Re: [TLS] PR for new negotiation syntax

Joseph Salowey <joe@salowey.net> Thu, 04 August 2016 15:49 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05F9E12B032 for <tls@ietfa.amsl.com>; Thu, 4 Aug 2016 08:49:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F8efC4Xzd-w6 for <tls@ietfa.amsl.com>; Thu, 4 Aug 2016 08:49:04 -0700 (PDT)
Received: from mail-qt0-x230.google.com (mail-qt0-x230.google.com [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC6F312B04C for <tls@ietf.org>; Thu, 4 Aug 2016 08:49:04 -0700 (PDT)
Received: by mail-qt0-x230.google.com with SMTP id 52so160809682qtq.3 for <tls@ietf.org>; Thu, 04 Aug 2016 08:49:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=0qaAqcTfk2vn/mgA90FncvsOMhcnzwVLxiYS8JTbrHI=; b=HsqbgO5wpaYCWaPA2Tqp2qhm7XbLfWTk1RaP2zjgfueHARvjSQmi6ScVLjzEmnuE9D HAqEkGfoW8rpDMv4v4uCUOZG0YnjCP8wskUb0oypfkDr5s3TP0uxFtHSCeZFBz/bRNmX 1tgPIiulCEqCWWGvF5mKD8JejExEDWnt0ICg+bTDzWAtVKK8jBfuLStwYKtIB8MI4Z8w WZvObVJA69iVx8XClyN49tq5oBxlBK7QVwfFEdFD5Iy2mdR1cDl4Nkgz7T8DYyM1mfmn GhF4jnSOvdM3iJtlEaeW0uDCtZ7O6UfulJGxS7h8l1fTNHrm/Rc5QxJJUvpudb04MvyS 6BKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=0qaAqcTfk2vn/mgA90FncvsOMhcnzwVLxiYS8JTbrHI=; b=lAkbR+9Hx3ezghgbNZ4bhdJN79l87ErI4Rmx8wXzpbsBvIggOuNmlHQie93cDgVYsQ glFwSkJi0GubB3WVou8ZZObN7/mVeiCG52uAiWfQDK37ZMUHbRToNSmtarH70o8iFbHp 9okI88G3sUaQGV7djzgsPw3UX2yRtrmTg9m4GrQYE+R0f7bw4BCLgJI2c+xO5vqz3cxJ uFoKhxabgZVOIJgZozU+JS94PmY0eK/fE7GbY1CIcf00S0gfAUfX6Isgm2mHgfYuubRD oBN+lRWkFw8cZ7TqMch8SACOu5FVpVGLK5Yt1vxw/9kyO99crAfpaMVo+H0Qd81g9PC/ pnFQ==
X-Gm-Message-State: AEkoout9ga7hrgpadg9bYvKTw74InssXsjgYB/HP1tDhZgfPF+eGjcQ4qtqr8tYaKxnB6fE7mjTrw/nUmI9kdA==
X-Received: by 10.200.55.91 with SMTP id p27mr7039998qtb.48.1470325743489; Thu, 04 Aug 2016 08:49:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.162.22 with HTTP; Thu, 4 Aug 2016 08:48:43 -0700 (PDT)
In-Reply-To: <CABcZeBMgDvw_Nt=Ev5nyEpdu_zWOg0ZFMLqgm19Qa=FTwvVnzw@mail.gmail.com>
References: <CABcZeBMgDvw_Nt=Ev5nyEpdu_zWOg0ZFMLqgm19Qa=FTwvVnzw@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
Date: Thu, 4 Aug 2016 08:48:43 -0700
Message-ID: <CAOgPGoC+HP4Jb-hUNtCAjRcm750Tyo4kpKZ3=_DtBNLw8ezvQw@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary=001a11398802a529ab053940e3ea
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oPElO3ns8k79ciF7Ol52J4yU4Kg>
Subject: Re: [TLS] PR for new negotiation syntax
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2016 15:49:08 -0000

Hi Folks,

There was significant support for this approach in Berlin so if you have
concerns with this approach please post them to the list by Monday, August
8, 2016.

Thanks,

S&J

On Wed, Aug 3, 2016 at 8:30 AM, Eric Rescorla <ekr@rtfm.com>; wrote:

> Folks,
>
> As promised, I've written a PR that describes the new negotiation
> syntax we discussed in Berlin. I also have prototype implementation of
> this in NSS and it's quite a bit cleaner than the previous negotiation
> design. I think that others have found the same thing.
>
> https://github.com/tlswg/tls13-spec/pull/559
>
>
> IMPORTANT: This new negotiation syntax allows for two modes that were
> not previously available with TLS 1.3: PSK and PSK-(EC)DHE with
> server-side signatures. This construction should be safe with
> resumption-PSK (this is why we introduced the resumption_ctx design),
> but as noted in Antoine's recent message [0], this is not safe with
> non-resumption PSK with the all-zeroes resumption context that we now
> use with external PSKs. I have an action item to fix that, so just
> keep that in the back of your head as you review this PR.
>
> Comments welcome.
>
> -Ekr
>
> [0] https://www.ietf.org/mail-archive/web/tls/current/msg20637.html
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>