Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis

Yaron Sheffer <yaronf.ietf@gmail.com> Sat, 19 November 2016 14:31 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F204129975 for <tls@ietfa.amsl.com>; Sat, 19 Nov 2016 06:31:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmTp8Z4JodoO for <tls@ietfa.amsl.com>; Sat, 19 Nov 2016 06:31:24 -0800 (PST)
Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F059D129973 for <tls@ietf.org>; Sat, 19 Nov 2016 06:31:23 -0800 (PST)
Received: by mail-pg0-x233.google.com with SMTP id 3so113579078pgd.0 for <tls@ietf.org>; Sat, 19 Nov 2016 06:31:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=sm1L9nimrrWczhRMQa1d7OBqIJcgHczU/Z4eSEgmC/0=; b=YCMaAaBTHLP/KXmC5bdv2X1QOOmDOkOY9rt4snDWauNbtYNFmjyxzgA/Lj6402/pvp le8Ks//02J1I6NhMTywuHFmjAC5V+jTP3NtbAcQvTjHCCzC7xcqS5X6q+amGN29emWxI 0L3pL6KOXF2Eu07VJgPGb2uchbNpZskFdeyK2z7QLK3Bne/y9ebqrBrEwUG/Q6jzWtJA 5GNhdCpeWbP+s+8m4qvze/OJlZd7huftzUbiqYIg9bJPgZIupRCUtD3cLJp7yv9PT8hN +hKchO1w42m39AndHWXiSl8swpZouSMPKe5O8kKSlHrMgCBjVGtCzrEkEyzChx4pR8Ck eA/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=sm1L9nimrrWczhRMQa1d7OBqIJcgHczU/Z4eSEgmC/0=; b=asoU7KBYTlQq7MI70ueIzuSjI5Ufc/LXvQ+Id3G9Wu+8LS0xzAFjrLOhjcB+CaUPuQ kKvZ2/iYtCmt4bsiEkZKyF83S1AyUrkhIuvIKpOw0GHqhjYFGbWO2pSn4uhjr6m3Xec3 mMv2VQIaNwUEN+G3pOv/UL5ochFbC8iwx0o7WCX9Vw8LkbSe30jJBk38dRS+Qg6HNMsK X4V50ZhGGN5yaLmbxS/GCCqtL/vyoixQJzNEpGsoagPqaVw00bWNMYbAEWN47T27SEfo aWtKiDW5GuAfWDUOtmux2GGHZW69p8t+b92EExjA+fKIqJSmwbCDUxxNt3A46zsMFdn3 JWnw==
X-Gm-Message-State: AKaTC03NiObG2Gp8lhOx2cb606/1UfDl9fPpF9sNUCIlZSEEcmJUnSCsWlW8foL1DmCCSg==
X-Received: by 10.99.114.89 with SMTP id c25mr11132951pgn.4.1479565882920; Sat, 19 Nov 2016 06:31:22 -0800 (PST)
Received: from [10.20.100.92] ([58.120.104.2]) by smtp.gmail.com with ESMTPSA id z9sm25611689pfd.29.2016.11.19.06.31.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 19 Nov 2016 06:31:21 -0800 (PST)
To: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <62B88142-2DBE-439F-AD4A-309053925794@sn3rd.com>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <04450ca1-e849-40ff-fc09-52278772cbb2@gmail.com>
Date: Sat, 19 Nov 2016 23:31:18 +0900
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <62B88142-2DBE-439F-AD4A-309053925794@sn3rd.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/oZdDrDJ07MPQeglJxAoG0BsxZ4c>
Subject: Re: [TLS] WGLC for draft-ietf-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Nov 2016 14:31:25 -0000

I have not read the document in full (but still noticed a typo in the 
paragraph we're discussing), so I will not comment on its readiness.

Regarding signature context: I don't understand the CFRG recommendation 
that Yoav is citing. IMO we should include a context string wherever we 
can, to reduce the number of possible cross-protocol (or cross-signature 
scheme) attacks. As far as I know context strings do not cost anything 
and can only improve the protocol's security.

Maybe one day we will only have signatures deployed that support 
context, but if we don't add the context string now we will never get 
there. We are not going to revise TLS just to add a context string to EdDSA.

Thanks,
	Yaron

On 19/11/16 08:55, Sean Turner wrote:
> All,
>
> This is a working group last call for the “4492bis to Standards Track" draft available @ http://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/.  Please review the document and send your comments to the list by 9 December 2016.
>
> Note that we are particularly interesting in the issue Yoav raises in the following message:
> https://mailarchive.ietf.org/arch/msg/tls/8Ec7jQqLr_3FrvQfuclllfozKZk
>
> Thanks,
> J&S
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>