Re: [TLS] WGLC for draft-ietf-tls-cached-info-19

Martin Thomson <martin.thomson@gmail.com> Tue, 15 September 2015 21:50 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE66C1B2AF9 for <tls@ietfa.amsl.com>; Tue, 15 Sep 2015 14:50:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KJRAI-YCVDkx for <tls@ietfa.amsl.com>; Tue, 15 Sep 2015 14:49:59 -0700 (PDT)
Received: from mail-yk0-x235.google.com (mail-yk0-x235.google.com [IPv6:2607:f8b0:4002:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E789B1B2B0B for <tls@ietf.org>; Tue, 15 Sep 2015 14:49:52 -0700 (PDT)
Received: by ykft14 with SMTP id t14so48738963ykf.0 for <tls@ietf.org>; Tue, 15 Sep 2015 14:49:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mNDPXlKQ8j+MTPZb1VgY5gBc+beI8QAj7qYwyRQzkJA=; b=MUpp0tfBuyluxjscIhvPaWCQuVYQEpVdmcyhjgt/KRXViwtz+hTo3rhBz8Ulj/hpoF /DfSBonG+vfwKYTN/718s7EXMZwcIvPus++Y1ccyA1KxaRqXf4RRNS/B2xwj6aMLT5xE 6A28+d9/+K6FssGY7jwot5tOAbnqs1yaLr2gyoZwWvYZ0s0rJblFdRBht/RxuHKBT83D RxACS/+IVzR4GaGhHIs5fQUGQ1zzZm+Ulm67DnvtOv/D2IkmMzj5XC4kvM2tgaUOaMmu 1fEdXYr0gIiozKTx+/0i3jG6cUg2eh9BFSumsXbtl/GwD7vs8PB6VUJU21cvYZ+bnkG3 UErw==
MIME-Version: 1.0
X-Received: by 10.13.221.197 with SMTP id g188mr25298607ywe.52.1442353792169; Tue, 15 Sep 2015 14:49:52 -0700 (PDT)
Received: by 10.129.133.130 with HTTP; Tue, 15 Sep 2015 14:49:52 -0700 (PDT)
In-Reply-To: <CABcZeBP-xGLkMDewK47AVPGqdvzoamQ8R+dj+1=HXF2u-GDMSA@mail.gmail.com>
References: <CAOgPGoBivgXGKpZH=4mSkrVaKyg9YPi05rphs3VOcvuiFfPzrg@mail.gmail.com> <CABkgnnU++z-r3m2p-+k-6i8BwE5o9wXULS0RVJfCG1+nmkY13Q@mail.gmail.com> <55DB489C.80505@gmx.net> <CABkgnnWXsieUibqFwa_ugm==Vw+5zYpkH6nersxJVvURqf475A@mail.gmail.com> <55F1662C.5050209@gmx.net> <CABkgnnU_r=CmNuaX8kOoxYPoBJ052=4Df88yLb5xxVp4zgRjGw@mail.gmail.com> <CABcZeBP-xGLkMDewK47AVPGqdvzoamQ8R+dj+1=HXF2u-GDMSA@mail.gmail.com>
Date: Tue, 15 Sep 2015 14:49:52 -0700
Message-ID: <CABkgnnWTN7bR+jGbSirpqgwa3o+juCBJ60ea=z2jYffnwm7o0w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/miwCgAutkOa1J4G-tpRe7k9WDOs>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] WGLC for draft-ietf-tls-cached-info-19
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2015 21:50:01 -0000

On 15 September 2015 at 13:29, Eric Rescorla <ekr@rtfm.com> wrote:
> Sorry it's taken me so long to respond, but I'm not convinced that it's not
> necessary
> to have a secure digest here. Do you have a security analysis that
> demonstrates
> that that's the case?

Do you want one?  I guess that I could adapt one of the existing 1.3
models to remove the certificate (and assume some out-of-band
mechanism for moving the certificate around).

That said, Hannes' argument is pretty straightforward:
  I separately learn that a public key is bound to a particular
identity (X.509 provides this binding, not TLS)
  The TLS connection is authenticated based on proof of possession of
the corresponding private key.

In short:
  Identity <--[X.509]--> 1 public key
  1 public key <--[TLS]--> 1 TLS session