IETF Logo Mail Archive

Re: [TLS] extending the un-authenticated DTLS header

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 16 November 2016 01:59 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 415EA129616 for <tls@ietfa.amsl.com>; Tue, 15 Nov 2016 17:59:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fO5P7XcRssAt for <tls@ietfa.amsl.com>; Tue, 15 Nov 2016 17:59:34 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0074.outbound.protection.outlook.com [104.47.1.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB9A012964E for <tls@ietf.org>; Tue, 15 Nov 2016 17:59:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kyyU8n2qR7TfpXu2ca6QOsMvBN2N+GusnaXEqel6nLM=; b=BJe+FADH2jkkStnfB0XNATt76z9QSyRF68yWHmWpYT7oEPDbGcFzYB/I3BTTKNeckUvve2R/52d5p2xS6C3kQKGRdTtOviGAFWUQaszfPu6j/Sptixg0U7knrsTMJVTYCc+DvJQ0WVhuy19WzsrkRBKeBndp7ngaZMB6dqfrrew=
Received: from HE1PR0802MB2475.eurprd08.prod.outlook.com (10.175.34.148) by HE1PR0802MB2475.eurprd08.prod.outlook.com (10.175.34.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.734.8; Wed, 16 Nov 2016 01:59:27 +0000
Received: from HE1PR0802MB2475.eurprd08.prod.outlook.com ([10.175.34.148]) by HE1PR0802MB2475.eurprd08.prod.outlook.com ([10.175.34.148]) with mapi id 15.01.0734.007; Wed, 16 Nov 2016 01:59:27 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Eric Rescorla <ekr@rtfm.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: [TLS] extending the un-authenticated DTLS header
Thread-Index: AQHSPnbTzGwhOuy3n0OG26ZgyhjKBKDZPRuAgAABu4CAAZ2qQA==
Date: Wed, 16 Nov 2016 01:59:27 +0000
Message-ID: <HE1PR0802MB2475780DD8B4516827AF0BF9FABE0@HE1PR0802MB2475.eurprd08.prod.outlook.com>
References: <1479128315.2624.62.camel@redhat.com> <058f1681-9ecf-22db-1b88-2313491c7b72@cs.tcd.ie> <CABcZeBNGFGx60gjp41YV8a9G0GOPfbdhAQuzqpBrFjRq6WnogA@mail.gmail.com>
In-Reply-To: <CABcZeBNGFGx60gjp41YV8a9G0GOPfbdhAQuzqpBrFjRq6WnogA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [31.133.133.129]
x-microsoft-exchange-diagnostics: 1; HE1PR0802MB2475; 7:BArDpNrxDWpAFCkm5m8vy/YwrFGVvKcTzFmnYDgxcv0PjEoAnBTGNKQlTmLUaYT2huCvo6shdwWde/wuOT6bZaChPUpfkxLyVnL+nUV19n0MtNhdl9UjGOOIWT4VyByv1MSr1DYDvEfu0LZZNCnDYQhTTCy0VEfNIrx12HMUwr2YXQSVwpCiaKwued26Nf/h0UexZii9//DQs6wnGgTFYKy4/dYAhh0Dy0WYicfXVhx4rnv6zlotJl/2ZDhhc1LxzrNHAgsdakZuP7erHHsiJuvDq6p0JnypX39QhWBr7cMom1KwBSi8yOhUcxTef7L9uGCkl0vLBBYGd5Zuj7gX123l6R3qe1FszDvwnajlm8g=
x-ms-office365-filtering-correlation-id: 787c9d24-d6ae-4553-23e3-08d40dc43228
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:HE1PR0802MB2475;
x-microsoft-antispam-prvs: <HE1PR0802MB2475BEEA6B8E08411457F095FABE0@HE1PR0802MB2475.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6060326)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6061324)(6072148); SRVR:HE1PR0802MB2475; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0802MB2475;
x-forefront-prvs: 01283822F8
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(199003)(40434004)(189002)(86362001)(66066001)(101416001)(106116001)(106356001)(68736007)(105586002)(5001770100001)(6506003)(8676002)(189998001)(122556002)(97736004)(6116002)(7696004)(790700001)(102836003)(3846002)(2950100002)(3660700001)(76176999)(5890100001)(33656002)(81166006)(9686002)(74316002)(8936002)(4326007)(3280700002)(76576001)(7736002)(7846002)(92566002)(5660300001)(229853002)(2900100001)(54356999)(77096005)(50986999)(87936001)(2906002)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0802MB2475; H:HE1PR0802MB2475.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_HE1PR0802MB2475780DD8B4516827AF0BF9FABE0HE1PR0802MB2475_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2016 01:59:27.0513 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0802MB2475
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/n260Td4SuQbn1Ryo05JQxKE3Bx0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] extending the un-authenticated DTLS header
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 01:59:35 -0000

Ø  I'd be interested in an analysis of the potential privacy
impacts of this. Isn't this more or less the same as doing
SPUD-for-DTLS? (If not, sorry for dragging in controversy:-)

I don’t know SPUD but I see this work providing the same functionality as the Security Parameter Index (SPI) in the IPsec ESP RFC.
So far, I have not heard terrible concerns about the privacy properties of IPsec ESP.

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email