Re: [TLS] Fwd: New Version Notification for draft-tiloca-tls-dos-handshake-00.txt

Eric Rescorla <ekr@rtfm.com> Sun, 09 July 2017 20:12 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2583C129A92 for <tls@ietfa.amsl.com>; Sun, 9 Jul 2017 13:12:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e3zaj8fygVRI for <tls@ietfa.amsl.com>; Sun, 9 Jul 2017 13:12:26 -0700 (PDT)
Received: from mail-yb0-x22c.google.com (mail-yb0-x22c.google.com [IPv6:2607:f8b0:4002:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8655128DE5 for <tls@ietf.org>; Sun, 9 Jul 2017 13:12:26 -0700 (PDT)
Received: by mail-yb0-x22c.google.com with SMTP id e201so22714902ybb.1 for <tls@ietf.org>; Sun, 09 Jul 2017 13:12:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=56RWHXvzkP472mcbxpBkLXhIMNZ6eMh+EllzDVrWaqM=; b=hyzgiJSLJMj+e2MzjJM+HaSB+6qhjBrc7KhpYzJgUdRVgNwx00JrzFLEPE5maDhRAi tzr3Ajv8bDaDZfdhgdnJcmZ1AgmG4xUKky6h5HpQlRyK7Z/3sj+wRKWtYCl4T0mUDPIG zIgVTWjXNIGsR3h3MjVKUjhLB4iUxDIuvIrdKWiuu9RI8aEl1KriPQo1vTj6DSl9uvMc GX9K5sWdk797ChLVMb0w7OthsD4dK0t9yh8rCCv9whNS4RPQpUoZ3NWVZUfsCbCCHGtb s+YnHpxlqFh61b5+0hsJ0WrzNqfCQJbK2MNSEaZOCYrX3xrzheUOL7BAKf+TzvxmFJfq K7RQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=56RWHXvzkP472mcbxpBkLXhIMNZ6eMh+EllzDVrWaqM=; b=UEcJ9H+0yiEzo98FKApZ/AmHbjAE6Ii/XIb7PplOd/yBd08dQdB/2X9wVjpT8lYk/z D7gv2GFzHy3gj9R/FV6r7FvGx4jHNrt8o+guLULzAwsoau/hrj30GxLhECIzI3XKfwlM EiFdw6nG5bGZ1MHcJif+LPR3U+U15xHp9Ncy+oe9NvZy0vHMTDNob73nMKlChO/VzKyf eMNC7K7inrXIjXvYM3JfzHh/6EuoMTypQhyhV4F+OFFhadBEurwMYLbpV4+0ZX/NK7Nx o4nFgk+SQfY/DQk6Y7htSc53E/jF4zsjSa3lquPhMq1r38AeEZt/5JEMGtH8n3kGvwcH Q0wQ==
X-Gm-Message-State: AIVw112a4y/qRCYo0sILe5rMA+ZZPeYtu6HXrsEg4WN4Mk6f5vq5FgBL ZElVnwQLLUlRWxs+agZ2ZpuuVgtHTPGD
X-Received: by 10.37.68.87 with SMTP id r84mr12426292yba.229.1499631145939; Sun, 09 Jul 2017 13:12:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.215.9 with HTTP; Sun, 9 Jul 2017 13:11:45 -0700 (PDT)
In-Reply-To: <d1ec60d1-48b9-aa5a-d0ba-73ac69b7e394@akamai.com>
References: <149866084527.7677.16172483068993302160.idtracker@ietfa.amsl.com> <ff1ba8ba-af2c-e079-6c07-4d97f4d80737@ri.se> <CABcZeBM72_axpp9dUkud9GZ5Nyo_XvWMDsQtZbqVCyfmGSdbOQ@mail.gmail.com> <0ae67cbc-e96c-0a22-b97d-f9c3fdea8eda@ri.se> <CABcZeBMFwYqH2xZLGFhb+yKggXi48cH60WXDcC-bLWFSPj0Mxw@mail.gmail.com> <d1ec60d1-48b9-aa5a-d0ba-73ac69b7e394@akamai.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 9 Jul 2017 13:11:45 -0700
Message-ID: <CABcZeBNQUKAHSpLgTexDOArFe4zjJVgeRwYnGUP2TeggbYo0rw@mail.gmail.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Cc: Marco Tiloca <marco.tiloca@ri.se>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a113f5f3ebf94fa0553e8155a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mLLHvLb0dRzGELDtx8QKUpesuNw>
Subject: Re: [TLS] Fwd: New Version Notification for draft-tiloca-tls-dos-handshake-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Jul 2017 20:12:28 -0000

On Sun, Jul 9, 2017 at 9:34 AM, Benjamin Kaduk <bkaduk@akamai.com>; wrote:

> On 07/09/2017 08:33 AM, Eric Rescorla wrote:
>
>
>
>
> Also, it considers Section 7.4.1.4 of RFC 5246, i.e. the same extensions
>> SHOULD be included in case of request for session resumption.
>>
>> This also led to the design in the draft (i.e., the HMAC computed by the
>> client and the provisioning of a session key K_S), so that the client does
>> not require to contact the TA again in case of intended session resumption.
>>
>
> It seems like if this is really important, the TA could just give the
> client some small
> number of tokens on initial contact.
>
>
> I wonder if the desired properties could be obtained by having the TA be a
> Kerberos KDC that only issues [Kerberos tickets targetting the TLS server's
> Kerberos principal] to [Kerberos clients that are authorized to speak TLS
> to the TLS server].  Then the TLS extension could just hold a Kerberos
> authenticator that binds to the client random and the client can reuse the
> kerberos ticket until it expires.
>

It's actually not clear to me why this needs to be bound to the CH at all,
for the reasons I indicated in my review....

-Ekr


> -Ben
>
>
>