Re: [TLS] Remove EncryptedExtensions from 0-RTT
Ilari Liusvaara <ilariliusvaara@welho.com> Sun, 26 June 2016 16:34 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6A6C12B012 for <tls@ietfa.amsl.com>; Sun, 26 Jun 2016 09:34:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.326
X-Spam-Level:
X-Spam-Status: No, score=-3.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 83U2qg0GcFch for <tls@ietfa.amsl.com>; Sun, 26 Jun 2016 09:34:19 -0700 (PDT)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) by ietfa.amsl.com (Postfix) with ESMTP id 7670A126B6D for <tls@ietf.org>; Sun, 26 Jun 2016 09:34:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id CA1C21F1A; Sun, 26 Jun 2016 19:34:17 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id zURHvG4mB6K5; Sun, 26 Jun 2016 19:34:17 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-177-32.bb.dnainternet.fi [87.100.177.32]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 726652310; Sun, 26 Jun 2016 19:34:17 +0300 (EEST)
Date: Sun, 26 Jun 2016 19:34:16 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Subodh Iyengar <subodh@fb.com>
Message-ID: <20160626163416.GA24381@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CABkgnnVFg2iCc8eWX40+25ATE=dAw3WmndReO0ky2j1K_soLPQ@mail.gmail.com> <20160623103546.GA5287@LK-Perkele-V2.elisa-laajakaista.fi> <CAF8qwaB6EiP-O3s+pCw9wGHvAH1iFZRQ_GbNJOXwiO2LW4iCvg@mail.gmail.com> <CAF8qwaA-XVz-t8G5mos4mm9LfrVjEbh1TKy8n3uKi416t7e_MA@mail.gmail.com> <CABkgnnWEg31RrD+9-NJAg_R4oC9oPz4wWKFoxvhNJEi=9_o-Og@mail.gmail.com> <974CF78E8475CD4CA398B1FCA21C8E995655BEB2@PRN-MBX01-4.TheFacebook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <974CF78E8475CD4CA398B1FCA21C8E995655BEB2@PRN-MBX01-4.TheFacebook.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mYF-cnIokugueaEYaDOQA5EjXh4>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Remove EncryptedExtensions from 0-RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jun 2016 16:34:22 -0000
On Sun, Jun 26, 2016 at 05:34:04AM +0000, Subodh Iyengar wrote: > Was there a compelling reason to not just put the ticket age in the > clear in the CHLO field as @davidben alluded to before. It seems to > make it much simpler in general. Unfortunately, just putting it in plain allows correlating sessions. That's the reason it is XOR'd currently, but the XOR probably will be changed to ADD32 to break correlation-to-parent (which is really nasty privacy-wise) in case of ticket reuse. > With support for multiple tickets the server could issue multiple > tickets at different times to make time correlation more difficult. > The ticket seems to be a more definitive identifier of the user > than the time. There is already support for that. But without fudging the times, correlation is still possible. -Ilari
- Re: [TLS] Remove EncryptedExtensions from 0-RTT Eric Rescorla
- Re: [TLS] Remove EncryptedExtensions from 0-RTT Ilari Liusvaara
- Re: [TLS] Remove EncryptedExtensions from 0-RTT Eric Rescorla
- Re: [TLS] Remove EncryptedExtensions from 0-RTT Martin Thomson
- Re: [TLS] Remove EncryptedExtensions from 0-RTT Ilari Liusvaara
- Re: [TLS] Remove EncryptedExtensions from 0-RTT Subodh Iyengar
- Re: [TLS] Remove EncryptedExtensions from 0-RTT Martin Thomson
- Re: [TLS] Remove EncryptedExtensions from 0-RTT David Benjamin
- Re: [TLS] Remove EncryptedExtensions from 0-RTT David Benjamin
- Re: [TLS] Remove EncryptedExtensions from 0-RTT Ilari Liusvaara
- [TLS] Remove EncryptedExtensions from 0-RTT Martin Thomson