Re: [TLS] Followup on Update
Eric Rescorla <ekr@rtfm.com> Wed, 25 February 2015 02:01 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3CFE1A88BE for <tls@ietfa.amsl.com>; Tue, 24 Feb 2015 18:01:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ag3O_JfaC-l0 for <tls@ietfa.amsl.com>; Tue, 24 Feb 2015 18:01:28 -0800 (PST)
Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7627A1A88A3 for <tls@ietf.org>; Tue, 24 Feb 2015 18:01:27 -0800 (PST)
Received: by mail-wi0-f181.google.com with SMTP id r20so1682660wiv.2 for <tls@ietf.org>; Tue, 24 Feb 2015 18:01:26 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Q69B03nzJB0hKCpMSn+WiV6zlSCTiIMyggWsWk2ZDgE=; b=PMF+Gb0mdrzwuThp6ahIHYckQqWqvmwgWuVwHkNqpf0hSerC+annlPzrGUI1ulNGoS 2zsFa/YDF3z4vW6l0SKGKRaSyXtR48UV31Q1NRfuZHfwmpthWZ6x1KaN4EC9/T0i8cvF 9x0Ab1SP29rY4pURYJAKFF/7Sp/1p+I86bNulg3S7AE0UN/ibTw1UDaTP43k2dq5JbwY ftqTYqSwGfqFZTEztrTvKBxRBPi+UDC80q2yGARuSbwEHK0/ICIlaraLm7Urzs3W5q9D QcvZ4TerS3KzSkTRwSttZ6y6TSYePqVe9GM3FW0AbqJnv5gXuSJkSn4eOiSU009ArzgA yMLw==
X-Gm-Message-State: ALoCoQl0PX8o/1xci345x/KfN+Zw7l6HWpPmSNLGO5nYNWNUpoQN42I9mgmnprJ/jw3DbjD75brq
X-Received: by 10.194.235.71 with SMTP id uk7mr1466762wjc.13.1424829686230; Tue, 24 Feb 2015 18:01:26 -0800 (PST)
MIME-Version: 1.0
Received: by 10.27.214.203 with HTTP; Tue, 24 Feb 2015 18:00:46 -0800 (PST)
In-Reply-To: <201502242043.50128.davemgarrett@gmail.com>
References: <CABcZeBNLe+ffTPVi=i5xHCPL=eEKfM++RhjAf05S_sRwaAB72A@mail.gmail.com> <201502242043.50128.davemgarrett@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 24 Feb 2015 18:00:46 -0800
Message-ID: <CABcZeBPGBe_S=7vUv8DPOD-1DM73xAkFDG4bJmP2Twc+9Wj2=w@mail.gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: multipart/alternative; boundary="089e01493afa504470050fe00351"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/tII4piKXbTn3Cz5L_ERaLUrFmk8>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Followup on Update
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2015 02:01:30 -0000
On Tue, Feb 24, 2015 at 5:43 PM, Dave Garrett <davemgarrett@gmail.com> wrote: > On Tuesday, February 24, 2015 07:44:22 pm Eric Rescorla wrote: > > Folks, > > > > I'd like to get a sense of the WG on whether they want to pursue the > Update > > mechanism [0]. > > > > There are several possibilities here, including: > > > > - Just do basic Update > > - Move session ticket establishment to Update > > - Mode client authentication to Update > > > > My sense from the discussion in HNL was that people were generally > > positive on basic Update and unsure on the other two. If that's right, > > I'll buff up PR#94 for merge into the spec (pending chair approval). > > > > Thanks, > > -Ekr > > > > > > [0] See https://github.com/tlswg/tls13-spec/pull/94 for a WIP > > version of the basic mechanism. > > The current proposal says: > > "An implementation MAY send an UpdateRekey at any time after > the handshake completes." > > Is there a particular reason to not just have an automatic rekey at > semi-regular intervals? So, every N records or M minutes (or whichever > comes first) an endpoint must send a rekey, and then after a similarly > measured interval the other endpoint sends a rekey; repeat ad infinitum. It's not entirely clear that we know how to design a good heuristic here, especially one that covers the entire range of possible algorithms. As a minor nit, it's kind of a pain to say every M minutes because often TLS stacks are driven by the application and don't have internal timers, but you could of course say "first record after M minutes" which would (probably) be close enough. > This would also ensure entropy for rekeying comes from both endpoints > equally over the course of the connection. Can you explain more about why that's an important consideration? > I would expect it would be better to not rely on implementations all > designing their own heuristics on when to send rekey updates, and also > would avoid multiple updates being sent at the same time by each endpoint > (and the possible pitfalls of doing so) The algorithm in this document is intended to be safe in the case of both simultaneous and (I believe) pipelined updates. I'd be interested in knowing if it's not. -Ekr
- [TLS] Followup on Update Eric Rescorla
- Re: [TLS] Followup on Update Dave Garrett
- Re: [TLS] Followup on Update Eric Rescorla
- Re: [TLS] Followup on Update Martin Thomson
- Re: [TLS] Followup on Update Dave Garrett
- Re: [TLS] Followup on Update Ilari Liusvaara
- Re: [TLS] Followup on Update Watson Ladd
- Re: [TLS] Followup on Update Joseph Salowey
- Re: [TLS] Followup on Update Eric Rescorla
- Re: [TLS] Followup on Update Dave Garrett