Re: [TLS] Remove 0-RTT client auth
Andrei Popov <Andrei.Popov@microsoft.com> Sun, 21 February 2016 23:59 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 278B71ACE5C for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 15:59:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rtr_F7NzeKSY for <tls@ietfa.amsl.com>; Sun, 21 Feb 2016 15:59:09 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0753.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::753]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1B681ACE38 for <tls@ietf.org>; Sun, 21 Feb 2016 15:59:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=uP+Z+1phvKXQmR77tMUe1khl4ykbybuhxPmVLN/sd9g=; b=H26bb/Co+Sd6vl/2EIbxsNSivghtCxgZSCC6jiMetP07OMUKPKVbnEWnVWjmDiu7aviN9WAo2SNNq+F+Np9Oock6K2i/fcrOjh8IKrRAbQHGY5OEMTdLNVE+C031eHfPS9D+2eKM28P6uZM+1PrbzkgkIdIhEjEF4oZBaC3XaO4=
Received: from BLUPR03MB1396.namprd03.prod.outlook.com (10.163.81.142) by BLUPR03MB1395.namprd03.prod.outlook.com (10.163.81.141) with Microsoft SMTP Server (TLS) id 15.1.409.15; Sun, 21 Feb 2016 23:58:52 +0000
Received: from BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) by BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) with mapi id 15.01.0409.024; Sun, 21 Feb 2016 23:58:52 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [TLS] Remove 0-RTT client auth
Thread-Index: AQHRbN5zI6wtdPUSskemUdPtdNKkhZ825MAAgABIwjA=
Date: Sun, 21 Feb 2016 23:58:51 +0000
Message-ID: <BLUPR03MB13969A66CED53C71975A9D468CA20@BLUPR03MB1396.namprd03.prod.outlook.com>
References: <CABkgnnWy3anGeLZ2a=EH+O2f4PnScJPGdBdEOkA7EmE+jgZ1pg@mail.gmail.com> <CABcZeBNnSozZvs78tcCTff+_5X23i6TnHTBLgq-mHJaCs=QkKA@mail.gmail.com>
In-Reply-To: <CABcZeBNnSozZvs78tcCTff+_5X23i6TnHTBLgq-mHJaCs=QkKA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:4898:80e8::1d2]
x-ms-office365-filtering-correlation-id: a0f288f0-4fed-40ea-bfa9-08d33b1af2eb
x-microsoft-exchange-diagnostics: 1; BLUPR03MB1395; 5:dPA7klbhryLgmW8+hWQ7T4UHMqEcCdJ8XkDddajuq/wE18KRmmz8i0IE3ZZTP//xl9rAG2gXdEOEr9wS/KvRRNcCmGqBxsX7V7dw9W7iTFev3V+7HYiU18eVRMDfOXr9LHF4epfKIFerY/gAySH1PA==; 24:H9fqB4OmcTGpLGN2CqBvtqyBmUNlCy+4Br7t2HQgG5XlKlcGS+n30fkBq7pE2v+t1A3D8gZwrZfvp5Q3kGp0Jnu/NZjAke9DOARDaiMbkA8=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB1395;
x-microsoft-antispam-prvs: <BLUPR03MB139596BE2D1DD9508428160C8CA20@BLUPR03MB1395.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(61426038)(61427038); SRVR:BLUPR03MB1395; BCL:0; PCL:0; RULEID:; SRVR:BLUPR03MB1395;
x-forefront-prvs: 085956473E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(377454003)(24454002)(5001770100001)(33656002)(19625215002)(76176999)(5001960100002)(54356999)(50986999)(16236675004)(2900100001)(2950100001)(77096005)(106116001)(15975445007)(99286002)(76576001)(86362001)(8990500004)(19300405004)(19617315012)(10400500002)(10290500002)(87936001)(5004730100002)(5005710100001)(2906002)(3660700001)(3280700002)(10090500001)(5003600100002)(92566002)(5008740100001)(11100500001)(586003)(74316001)(790700001)(6116002)(102836003)(1096002)(1220700001)(122556002)(5002640100001)(40100003)(189998001)(19580405001)(19580395003)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB1395; H:BLUPR03MB1396.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BLUPR03MB13969A66CED53C71975A9D468CA20BLUPR03MB1396namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2016 23:58:51.6971 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB1395
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/o-KVT0jGaEwwVlgkEi6-TFJBkzk>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Remove 0-RTT client auth
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Feb 2016 23:59:14 -0000
I am strongly in favor of removing client auth from 0-RTT. Cheers, Andrei From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Eric Rescorla Sent: Sunday, February 21, 2016 11:37 AM To: Martin Thomson <martin.thomson@gmail.com> Cc: tls@ietf.org Subject: Re: [TLS] Remove 0-RTT client auth +1 On Sun, Feb 21, 2016 at 11:31 AM, Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>> wrote: I'm sitting here in TRON listening to Karthik describe all the various ways in which client authentication in 0-RTT is bad. I'm particularly sympathetic to the perpetual impersonation attack that arises when the client's ephemeral key is compromised. We originally thought that we might want to do this for WebRTC/real-time. As it so happens, we have an alternative design that doesn't need this, so... I propose that we remove client authentication from 0-RTT. This should simplify the protocol considerably. https://github.com/tlswg/tls13-spec/issues/420 [1] Compromising the server's long term key has the same impact, but that's interesting for other, worse reasons. _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2ftls&data=01%7c01%7cAndrei.Popov%40microsoft.com%7cb8afe35a6c8a4dd7e41308d33af67de7%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=bLPondg934Q9uP279%2b4Rq5Lnm3eRiqHR1%2fhE7K5z0Yg%3d>
- [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Eric Rescorla
- Re: [TLS] Remove 0-RTT client auth Cedric Fournet
- Re: [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Eric Rescorla
- Re: [TLS] Remove 0-RTT client auth Adam Langley
- Re: [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Eric Rescorla
- Re: [TLS] Remove 0-RTT client auth Martin Thomson
- Re: [TLS] Remove 0-RTT client auth Andrei Popov
- Re: [TLS] Remove 0-RTT client auth Russ Housley
- Re: [TLS] Remove 0-RTT client auth Ilari Liusvaara
- Re: [TLS] Remove 0-RTT client auth Martin Thomson