Re: [TLS] 0.5 RTT
Hugo Krawczyk <hugo@ee.technion.ac.il> Wed, 24 February 2016 03:48 UTC
Return-Path: <hugokraw@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD8011B436C for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 19:48:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jTfDFmplMCyA for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 19:48:47 -0800 (PST)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7663D1B4371 for <tls@ietf.org>; Tue, 23 Feb 2016 19:48:47 -0800 (PST)
Received: by mail-lb0-x22f.google.com with SMTP id bc4so3202825lbc.2 for <tls@ietf.org>; Tue, 23 Feb 2016 19:48:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=mntcWolBdCm3Pl0RqPnPphkZauId3BPSKTkBj035h2o=; b=CoqiGJwHsVUGKwG3q36InZHr9zCECb9BOzzBZUlAPsrYpwyDaHLxQAVygQn1VYODgK LyPdvfVtuc4q8GL+zXe02TwsgVXpDGUAnWy8nyzwpMHCTEAfbX3KdMnAkOCbpFsItN85 +HNaRGG7RhnpvJbpqYF9V9W3tMAwl+uuYjQ9XsTJT8fq3k/J8dLGv4y7mG7zfpCS10CG 7ODMR8J6YapDHuNaeQEIWr+FKvIuuWzY0lQ8Va/+j4q1erFCcXwCukGYxW8plsQ9VZWn XdCSaMN5TvLozwWSpdqr+k5R9YnyTXNB+NmGgNdDbqOim40HfHJEnvWX/tNJAcp6EGQD +mTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=mntcWolBdCm3Pl0RqPnPphkZauId3BPSKTkBj035h2o=; b=ljbNBWm+8rx7jD4IybF5BxDEjf/LBKEincYeogi6vyYvqMP6k5pKjzhEnoQ2HFmIG3 wi/jH9qc6Kdn8VvzdXCyvxtqU3XXULJwsA8KnHR5DY71YcNF+bwvVBSilAZxil6p1AIy usrROoPQCtgpSn0fyDNHHJo7muvbbdCO28JcY6oG77SZ/dLFA+lkHb9JRB2G7NPtR34P NSXBluS+2SL3S5TLuMCO4+6oIJt8aqEnmfPLubc17vr+IG28UtpoXi+0sQx3+YULdwUI b6Kx16mgDJ5MVJm27bpBIE0QPCvK37I7NQV39ZDCkgaFJAZ1NtvVPYhdku87tecmZWMX /PwQ==
X-Gm-Message-State: AG10YORmrak60MtPuqQfSdz//qEZP0WXJEzYJAdZVEfZ+s5fg8h/g/s/Px7EZvQTYvZvpN+6BM8UfAxee/hXbA==
X-Received: by 10.112.168.5 with SMTP id zs5mr14343549lbb.56.1456285725382; Tue, 23 Feb 2016 19:48:45 -0800 (PST)
MIME-Version: 1.0
Sender: hugokraw@gmail.com
Received: by 10.25.31.18 with HTTP; Tue, 23 Feb 2016 19:48:15 -0800 (PST)
In-Reply-To: <CABkgnnXxbJt++RdkkTvXBCA9bXuUZv4invffqVDDNrpVuhUK5g@mail.gmail.com>
References: <CABkgnnW1LRhSA_i0nL=rDYnUwBZWg5dSys7yk6aDefYWptnpZQ@mail.gmail.com> <8FA1A0FD-B911-474F-AC08-6208A80EB980@gmail.com> <CADi0yUPOEL++R+_Nhy4NTfhzsA6UjbVbMAEiPx1Qg9+vPPHt7g@mail.gmail.com> <CABkgnnUHmtrRNnOyVXdOe-fnAcN7WVKfX=ycXiugV8A77OjQCQ@mail.gmail.com> <15C73D91-9CDD-488E-87AF-4EBB1C8202CB@gmail.com> <CABkgnnVxrpkMqdmV_JkMaEY39BZ=O07xeWcpod2fwRb3W4_sQA@mail.gmail.com> <CADi0yUN5b+CfzM-jH5xNL0dgU2u09OzmcUzV3uOwdEmP3wBr5A@mail.gmail.com> <CABkgnnXxbJt++RdkkTvXBCA9bXuUZv4invffqVDDNrpVuhUK5g@mail.gmail.com>
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Tue, 23 Feb 2016 22:48:15 -0500
X-Google-Sender-Auth: 8KCUWIUwcO39fYQOz1YAgCkM9-U
Message-ID: <CADi0yUNiDkw2Ynwe3AT0bsT3Lv4ZK2dy4Z1oEYTMC3gXz__J0w@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="001a11c2409a5a5d88052c7bf15a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/tkodeLK7o9b7Fb8JMvxlzmvSMOY>
Cc: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] 0.5 RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2016 03:48:49 -0000
I was trying to articulate what does the analysis in OPTLS that does not include the client's Finished message (or client authentication) means in practical terms for 0.5-RTT data. I think that one way to put it is that for the server it guarantees confidentiality against passive (only) attackers and for the client it provides data authentication (proof of origin and integrity). Note that confidentiality against passive attackers is the same type of assurance we provide to the encrypted server's identity. The same way a server needs to "understand" that any active attacker can learn its identity from a TLS handshake, it also needs to understand that 0.5 data is open to any active attacker. Any expectations of 0.5 data being directed to a specific client need to be eliminated. Hugo On Tue, Feb 23, 2016 at 5:52 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 23 February 2016 at 14:37, Hugo Krawczyk <hugo@ee.technion.ac.il> > wrote: > > It seems to imply that you are attaching some "client-specific semantics" > > even to keys that were not authenticated by the client. > > It's primarily a privacy concern, though it's a pretty weak concern. >
- [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Stephen Farrell
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT stephen.farrell
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Rex
- Re: [TLS] 0.5 RTT Martin Rex
- Re: [TLS] 0.5 RTT Antoine Delignat-Lavaud
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Eric Rescorla
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT Hugo Krawczyk