Re: [TLS] Proposed text for removing renegotiation
"henry.story@bblfish.net" <henry.story@bblfish.net> Wed, 02 July 2014 17:08 UTC
Return-Path: <henry.story@bblfish.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28DAB1B298C for <tls@ietfa.amsl.com>; Wed, 2 Jul 2014 10:08:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YNZoNYvyZIBo for <tls@ietfa.amsl.com>; Wed, 2 Jul 2014 10:08:52 -0700 (PDT)
Received: from mail-we0-f174.google.com (mail-we0-f174.google.com [74.125.82.174]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E8481A05C3 for <tls@ietf.org>; Wed, 2 Jul 2014 10:08:52 -0700 (PDT)
Received: by mail-we0-f174.google.com with SMTP id u57so11762184wes.33 for <tls@ietf.org>; Wed, 02 Jul 2014 10:08:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=J9TGNna+wczTdwqGKHnGGBkGvpp7BrGQPfU6IrnU5w4=; b=GB39MzT5mhnyRvc9N+WWniC/W9h848vJp3Bv3jCAjP71l5xPJpvIOBImmronyDKgbC 0akEABdiunjVSSOb8JF/8zSE5/a9N2croJzWFIPMapAIThPVAPuDm4/4gB7vYnvEt1cH 734h7nAOYNE0Qoi7vRdklAiPqTwwHQWKEpBnucRuda95rBsHSAAW15E3n30uy/6Md7ab rkZ3ZNwitHBgz5TkVDhu1qvyTIGQIEvzC1pkSZs6an6HF6yJE0nWi0jrsoWkUavLBtA0 BL2+xpI/WyzSNWiLL0wlioG/EHkuxFvCfwVaBr4IkCJkaAnvxbf3n+1Q5tPtEE0LTMRc ZyOw==
X-Gm-Message-State: ALoCoQkGoesBfyerfhhUwGznt+48wYK+l5ikqPvf8hL5whYejU/oIgNNKDVyHntxxko389RAADs0
X-Received: by 10.180.107.99 with SMTP id hb3mr5686405wib.8.1404320931012; Wed, 02 Jul 2014 10:08:51 -0700 (PDT)
Received: from [192.168.69.71] ([81.57.85.198]) by mx.google.com with ESMTPSA id m3sm57170413wik.7.2014.07.02.10.08.32 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 02 Jul 2014 10:08:37 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: "henry.story@bblfish.net" <henry.story@bblfish.net>
In-Reply-To: <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com>
Date: Wed, 02 Jul 2014 19:08:25 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <881AE87B-2120-4D41-AEAB-1E9B9EC26AE6@bblfish.net>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/tMDk-7yKoxxrh0LP7spbicmDOv0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jul 2014 17:08:55 -0000
On 9 Jun 2014, at 20:17, Martin Thomson <martin.thomson@gmail.com> wrote: > On 9 June 2014 00:34, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote: >> Could somebody elaborate on what is that issue and why does it need to >> be solved? (it is not even mentioned in the TLS 1.3 charter) As someone >> who follows the mailing list that proposal comes out of the blue with no >> context whatsoever. > > > I think that this has been covered in the thread, but piecemeal: > > * Renegotiation is a major source of security issues, both of the "we > screwed the TLS design up" sort and of the "my application didn't > realize that these things could change" sort. There is a clear desire > to remove features that enable either sort of problem. > > * Renegotiation is just more protocol complexity. Removing it > potentially makes implementations simpler. > > I think that either might be sufficient justification for removing the feature. > > However, a number of use cases depend on renegotiation to achieve > their ends. Of these, we have identified: > > * mid-session client authentication, which uses renegotiation seems to > only be used in HTTP As you know, but others may have missed, this is proving to be very useful to create distributed authentication, which can be used for distributed access control, which is what is needed to create a distributed secure social web, which is the best answer to problems Snowden revealed - which are inevitable when centralised services amass huge amounts of data on a huge number of individuals. In the WebID authentication over TLS spec as specified currently a server SHOULD use this renegotiation in order to provide a sensible user experience. http://www.w3.org/2005/Incubator/webid/spec/ The client side certificate features of TLS would be useless without reneg, because a server would always have to ask for the identity of the user, even if the user only asks for public resources. So given that there is a feature in TLS that is in fact useful to increase communication security by increasing secure p2p interaction on the most used protocol in the world ( HTTP ), I think we need to make absolutely sure that the removal of this feature is not going to remove the ability to do this distributed authentication. Otherwise one could argue that removal of this feature could be used to increase the surveillance state we are allready in (by removing a key feature that would enaple secure p2p communication). So I know there is http://tools.ietf.org/html/draft-thomson-tls-care-00 that could be deployed in conjunction with a "WWW-Authenticate: Certificate" HTTP headers to allow a client to ask the server that it be authenticated. [1] But is draft-thomson-tls-care going to be part of TLS1.3? Are we absolutely sure this will work? I'd say that one should not allow removal of TLS client renegotaiton unless one can be very clear that this is so. [1] http://lists.w3.org/Archives/Public/ietf-http-wg/2014JanMar/1039.html > > * very long-lived connections, which require renegotiation to re-key > occasionally > > The former we have decided to solve in HTTP. As a side note, we just > decided to forbid renegotiation in HTTP/2. > > The latter can be addressed by my proposal, or any of a number of mechanisms. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls Social Web Architect http://bblfish.net/
- [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andy Lutomirski
- Re: [TLS] Proposed text for removing renegotiation Martin Rex
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Daniel Kahn Gillmor
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andy Lutomirski
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Geoffrey Keating
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation Brian Sniffen
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation James Cloos
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation James Cloos
- Re: [TLS] Proposed text for removing renegotiation Martin Rex
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Paul Hoffman
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Steve Checkoway
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Daniel Kahn Gillmor
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation henry.story@bblfish.net
- Re: [TLS] Proposed text for removing renegotiation henry.story@bblfish.net