Re: [TLS] tls 1.3: renegotiation
Martin Thomson <martin.thomson@gmail.com> Mon, 28 July 2014 21:17 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29B8D1A01E2 for <tls@ietfa.amsl.com>; Mon, 28 Jul 2014 14:17:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tc8U_8Br1ZHf for <tls@ietfa.amsl.com>; Mon, 28 Jul 2014 14:17:49 -0700 (PDT)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A0471A017F for <tls@ietf.org>; Mon, 28 Jul 2014 14:17:48 -0700 (PDT)
Received: by mail-wi0-f176.google.com with SMTP id bs8so5135530wib.3 for <tls@ietf.org>; Mon, 28 Jul 2014 14:17:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=yMoqK/dj94udtv26u2o9ACnq+yOc41TIhgn/NBKcPJM=; b=AGHHVGKJa0aZ2LYE6vVresxmLftJ5UX56PlOiXftF/Vv+FVdkbeTeGwpjxDtHYXAyd WlOOVzLd97dMSWG7tcowttN6EyeJdDwFwFwM7ugynMsDFcyHQxFGD6KRxKcn1K0iqRFv fp2PtoeGoVwAb+6GQzCP752EFIhBhaupCA1hcUGr0zUv3wigL/3Ut0cKe9m3yBzwr2Yg XB4mqW0ODH5eyyTYxTOD/SYA/eq3r6T7+RGks1bh1gxqDQG1N1od4Hoi6iSTKkvUaPIX CDLXD37ZqrNRcihi0NdRaK2IR+5NRFYU290S4XE22/+QZAeLoL68UhizELaJhfcdp23h a8mw==
MIME-Version: 1.0
X-Received: by 10.194.185.238 with SMTP id ff14mr54101534wjc.9.1406582266466; Mon, 28 Jul 2014 14:17:46 -0700 (PDT)
Received: by 10.194.110.6 with HTTP; Mon, 28 Jul 2014 14:17:46 -0700 (PDT)
In-Reply-To: <CABqy+so=yV9Gp8aCp3cJ8wQRmd6JC-J9raEzgw1c1UDdFT2=JQ@mail.gmail.com>
References: <7C3D5CF9-2B17-4953-A13D-C5E7226D13E7@ieca.com> <CABqy+so=yV9Gp8aCp3cJ8wQRmd6JC-J9raEzgw1c1UDdFT2=JQ@mail.gmail.com>
Date: Mon, 28 Jul 2014 14:17:46 -0700
Message-ID: <CABkgnnX4zU8kxKK=4HTyFyX-uxpujEkNcXfcDmt0CHwfF+q-BA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Robert Ransom <rransom.8774@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/r23b0RDDC4VPOl9XFdzKWKo5KLI
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] tls 1.3: renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jul 2014 21:17:51 -0000
On 25 July 2014 12:27, Robert Ransom <rransom.8774@gmail.com> wrote: > In addition, I believe that it is not possible for the WG to make an > informed decision as to whether renegotiation should be removed at > this time: > > * The rekeying feature and client-initiated client authentication > feature have not been specified yet, even to the point of stating > the requirements which each feature will meet. It is not possible > for the WG to determine whether the features intended to replace > these two uses of renegotiation will be fit for their intended > purposes at this time. We had a good discussion about these in Toronto. On rekeying, there are concerns about how much we might want to make changeable; offline discussions about the complexity/value trade-off space between simple rekeying (as I have proposed) and something more complete like a full DH exchange was quite enlightening. We've talked quite a bit about spontaneous client authentication (though we might talk about client-initiated authentication, that implies a solution and so I think that is the wrong focus for the discussion). The problem as always is that the defense of renegotiation is largely based on its existence alone. That defense would be stronger if there it were based on use cases. I don't find arguments from inertia ("it exists", or "it's easy") to be at all persuasive. Saying "it can be fixed" is actively detrimental to the case. Arguments in the form "I need to do X and in order to do X I need renegotiation" are far better. They are testable. Andrei's concerns are a good example of this. We might disagree on the subjective elements, but that's a good starting point.
- [TLS] tls 1.3: renegotiation Sean Turner
- Re: [TLS] tls 1.3: renegotiation Robert Ransom
- Re: [TLS] tls 1.3: renegotiation Martin Thomson
- Re: [TLS] tls 1.3: renegotiation Andrei Popov
- Re: [TLS] tls 1.3: renegotiation Martin Thomson
- Re: [TLS] tls 1.3: renegotiation Robert Ransom
- Re: [TLS] tls 1.3: renegotiation Andrei Popov
- Re: [TLS] tls 1.3: renegotiation Martin Thomson
- Re: [TLS] tls 1.3: renegotiation Martin Thomson
- Re: [TLS] tls 1.3: renegotiation Nikos Mavrogiannopoulos