Re: [TLS] Requiring that (EC)DHE public values be fresh
Scott Schmit <i.grok@comcast.net> Sat, 31 December 2016 15:29 UTC
Return-Path: <i.grok@comcast.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDD781293FE for <tls@ietfa.amsl.com>; Sat, 31 Dec 2016 07:29:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.8
X-Spam-Level:
X-Spam-Status: No, score=-5.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rrHfMYGarlX6 for <tls@ietfa.amsl.com>; Sat, 31 Dec 2016 07:29:33 -0800 (PST)
Received: from resqmta-ch2-04v.sys.comcast.net (resqmta-ch2-04v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BDE4124281 for <tls@ietf.org>; Sat, 31 Dec 2016 07:29:32 -0800 (PST)
Received: from resomta-ch2-19v.sys.comcast.net ([69.252.207.115]) by resqmta-ch2-04v.sys.comcast.net with SMTP id NLaqcOfr5GIgtNLbAczznO; Sat, 31 Dec 2016 15:29:32 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20161114; t=1483198172; bh=UiRIEG+pzeduOrhOBRqcVDXFVIKoxqX/MFb1BhCunNw=; h=Received:Received:Received:Received:Date:From:To:Subject: Message-ID:MIME-Version:Content-Type; b=FJlPIKA2Bdr6Qv8izwNCR4pZhIp239Q3ftYs3HdoCIDFl98iUMYF1VORNTYVbddew HCmelQs5lrAajP+/Uab1ubfhuakUbEE08HvSvORuDB/qzHAldCdLStJ6qNLbRKSZOh 6r7QoEzdQgfXvqiyxy+lf442Q2QIFbh0V38PypkNdPCrCB+DDVUfsYh6CPSdu8Q7sN cASOwI8caOAENF9my4ItyU7G0ezy2C7+HBHuUphO5d/O3ZH31QBeM+QYvfPcX+L6Ec yQRmnDbp/EsxN1ffE3YBI1rWZKwhtrzmzeI9XvAQj5dC10xzYoZUzw/oDpuzbMLpVl zLNn9uy2SuvRA==
Received: from odin.ULTHAR.us ([IPv6:2001:470:8c86:0:225:64ff:fe8b:c2f2]) by resomta-ch2-19v.sys.comcast.net with SMTP id NLazc7QXcJrRENLb3c9fqU; Sat, 31 Dec 2016 15:29:30 +0000
Received: from odin.ulthar.us (localhost [127.0.0.1]) by odin.ULTHAR.us (8.15.2/8.14.5) with ESMTP id uBVFTJCm023953 for <tls@ietf.org>; Sat, 31 Dec 2016 10:29:19 -0500
Received: (from draco@localhost) by odin.ulthar.us (8.15.2/8.15.2/Submit) id uBVFTJEm023952 for tls@ietf.org; Sat, 31 Dec 2016 10:29:19 -0500
Date: Sat, 31 Dec 2016 10:29:19 -0500
From: Scott Schmit <i.grok@comcast.net>
To: tls@ietf.org
Message-ID: <20161231152919.GA23861@odin.ULTHAR.us>
References: <CAMfhd9Urd1DWF9yhMdhvx1AcKyB4-E7Qy+tzqz_-1RpXR+Wp1w@mail.gmail.com> <20161229192845.201121A5D4@ld9781.wdf.sap.corp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20161229192845.201121A5D4@ld9781.wdf.sap.corp>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-CMAE-Envelope: MS4wfEco9Qz6lFabgZO7cBeVPBPfimCt/mXxFP6dOjZ8nUYEzglO4Pm8ygvPmCDmXsKDa66E11U33jdeOU0MsKPIH5gDcCctX8xmwZ5a39kutiAiE1uACggy v17caNf4gWv2E7E8doD+JIwBPMFTiab+uOo=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/taN-nuuTI85Di8DDdkavIaLqQyk>
Subject: Re: [TLS] Requiring that (EC)DHE public values be fresh
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Dec 2016 15:29:34 -0000
On Thu, Dec 29, 2016 at 08:28:45PM +0100, Martin Rex wrote: > Adam Langley wrote: > > Since this defeats forward security, and is clearly something that > > implementations of previous versions have done, this change > > specifically calls it out as a MUST NOT. Implementations would then be > > free to detect and reject violations of this. > > While you may have good intentions, the idea "and reject violations of this" > sounds like a bad idea to me. > > Now what does it mean when a _client_ that happens to connect to one > of these 14.4% Alexa top 1M sites that reuse ECDHE values, notices a > reuse of ECDHE on a repeated full handshake (which will not happen > immediately due to session caching&resumption). This would result > is random handshake failures (client aborting the TLS handshake). > The server doesn't know why the client chokes, only the client can > decided to retry, but this is unlikely to affect the servers approach > to reusing the (EC)DHE value at all. > > > So the only thing this will cause is headaches to users and support > folks. It will *NOT* improve the security by one iota. If we add an alert to be sent in this case, it would be possible for the server to know why the clients were disconnecting and resolve the issue. -- Scott Schmit
- Re: [TLS] Requiring that (EC)DHE public values be… Martin Rex
- [TLS] Requiring that (EC)DHE public values be fre… Adam Langley
- Re: [TLS] Requiring that (EC)DHE public values be… Stephen Farrell
- Re: [TLS] Requiring that (EC)DHE public values be… Eric Rescorla
- [TLS] cross-domain cache sharing and 0rtt (was: R… Stephen Farrell
- Re: [TLS] cross-domain cache sharing and 0rtt (wa… Eric Rescorla
- Re: [TLS] Requiring that (EC)DHE public values be… Adam Langley
- Re: [TLS] cross-domain cache sharing and 0rtt (wa… Adam Langley
- Re: [TLS] Requiring that (EC)DHE public values be… Brian Smith
- Re: [TLS] cross-domain cache sharing and 0rtt (wa… Ilari Liusvaara
- Re: [TLS] cross-domain cache sharing and 0rtt (wa… Richard Barnes
- Re: [TLS] cross-domain cache sharing and 0rtt Stephen Farrell
- Re: [TLS] cross-domain cache sharing and 0rtt Eric Rescorla
- Re: [TLS] cross-domain cache sharing and 0rtt Stephen Farrell
- Re: [TLS] cross-domain cache sharing and 0rtt Ilari Liusvaara
- Re: [TLS] cross-domain cache sharing and 0rtt Eric Rescorla
- Re: [TLS] cross-domain cache sharing and 0rtt Bill Frantz
- Re: [TLS] cross-domain cache sharing and 0rtt Stephen Farrell
- Re: [TLS] Requiring that (EC)DHE public values be… Scott Schmit
- Re: [TLS] Requiring that (EC)DHE public values be… Adam Langley
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Hugo Krawczyk
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Dan Brown
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Ilari Liusvaara
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Peter Gutmann
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Hugo Krawczyk
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Yoav Nir
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Eric Rescorla
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Ilari Liusvaara
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Eric Rescorla
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Yoav Nir
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Colm MacCárthaigh
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Adam Langley
- Re: [TLS] cross-domain cache sharing and 0rtt Benjamin Kaduk
- Re: [TLS] cross-domain cache sharing and 0rtt Ilari Liusvaara
- Re: [TLS] cross-domain cache sharing and 0rtt Martin Thomson
- Re: [TLS] cross-domain cache sharing and 0rtt Benjamin Kaduk
- Re: [TLS] cross-domain cache sharing and 0rtt Ilari Liusvaara
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Adam Langley
- Re: [TLS] [SUSPECTED URL!]Re: Requiring that (EC)… Kurt Roeckx