting a busy cache, then it can certainly help to weed out the noise and increase the likelihood of finding a zone/node where the cache is empty to begin with. 

Cheers,


--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email