Re: [TLS] TLS 1.3 - method to request uncached shared secrets

Dave Garrett <davemgarrett@gmail.com> Sun, 19 July 2015 21:14 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EABFA1B2CE3 for <tls@ietfa.amsl.com>; Sun, 19 Jul 2015 14:14:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eHmYRjUxHmtt for <tls@ietfa.amsl.com>; Sun, 19 Jul 2015 14:14:17 -0700 (PDT)
Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E17531B2CEA for <tls@ietf.org>; Sun, 19 Jul 2015 14:14:16 -0700 (PDT)
Received: by qged69 with SMTP id d69so36532813qge.0 for <tls@ietf.org>; Sun, 19 Jul 2015 14:14:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=4eS7WLJYdqzrXjKAFVcEjXUSiOn3AhoDJ+14ALTXeE0=; b=VhxGLt3vqnhlncLlIWq8Zt/TrwnLZchwb7sOMgRZFTJuSSJ7Odjj34rA5mPSsI3eHt H5LyweCNrp4Bkdt85sR1ixqezLvwV1Kvw2su8kxsOiA/hIoS+3VZQqjh+eebLSPGRCLo Jb6GU3sEQ6A9+81k/CfwvwjCGI0Sm+owJf3ai/YBy/dFMl8sv54op7xRfFr4709+HULk CzxbYjPxDYWRAZjWhuESbao5PNhYOnfAIqWgnDOltRgbVNQdgv8PJ491Pjs/17msno82 6zyJR/YZLV0WpO78rPO+qXkhlDZUW6eXSYkkZk4Yt+ltdiOVhCVv0bwyKsOJK50oHk1j yzhw==
X-Received: by 10.140.41.9 with SMTP id y9mr41175877qgy.28.1437340456208; Sun, 19 Jul 2015 14:14:16 -0700 (PDT)
Received: from dave-laptop.localnet (pool-96-245-254-195.phlapa.fios.verizon.net. [96.245.254.195]) by smtp.gmail.com with ESMTPSA id z76sm9776387qge.22.2015.07.19.14.14.15 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 19 Jul 2015 14:14:15 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org, Eric Rescorla <ekr@rtfm.com>
Date: Sun, 19 Jul 2015 17:14:14 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <201507180037.56413.davemgarrett@gmail.com> <CAFewVt7tuJBpKggc2MND4m_LxLHb+iGupOAVAKRJBRPZMDVo3g@mail.gmail.com> <20150719210356.GQ28047@mournblade.imrryr.org>
In-Reply-To: <20150719210356.GQ28047@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201507191714.14645.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/qkytZFyR7RixfqMGgSrQOiDx45Q>
Subject: Re: [TLS] TLS 1.3 - method to request uncached shared secrets
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2015 21:14:18 -0000

On Sunday, July 19, 2015 05:03:56 pm Viktor Dukhovni wrote:
> In the current 1.3 draft, there is indeed no client signal.
[...]
> The fix would be for the client to send an empty extension of some
> sort to signal its desire to elicit a session ticket.

Why is the SessionTicket TLS Extension being deprecated at all? Sure, obsolete the RFC, but include the same extension in the TLS 1.3 spec with the same semantics for requesting a ticket from the server (0-length to request). This could be backwards compatible easily enough.


Dave