IETF Logo Mail Archive

[TLS] Re: Disallowing reuse of ephemeral keys

Loganaden Velvindron <loganaden@gmail.com> Fri, 13 December 2024 12:39 UTC

Return-Path: <loganaden@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A7E0C151535 for <tls@ietfa.amsl.com>; Fri, 13 Dec 2024 04:39:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z3g0GZdo5Zr3 for <tls@ietfa.amsl.com>; Fri, 13 Dec 2024 04:39:12 -0800 (PST)
Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1734DC14F74E for <tls@ietf.org>; Fri, 13 Dec 2024 04:39:12 -0800 (PST)
Received: by mail-ot1-x32b.google.com with SMTP id 46e09a7af769-71e1e051e50so445589a34.0 for <tls@ietf.org>; Fri, 13 Dec 2024 04:39:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1734093551; x=1734698351; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=TmJL519K0Xw7itvvqliXuLE84tzNO/6vf601WLOjPA4=; b=aR4f3HEIcQPD+kMWqYJLVlH3tOmu1aiAL4bQpan6WihRpL4X2Y/7zClQxXnxeDSHFi LFPXEenIPLqo28Y0GZhMeH5R74tn+zGzFSSWFxwFpBsC+M2J3U994ZGzl/DJDQDY3pdj zk3zSYhWrjAKPEYIgSwDyFG5t+5phQExCUZSztqIZdM0MVHgFwR88IHZgDnuUBcfBsZD 67mgoftklQXJI2IZ4egPp965FWlfUdM7hNUnhv4QkSscdf9j/3tOfXew7ecOIp3zUJSD t+Prkcg25dw5lB9vTU5qb63W/NQngh8v+JfcK228KIrdUYe3dasxzbD2n4fjEjQrwppj o2Mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734093551; x=1734698351; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TmJL519K0Xw7itvvqliXuLE84tzNO/6vf601WLOjPA4=; b=cN+MBgMfH6HByEhLnZ2oVoGlh5T6NkmHQEEjLu7Nuy4GGTfO2PVpJAn+AELN5zjeR0 dlwl4HiohtjZcNzFH9k2u3CYQZSZdqP6aL3vzbjgbdbe89ChrVfxVN/PQ2urxZzfJSON gVuEnFgTU5k6dwVGT4BMVz9FuWY199Kl7zvntxBp9R1SYWYqgSKNuoIIgcc4sURxL17i zGfz99iHrTgg+cR3rds8i0purtYaCfTBWhRk8IayYii+Mhr5uOYmXP8Jzw0W+51bqAkj GRpeSVN4ptvZFAf8b/d6w9IUsHs371fTAucQeo1U5mu357FfDs9RAK5gLzxOKpu0MnTf wFEQ==
X-Gm-Message-State: AOJu0YzX+gqWhqWU5o4iJnpYq94NFgx29C6dOrHkOmhSmT//0gPSrEQe +Edwtc9rDC+u88F/o5I0U6zoicCTZdwJvQuvNS1ISvshHm5WYqfq4nz2RtWFtrEEUuOeo98k0ic S+TD5clbhBxcLI5CDaYX//ZymJIeWyA==
X-Gm-Gg: ASbGncsr0Q6Wc3h37d/LGLft1Hvf6QCw9DFlSZYkgFBSM8deHr8obe6LElLUfusYQyZ 6TfqhMuVTatvNrOd5wCxVuGWHGE+w+RPOXeGeIhstWp55dg0eP3Ug+wMhnmdXdqB9BQ0Ypgw=
X-Google-Smtp-Source: AGHT+IGCzuJtGja/zCmHKNZvGUOc9YsaXu1bTImqDz+XKlzU/KH3tJw/B3PyynnfUGBZNyiaRwrCWIrKVqxoTZ9yrH8=
X-Received: by 2002:a05:6830:2b06:b0:71d:58df:3277 with SMTP id 46e09a7af769-71e3ba22bb8mr1085092a34.24.1734093550755; Fri, 13 Dec 2024 04:39:10 -0800 (PST)
MIME-Version: 1.0
References: <CAOgPGoCHnXZzzoAFT8GGmByr=7y1j5wM3ptPc4_JBF3FhtVNmQ@mail.gmail.com>
In-Reply-To: <CAOgPGoCHnXZzzoAFT8GGmByr=7y1j5wM3ptPc4_JBF3FhtVNmQ@mail.gmail.com>
From: Loganaden Velvindron <loganaden@gmail.com>
Date: Fri, 13 Dec 2024 16:38:59 +0400
Message-ID: <CAOp4FwQo=OY0UJLQkbVjgf351oi2QeiXZ0fciv3Px2Tfg5pFWA@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: JAFHK5DJFL5K5UMQT44ASM5J7X5ZCWX5
X-Message-ID-Hash: JAFHK5DJFL5K5UMQT44ASM5J7X5ZCWX5
X-MailFrom: loganaden@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "<tls@ietf.org>" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Disallowing reuse of ephemeral keys
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mqlgfGvaafvqwKNbAo_Ew3TQWBE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Thu, 12 Dec 2024 at 21:37, Joseph Salowey <joe@salowey.net> wrote:
>
> Currently RFC 8446 (and RFC8446bis) do not forbid the reuse of ephemeral keys.  This was the consensus of the working group during the development of TLS 1.3.  There has been more recent discussion on the list to forbid reuse for ML-KEM/hybrid key exchange.  There are several possible options here:
>
>
> Keep things as they are (ie. say nothing, as was done in previous TLS versions, to forbid the reuse of ephemeral keys) - this is the default action if there is no consensus
>
> Disallow reuse for specific ciphersuites.  It doesn’t appear that there is any real difference in this matter between MLKEM/hybrids and ECDH here except that there are many more ECDH implementations (some of which may reuse a keyshare)
>
> Update 8446 to disallow reuse of ephemeral keyshares in general.  This could be done by revising RFC 8446bis or with a separate document that updates RFC 8446/bis
>
>

I would favour option 3.

v2.30.2 | Report a Bug | By Email | System Status