Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)DHE public values be fresh
Adam Langley <agl@imperialviolet.org> Mon, 09 January 2017 19:56 UTC
Return-Path: <alangley@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BD9E1295A1 for <tls@ietfa.amsl.com>; Mon, 9 Jan 2017 11:56:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E44YqbNEmcsl for <tls@ietfa.amsl.com>; Mon, 9 Jan 2017 11:55:58 -0800 (PST)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFB47129595 for <tls@ietf.org>; Mon, 9 Jan 2017 11:55:58 -0800 (PST)
Received: by mail-it0-x22d.google.com with SMTP id r185so31643568ita.0 for <tls@ietf.org>; Mon, 09 Jan 2017 11:55:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=aVDYrBC/faab/QWdFOIdespd5yJZzDr18TQch1COJ3Q=; b=VzFx16P4aVR7IhljIhqBbLE8nUTS09hRCyEYsbGRoTXpw/lfc81WWv5gPmLF7vpQKJ TYZCm2R0KBKDj5AV7p/NfppHpIzWedHLGvI7wgtChMaThIR18VCp4nQbMDWe3LDadMG9 7FAv47n2HEf1DoOQn3yHvQqkEnt2anRIq/2nRC3pFjWG8VZ+tA6/JotuhD8RO6ObEFDd YRfDntqaw+VJvW6da/Xl+OXEcsbchIx4GcEylWBJFl8kRtqnmuhMISLmjBJ5bHCN+gB1 uZkGhPSfWlbH1sEZPuaRXg2DXC2yBZaW9ddPiAUhopyOSxDfbCB5koicf55M/SEnDMl7 OLqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=aVDYrBC/faab/QWdFOIdespd5yJZzDr18TQch1COJ3Q=; b=c2IyuMNFi5nb+mHE4xZMjn1eJ22nmUtswtRyyxx4RT0AG5+Q/lLuk7Ogu/MNjIbJP8 xsDVG+m1ZVqFOhYt7sQCkpBLvyywp9u1sM0VCasuwm3RzzPLKlUHB3dUGd+kbEU+u45v SSSecIWltm/I6V/KjJsbjC0MM5Atdb9Hatrz59ptih8PEM2fzO6ZBG1s47t1Gr7c9pKV m/k+PZ2ywWXK/axa5IeCPlXmj9ieXTMzvadmEfjR3i4gZ3ffStppyeYWGYM4WWXl5q8J ITenJdzdV1heo8eDsMKil8EYmBwmXDLIiuk4b8KBaSc5elAc202iCD0MrLDwKxKcUT4c IJ9A==
X-Gm-Message-State: AIkVDXLuLpHSRxS4EoZ9XL4ujpSUSGSYLzwamuCw/DfQgAOsZzM3a6gFx+dSPt1Vxi+K16vefh0EgaireCPhUQ==
X-Received: by 10.36.178.74 with SMTP id h10mr10454833iti.82.1483991758003; Mon, 09 Jan 2017 11:55:58 -0800 (PST)
MIME-Version: 1.0
Sender: alangley@gmail.com
Received: by 10.36.27.136 with HTTP; Mon, 9 Jan 2017 11:55:57 -0800 (PST)
In-Reply-To: <CAMfhd9VgvMneT--VqgZ2VnwkbHuorE+ZMoYx_UnSu2QkPLaNmg@mail.gmail.com>
References: <CAMfhd9Urd1DWF9yhMdhvx1AcKyB4-E7Qy+tzqz_-1RpXR+Wp1w@mail.gmail.com> <CAFewVt44xm3rgm=n8PpEcqbTvC-Ei2EvoJciL=+m2UnQ-fUm2A@mail.gmail.com> <CAMfhd9Xq4RA6XBqLZtsbWSnMk4SnvZLC9V3_gCH-FzyVBMg4xg@mail.gmail.com> <CADi0yUPSkBhyuX7utW1tsVkkbDc6YgBLie41qWPwbo+X6CpuZA@mail.gmail.com> <1483330131409.25713@cs.auckland.ac.nz> <5542029D-293A-44F5-9A11-62F5C47A4BA5@gmail.com> <CABcZeBOa7rNSX-bZgQ4HS02XX0c_bMMfTMPfpmtxyq7DrnpmuA@mail.gmail.com> <071A0098-8E03-4DCB-AA3F-4AD9424C9493@gmail.com> <CAMfhd9VgvMneT--VqgZ2VnwkbHuorE+ZMoYx_UnSu2QkPLaNmg@mail.gmail.com>
From: Adam Langley <agl@imperialviolet.org>
Date: Mon, 09 Jan 2017 14:55:57 -0500
X-Google-Sender-Auth: mFx0ARobPbWoFIKWkGr9nr91neM
Message-ID: <CAMfhd9WkTued8WnHfJ8=My21UGngfKNANPcL04BohKTJ2F4z6Q@mail.gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mTHLwLiXgvP-HqsClMmUgHjopg4>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)DHE public values be fresh
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2017 19:56:00 -0000
On Mon, Jan 2, 2017 at 3:57 PM, Adam Langley <agl@imperialviolet.org> wrote: > I don't expect that those who want to intercept TLS connections will > see a MUST NOT and go do something else. Rather I think they should > understand that TLS isn't supposed to be intercepted and, if they want > to do that, then they're going to be breaking the spec in places. I > think they're going to do that no matter what we do so I want to > ensure that these "interceptable" implementations don't inadvertently > proliferate. (Because if everything Just Works when you accidentally > copy such a config to your frontend server, then it'll happen.) I had understood that the desire from some large institutions to intercept TLS connections arose only in a datacenter setting. However, based on private conversations, it appears that at-least one of those institutions does this on their public frontends and will very likely do something worse than persistent ECDHE if that's not possible with TLS 1.3. Thus the hope that we can detect and reject this configuration by default, and thus prevent unintended loss of forward security, without pushing people into implementing interception in a way that's even worse, appears to be gone. So I'm disappointingly now thinking that we should simply say that DH values "SHOULD NOT" be cached for more than 10 seconds. Something like SSLLabs can still warn when that's violated, but clients probably cannot enforce it without perverse consequences. Cheers AGL -- Adam Langley agl@imperialviolet.org https://www.imperialviolet.org
- Re: [TLS] Requiring that (EC)DHE public values be… Martin Rex
- [TLS] Requiring that (EC)DHE public values be fre… Adam Langley
- Re: [TLS] Requiring that (EC)DHE public values be… Stephen Farrell
- Re: [TLS] Requiring that (EC)DHE public values be… Eric Rescorla
- [TLS] cross-domain cache sharing and 0rtt (was: R… Stephen Farrell
- Re: [TLS] cross-domain cache sharing and 0rtt (wa… Eric Rescorla
- Re: [TLS] Requiring that (EC)DHE public values be… Adam Langley
- Re: [TLS] cross-domain cache sharing and 0rtt (wa… Adam Langley
- Re: [TLS] Requiring that (EC)DHE public values be… Brian Smith
- Re: [TLS] cross-domain cache sharing and 0rtt (wa… Ilari Liusvaara
- Re: [TLS] cross-domain cache sharing and 0rtt (wa… Richard Barnes
- Re: [TLS] cross-domain cache sharing and 0rtt Stephen Farrell
- Re: [TLS] cross-domain cache sharing and 0rtt Eric Rescorla
- Re: [TLS] cross-domain cache sharing and 0rtt Stephen Farrell
- Re: [TLS] cross-domain cache sharing and 0rtt Ilari Liusvaara
- Re: [TLS] cross-domain cache sharing and 0rtt Eric Rescorla
- Re: [TLS] cross-domain cache sharing and 0rtt Bill Frantz
- Re: [TLS] cross-domain cache sharing and 0rtt Stephen Farrell
- Re: [TLS] Requiring that (EC)DHE public values be… Scott Schmit
- Re: [TLS] Requiring that (EC)DHE public values be… Adam Langley
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Hugo Krawczyk
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Dan Brown
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Ilari Liusvaara
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Peter Gutmann
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Hugo Krawczyk
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Yoav Nir
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Eric Rescorla
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Ilari Liusvaara
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Eric Rescorla
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Yoav Nir
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Colm MacCárthaigh
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Adam Langley
- Re: [TLS] cross-domain cache sharing and 0rtt Benjamin Kaduk
- Re: [TLS] cross-domain cache sharing and 0rtt Ilari Liusvaara
- Re: [TLS] cross-domain cache sharing and 0rtt Martin Thomson
- Re: [TLS] cross-domain cache sharing and 0rtt Benjamin Kaduk
- Re: [TLS] cross-domain cache sharing and 0rtt Ilari Liusvaara
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Adam Langley
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Kurt Roeckx