Re: [TLS] Substitute for renegotiation in TLS 1.3
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Mon, 23 February 2015 11:45 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 907631A1A54 for <tls@ietfa.amsl.com>; Mon, 23 Feb 2015 03:45:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N1zZMMCHAzQq for <tls@ietfa.amsl.com>; Mon, 23 Feb 2015 03:45:16 -0800 (PST)
Received: from emh01.mail.saunalahti.fi (emh01.mail.saunalahti.fi [62.142.5.107]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41AF31A1A55 for <tls@ietf.org>; Mon, 23 Feb 2015 03:45:15 -0800 (PST)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh01.mail.saunalahti.fi (Postfix) with ESMTP id 991A9900A0; Mon, 23 Feb 2015 13:45:12 +0200 (EET)
Date: Mon, 23 Feb 2015 13:45:11 +0200
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Albe Laurenz <laurenz.albe@wien.gv.at>
Message-ID: <20150223114511.GA4033@LK-Perkele-VII>
References: <A737B7A37273E048B164557ADEF4A58B3659F13D@ntex2010i.host.magwien.gv.at>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <A737B7A37273E048B164557ADEF4A58B3659F13D@ntex2010i.host.magwien.gv.at>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/rtgY7diHJ1VL5wvQLzUIt8RjuI8>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Substitute for renegotiation in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Feb 2015 11:45:18 -0000
On Mon, Feb 23, 2015 at 10:46:29AM +0000, Albe Laurenz wrote: > While researching a renegotiation problem I saw that TLS 1.3 has done away > with this feature altogether. > > However, in a later commit > (https://github.com/tlswg/tls13-spec/commit/21099bc7ff338d8deae6c3ae832f03dff29840c2) > ChangeCipherSpec was removed, and I can neither find the discussion leading > to that nor any mention in the commit how "rekey" should be accomplished now. > > Does that mean that there is no possibility to renegotiate any more? > That would be unfortunate for my use case (encrypted database connections which > can last arbitrarily long). > Moreover, it would go against the consensus on the list, as quote above. Current editor's copy does not seem to have any way to rekey. However there is PR #94 about adding update protocol that can be used to rekey connections. The other parts of renegotiation are: - Changing server certificate (does not seem useful) - Changing connection parameters (does not seem useful) - Updating authentication (this was later regarded as dangerous). (There is PR #95[2] about "watered down" version of authentication. However I still view this as dangerous[1]). [1] E.g. Try to use it with HTTP/2 mid-connection and watch the things go wrong in possibly exploitable way... In multiplexed protocols, certificate changes need to be coordinated at higher layers. [2] Also, ugh, the PRs building on top of update (update-auth and update-resume) are a bit difficult to read due to duplicating changes later merged into editor's copy. -Ilari
- [TLS] Substitute for renegotiation in TLS 1.3 Albe Laurenz
- Re: [TLS] Substitute for renegotiation in TLS 1.3 Ilari Liusvaara
- Re: [TLS] Substitute for renegotiation in TLS 1.3 Albe Laurenz