Re: [TLS] 0.5 RTT
Karthikeyan Bhargavan <karthik.bhargavan@gmail.com> Tue, 23 February 2016 22:01 UTC
Return-Path: <karthik.bhargavan@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FBB91A8927 for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 14:01:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hjhENNk4-MsS for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 14:01:30 -0800 (PST)
Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com [IPv6:2607:f8b0:400e:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E94431A6F3A for <tls@ietf.org>; Tue, 23 Feb 2016 14:01:29 -0800 (PST)
Received: by mail-pa0-x22a.google.com with SMTP id yy13so116995365pab.3 for <tls@ietf.org>; Tue, 23 Feb 2016 14:01:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rj4kWeH5QKeBKaBeCxtsyk6Yg4t7JZFEPyCBB5S3sVg=; b=lsGMtPuJASDarqU1lFLam5LrRZDIDCyOLbFuzIUdhuz0EFQGhWYrM8dMxQtdDKmor6 d5pI6Oy0nXUKNvZlyW3HVFnEYVWllNnd5yIQLGQzvdVYX59mKVKH5tD9fo+LkgSeeJzS aBjo/E53fof2CyPLeTIckYZnHRoEefoABr316tauedDSamLmuMscXuEVeMEt9jRlwbN+ 4DPLJd1b+qKNgvj2NdDVZV/BScgSdRKHtVtfrLvW4IILlbPXXOW5yFlVIWpB6CVrIMLL e6yZUzDpjNGcOz1OyYWtZ7IWHGWGOiiHIgLtEEgt4iuApos9Dw4sLu1+1ePg8hnOYBLG cKlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=rj4kWeH5QKeBKaBeCxtsyk6Yg4t7JZFEPyCBB5S3sVg=; b=AKBlU/EbHC7mmuhwPrEodW8QDdtYMWC5y2iutbxfshCWXHol4P6A58aS98ylhQmaug OeGwxH1P7WDTOdztDXZRFuZ97xMQpCt4ZVIgDttG9UcUaF2RuDAa7kxMUr5q3H9ERPju 5Lbg502+Omb4GsqAU7bRXv3GLpr/5wJ2QOif9RGGtmFa2gg8r38eCgmibPQEKQ7g0X+V 78ArDPzgp49NXF+5NLLNLIcDlcumxIto1BpTRlcFsQLoAf/4Gu3nLYvW82kFNjuxhaCQ Eok1pDLE0r916lSa+Gm79QBjgoihXYEdfjSsUzoQxpWIyXRodDTcxpRxNih9u1W7l1vA QAIQ==
X-Gm-Message-State: AG10YOSAaJHp/f42FoTe8vOqb8DrRtTYn50P4/dpmCBnTkLK9YJuTaKO2WgCpSIxCEOKxw==
X-Received: by 10.67.6.10 with SMTP id cq10mr49675613pad.120.1456264889666; Tue, 23 Feb 2016 14:01:29 -0800 (PST)
Received: from [172.25.3.130] (rrcs-67-52-140-5.west.biz.rr.com. [67.52.140.5]) by smtp.gmail.com with ESMTPSA id fk10sm3628394pab.33.2016.02.23.14.01.28 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 23 Feb 2016 14:01:29 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
In-Reply-To: <CABkgnnUHmtrRNnOyVXdOe-fnAcN7WVKfX=ycXiugV8A77OjQCQ@mail.gmail.com>
Date: Tue, 23 Feb 2016 14:01:28 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <15C73D91-9CDD-488E-87AF-4EBB1C8202CB@gmail.com>
References: <CABkgnnW1LRhSA_i0nL=rDYnUwBZWg5dSys7yk6aDefYWptnpZQ@mail.gmail.com> <8FA1A0FD-B911-474F-AC08-6208A80EB980@gmail.com> <CADi0yUPOEL++R+_Nhy4NTfhzsA6UjbVbMAEiPx1Qg9+vPPHt7g@mail.gmail.com> <CABkgnnUHmtrRNnOyVXdOe-fnAcN7WVKfX=ycXiugV8A77OjQCQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/p0GcBcxhOtsptQjfpM6tncWpqlI>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] 0.5 RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2016 22:01:31 -0000
> Won't a downgrade be detected by the client when it fails to decrypt > the server's data? The main downgrade concern, I think, is for the 0.5-RTT data’s confidentiality; i.e. it may have been sent encrypted under a broken cipher. You’re right that the client will not accept this data because the handshake hashes (mixed into the key) would not match.
- [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Stephen Farrell
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT stephen.farrell
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Rex
- Re: [TLS] 0.5 RTT Martin Rex
- Re: [TLS] 0.5 RTT Antoine Delignat-Lavaud
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Eric Rescorla
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT Hugo Krawczyk