Re: [TLS] review comments on draft-rescorla-tls-dtls13-01
Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 20 April 2017 06:49 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D2C912EB1D for <tls@ietfa.amsl.com>; Wed, 19 Apr 2017 23:49:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.401
X-Spam-Level:
X-Spam-Status: No, score=-5.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S56W6kBNs55P for <tls@ietfa.amsl.com>; Wed, 19 Apr 2017 23:48:59 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C29CE1200C1 for <tls@ietf.org>; Wed, 19 Apr 2017 23:48:58 -0700 (PDT)
Received: from [192.168.91.191] ([195.149.223.176]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MFctN-1cpI3y1TBV-00Ectg; Thu, 20 Apr 2017 08:48:51 +0200
To: "Kaduk, Ben" <bkaduk@akamai.com>, "tls@ietf.org" <tls@ietf.org>
References: <886102B6-C2CE-4257-BEB9-11F72000DE50@akamai.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <cf3fadb3-ded0-f619-a73e-77a52e69fdcf@gmx.net>
Date: Thu, 20 Apr 2017 08:48:48 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <886102B6-C2CE-4257-BEB9-11F72000DE50@akamai.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="taGLq38V2L9HqcmXST4aG3Wdc28lsB8BK"
X-Provags-ID: V03:K0:bvMuaw+2wB72RjcXkGJx9GoNOIP71ygPngSo8yPEf5o/XjrnWGA yVjNcyvWxeMdtIUXOFtSCkGygwjxl93ZTiWWeisT0tZ90MHXMfX5wEoMbQKXi88k40JePSk q9E1cHugbMgeOMCidRFwojEKub7Oed+hT+SSGOFLZAQ03X170zN3+a/ftUJYyU6eSTXbZvL HlWzdeXaYosCBlCILlcXA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:uEiil+Pkuzc=:NcwAtU+cjp7nhLDjRCGm+/ EhJMLTNzvpOMfZLFgrvqEA81PPsCddhRCjBcPXK/hERb1gMAqhBkfVy770hKHgr7Tv9Vsz+3A MUnCJX8hnSLzUNZGJEKV0avhTrdvGPSRQNz0XYsIbDcNqR14Jz4UtOG12OqT67gCIuxBi7c68 nTpSqRR18i+LWldYOuvbmTAqqOk448bqOe43ovTjgz/pakE3QnjdjoAoilIfzQT5KgIHGjKd1 vCqwIwt813Rsyb/NuGTWgzNFlO/FF+jB2NpNFf+0F0PpFJfaVqcggt+EpJAa0G8xajFZFJzc/ xHo3DEdKy4+TY3pii8N9UeZDqlAnQkjPD8WeyOT3qJYl1thdTeOmglW4auy/2jIBCOnm/sPSn Ec+MUmTFe5OOoFJIBhRVKBZRpVaZuUgSsfUj46/hHAPdUjCVZsi6DVmjaNALhBGFaRLAHVuH0 sb4IsukOfv1NXtd+f3tupOU9+9QXWaHnNI+UwLtZol8kpefBmMrO+QdEJtavzSbDXqQcY1jQO OIvFiIwPMpNQh5XZTojJwsNPBR8LypgmY2VWWEW5aZnNg1EjNwl2AOZ1idGHNGaTzIt8/b2e8 Zzr0/Bew8YmX8OQ7AuAUovYTq7huDzBV252jhXF0GtF6jmHPVVG4vLl7cJE9Tb7hASEVYsoZZ AUXR8zEN5mLMuHdQLkEUHTwsTzgxgbPwDcn6VWKI2Fsl061btwF8VepTKPtw63vdlHk69xBXu 2OIxoxZaWhqE29Km+1HEkaWVgMjr/W913aG7kOO3OnFJp0TkLtQTsKvmHhs=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oYfFF-kkBgihC6CBzb_4Ewir0po>
Subject: Re: [TLS] review comments on draft-rescorla-tls-dtls13-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 06:49:01 -0000
Hi Ben, thanks for the review. On 03/29/2017 04:25 AM, Kaduk, Ben wrote: > A few things I noticed while reading the draft to prepare for today’s > session: > > We talk in a couple places about datagram protocols being > “vulnerable” or “susceptible” to DoS attacks, which leads me to at > least partially read that as meaning that the protocol’s own service > will be disrupted; as we know, this is not the whole story, as the > reflection/amplification part can facilitate DoS attacks targeted at > other services/networks. So perhaps some rewording is in order. I created an issue https://github.com/ekr/dtls13-spec/issues/18 to take this into account. Note, however, that the DDoS attacks from last year had nothing to do with this protocol design issue. If you control a large number of endpoints then you can flood networks and servers with messages. > > We should catch up to the ClientHello1 being included in the > transcript hash as the synthetic message_hash message, so the full > transcript of it need not be stored in the HelloRetryRequest. > Yes, the most recent version of the TLS spec talks about this issue and we need to take it into account. > On page 20, second paragraph, please be clear that it is the > message_seq vs. the record sequence_number that must match > next_receive_seq. Yes, one has to read carefully in order not to miss this fine distinction. We will try to improve the text. > > I also made a note of the different key update behavior of this draft > vs. draft-ietf-tls-tls13-19, with the epoch change and lockstep > rekeying between peers. That was in the presentation as well, but I > haven’t had my thoughts settle into which flavor I prefer, yet, > though the explicit KeyUpdate does have some advantages. In practice, I believe the KeyUpdate message will not be used too often. We nevertheless have to figure out whether the loss of functionality (which I believe is minimal) is worth using a separate message. By moving to the implicit rekeying feature (in comparison to the explicit KeyUpdate message) we loose the ability to give the other party the option to decide whether they also want to update their keys. I personally don't see this as a big issue. Ciao Hannes > > -Ben > > _______________________________________________ TLS mailing list > TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls >
- Re: [TLS] review comments on draft-rescorla-tls-d… Hannes Tschofenig
- [TLS] review comments on draft-rescorla-tls-dtls1… Kaduk, Ben