Re: [TLS] Unifying tickets and sessions
Joseph Salowey <joe@salowey.net> Fri, 24 October 2014 17:05 UTC
Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9DEA1A88B7 for <tls@ietfa.amsl.com>; Fri, 24 Oct 2014 10:05:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qlDU0xsa6aki for <tls@ietfa.amsl.com>; Fri, 24 Oct 2014 10:05:43 -0700 (PDT)
Received: from mail-qa0-f45.google.com (mail-qa0-f45.google.com [209.85.216.45]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A35971A8854 for <tls@ietf.org>; Fri, 24 Oct 2014 09:58:55 -0700 (PDT)
Received: by mail-qa0-f45.google.com with SMTP id dc16so1226232qab.4 for <tls@ietf.org>; Fri, 24 Oct 2014 09:58:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=YfsWtwMTPZbhqkW3v6JytQHto07f2cGJHvbCaPDtE34=; b=OKwga2CTxzmQ2YD6nfx+f4mhHi4T3u2H564HrmWSjzIv9rej/Zblq9/QgY8IVnyQxw l09Y9mZTOtErafwbS/GNq5ZO3mUiztA0/3Og8cUm9D+gE2GoTwvCwdksmwkzxCRJblZp wGNYh2Rd/Rhpux872V6Wd6dZ++LnTn+sG9zlmTYqLifsVw/zy9/ayqkXZtr46ymHrbiS W3iESBsZo0rGG2eiFeQ9RlicelbDI2wxAYAVB8k+bZVvBaGX1sEvUcRwBK46hHQNxHQM qggL+rKKXKYJ8lbBUO7y8bSBypJObFMK6RjdiNQpkiLcqpf+sdCDA0od6vgKDVQyO7RW Q+gg==
X-Gm-Message-State: ALoCoQk328kU4CZdo2OfrrfbBIy6bJkDXCIbzv0zVUUBqAB/CyeHSwMD7TF/97fBsfnTZ9GiAchX
MIME-Version: 1.0
X-Received: by 10.224.171.194 with SMTP id i2mr7704285qaz.59.1414169934820; Fri, 24 Oct 2014 09:58:54 -0700 (PDT)
Received: by 10.96.166.35 with HTTP; Fri, 24 Oct 2014 09:58:54 -0700 (PDT)
X-Originating-IP: [2601:8:b300:a5:7c04:f406:8425:71d0]
In-Reply-To: <1730049.IgUL0REWQP@pintsize.usersys.redhat.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C48AF@USMBX1.msg.corp.akamai.com> <11886639.VyNDkQ3oKj@pintsize.usersys.redhat.com> <54493904.7010807@fussenegger.info> <1730049.IgUL0REWQP@pintsize.usersys.redhat.com>
Date: Fri, 24 Oct 2014 09:58:54 -0700
Message-ID: <CAOgPGoCfVyDL=Bz--=TWCGLJnizxH2C34JQ+GieZsnddttUaVg@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
To: Hubert Kario <hkario@redhat.com>
Content-Type: multipart/alternative; boundary="001a11c2b2769e0e8605062e18b4"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/pcUY6LwXYJO8Pa1BBdOdOL8cUzs
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Unifying tickets and sessions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 17:05:46 -0000
On Fri, Oct 24, 2014 at 3:50 AM, Hubert Kario <hkario@redhat.com> wrote: > On Thursday 23 October 2014 19:21:08 Richard Fussenegger wrote: > > On 10/23/2014 4:03 PM, Hubert Kario wrote: > > > While it may negotiate AES-256 (because it wants to interoperate with > > > clients that are configured to not to present weaker ciphers), doesn't > > > mean that it as a whole is configured to the 256 bit level of > > > security. With TLS1.2 it may sign the (EC)DHE parameters using SHA-1, > > > it may use RSA key exchange using only 2048 bit keys, it may be just a > > > local proxy server that is hard coded to connect using AES-128 with > > > the backed servers over open Internet. Yes, server should encrypt the > > > tickets with as strong algorithm as its most secure cipher, but there > > > are many situations where it's not necessary. "MUST" is certainly not > > > applicable. > > > > Those are good and valid arguments for a RECOMMENDED regarding session > > ticket/token key algorithms or simply dropping one word and uppercasing > > another does the trick (?): > > yes, I agree. > > > > > https://tools.ietf.org/html/rfc5077#section-5.5 > > > > > o The keys and cryptographic protection algorithms should be at > > > > > > least 128 bits in strength. Some ciphersuites and applications > > > > > > - may require cryptographic protection greater than 128 bits in > > > + REQUIRE cryptographic protection greater than 128 bits in > > > > > > strength. > > > > But the MUST regarding key rotation, key discarding, and key count hard > > limits is still appropriate in my opinion because PFS is a MUST in TLS > > 1.3 (unless this has changed and I didn't read about it). > > Yes, while a large key size is recommended ("SHOULD"), a frequent key > rotation > (in order of days) is a "MUST" with shorter time scales recommended, given > other parts of TLS 1.3. > > [Joe] Personally, I don't think that PFS is a MUST for session resumption. I think an implementation can attempt to provide PFS like behavior, but if one is really interested in PFS I think the full handshake is the way to go. I'm a bit concerned that we're going down the path of trying to mandate a particular implementation. I think we have the following areas under discussion: 1. Hard RFC 2119 requirements for things that are verifiable. For example, perhaps you would want to make sure that the client could request the server issue a new ticket (the client can actually verify that the ticket is different). 2. Strong guidelines for the ticket and key management. RFC 5077 has some of these, they can be improved upon. These would not necessarily be RFC 2119 language. 3. Implementation guidance for ticket and key management. Again RFC 5077 has some of this, but it can be improved upon. I think we should be focusing first on 1 because it is normative and affects interop. 2 is also important, but it should not force a particular implementation. 3 is useful, but I do not think it should be normative and I think it may be difficult to come to consensus on what the guidance should be. A discussion on 3 may help us with 1 and 2, but I think its a secondary part of the discussion. I want to make sure we have a clear understanding of 1 and 2. -- > Regards, > Hubert Kario > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Brian Smith
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Brian Smith
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions David Leon Gil
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions David Leon Gil
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Ryan Carboni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Ryan Carboni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Salz, Rich
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Martin Thomson
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Aaron Zauner
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Aaron Zauner
- Re: [TLS] Unifying tickets and sessions Douglas Stebila
- Re: [TLS] Unifying tickets and sessions Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Stephen Checkoway
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
- Re: [TLS] Unifying tickets and sessions Richard Fussenegger
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Joseph Salowey
- Re: [TLS] Unifying tickets and sessions Hubert Kario
- Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
- Re: [TLS] Unifying tickets and sessions Nico Williams
- Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
- Re: [TLS] Unifying tickets and sessions David Leon Gil