Re: [TLS] Proposed text for removing renegotiation
Yoav Nir <ynir.ietf@gmail.com> Wed, 28 May 2014 10:05 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F8131A08B3 for <tls@ietfa.amsl.com>; Wed, 28 May 2014 03:05:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HgP-WerbG_sG for <tls@ietfa.amsl.com>; Wed, 28 May 2014 03:05:43 -0700 (PDT)
Received: from mail-we0-x236.google.com (mail-we0-x236.google.com [IPv6:2a00:1450:400c:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 264841A08B4 for <tls@ietf.org>; Wed, 28 May 2014 03:05:42 -0700 (PDT)
Received: by mail-we0-f182.google.com with SMTP id t60so11132134wes.27 for <tls@ietf.org>; Wed, 28 May 2014 03:05:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=DUJ36uKuxT/NjszGecOAxBsPfbpj8KU12ef9M/xJFfU=; b=qznagBsv74FY33T/EkGtP4C8L5IYkQfZo8CDIFIAWiDvhO50JAt/lnbpQhX+JB8/Do 9h1Vvjy01S8c5eO56R1HgLL72ePhrxAR1c28FS4u1ctXy4ZXdxZ+p/6+LM2wfBu0v0HA ZaDtuwwtdMoPDH9XM1GINixnnyjUnz8qNgILTtYySIa/NrXy8femtXSHSE7OyNHJnuyH uNsY+eVI2yov9HJIO06PqxtsTIQEkro3iUzFbZxJPtnowyggPZaMiL1y01OcFzx5fdBT MJ2tlHrk4eydkOUJtT9Z5On53/CCpgE3Yry+rDX7g2AY50Rbuhqm7iH9HRBO6SH1Ok9R ib1w==
X-Received: by 10.194.249.134 with SMTP id yu6mr42253753wjc.86.1401271538568; Wed, 28 May 2014 03:05:38 -0700 (PDT)
Received: from [172.24.249.169] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id bj2sm15621517wib.3.2014.05.28.03.05.37 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 28 May 2014 03:05:38 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <53852A1B.6000808@amacapital.net>
Date: Wed, 28 May 2014 13:05:35 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <955C8E0E-81DC-4301-ABBA-F763D1223C37@gmail.com>
References: <CABkgnnXaLKmxXL01hQEdxHSNGt3nZQQNBLDD5H2LqBzTo3vK4g@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7130CE35E03@USMBX1.msg.corp.akamai.com> <53852A1B.6000808@amacapital.net>
To: Andy Lutomirski <luto@amacapital.net>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/pLVN8kWUHJgh0M8LiGtQ0L6456g
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 May 2014 10:05:45 -0000
On May 28, 2014, at 3:13 AM, Andy Lutomirski <luto@amacapital.net> wrote: > On 05/27/2014 03:18 PM, Salz, Rich wrote: >>> This overloads ChangeCipherSpec, which some might find distasteful, but I think that it is consistent with it's current use and purpose. >> >> Yeah, I'm not thrilled but it, although I admit it is consistent. >> >> I would rather see something like Yoav (?) proposed via Jabber at the interim meeting: a "reset but don't close" message. Either side sends it, the other side replies, and at this point all state is thrown away and it's just as if the client first connected. It avoids TCP reconnect, perhaps requires more work (but the EDH key should be cached), but it seems much clearner. > > I suspect that, without a lot of API care, this will reintroduce the > original renegotiation attack: client sends a prefix, says "reset but > don't close", and starts forwarding ciphertext from a different client. Definitely, so we’d need a same or similar indication to prevent abuse. I tend to think that a binary indication of “initial contact” would be enough (as normal clients will always be “initial contact” and a ClientHello with “initial contact” should never appear after StopTLS), but I could be wrong. Yoav
- [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andy Lutomirski
- Re: [TLS] Proposed text for removing renegotiation Martin Rex
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Daniel Kahn Gillmor
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andy Lutomirski
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Geoffrey Keating
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation Brian Sniffen
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation James Cloos
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation James Cloos
- Re: [TLS] Proposed text for removing renegotiation Martin Rex
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Paul Hoffman
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Steve Checkoway
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Daniel Kahn Gillmor
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation henry.story@bblfish.net
- Re: [TLS] Proposed text for removing renegotiation henry.story@bblfish.net