Re: [TLS] 0.5 RTT
Martin Thomson <martin.thomson@gmail.com> Tue, 23 February 2016 22:08 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDDF81A885D for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 14:08:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yR4IK_Yq1HFO for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 14:08:22 -0800 (PST)
Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DAEA1B3472 for <tls@ietf.org>; Tue, 23 Feb 2016 14:08:22 -0800 (PST)
Received: by mail-io0-x236.google.com with SMTP id g203so3945270iof.2 for <tls@ietf.org>; Tue, 23 Feb 2016 14:08:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=66ydGXZPxd/ImX+ka+tvveFdD5O20CdW7fYFLN+WKBg=; b=Fr/F4o/pWL4Ki4afvuUe/konxTxtQy98FaaEY7SlP5I375VviDoIWIlmF/LANm76tt 7AV98JFfPojIQwpxc0r5T3MzLwZnzNK5B74uWDJ3AHAPg2OJilA59OUzVLirxANlAvVb /0D+LNCz2QEiTARxIKt6LQR8JkfLj8o+nsvLfrLB26Doc5eAGkGIU08cHafAZrIcUhp8 r9eSoiaCiW5LhyvuyvqyRfV+PEaMLZKT1xow1e/ra9Cdz3sDiWDpbqfn7ReWT6zkG2Qm DtYSRewrjXlYxAnpmYHiSuS0nPy/pN2iI++9UXQNcJdJbdF2X/WwddlOZZ0+EQfnvzg7 7yLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=66ydGXZPxd/ImX+ka+tvveFdD5O20CdW7fYFLN+WKBg=; b=hFoGDoAEEoNC9uYhEq7sSZ/Q5d3Xv3fCYUYBmN86ln018UHlfiPk/0cYhXHNeUTTW/ kv/s5HKuXjEsZRQv5larN7e9VO7jQKCIXQENOg+998zW54ISA2HIxr1TdcRv9t9o6tlm DK5Es6clesGA5RsEFEYp63J2NbxlSmi3djggRl5xXQYr1vH53rMl8MfGS9T3Q2rBJ1aK 3qZCIml5OcOKkwWmeJPiHsdLCZ6FwsECE+y25X60DLPTfMcm4QtKO0668XDKY9dWJ/fV A2sONqfMU9XHJzR284uz1X62c2xAwXl5Xttg5as48Yo3SdgnBUAtXB+I405eNhrvX1QC mTOw==
X-Gm-Message-State: AG10YORbIiXoyWOTm1b209iXFiVU7YUxjniSw+yYphzKhHAa77gCjTm0t8Aa7liWx5c6M68IP1e+KNwOzLZ66w==
MIME-Version: 1.0
X-Received: by 10.107.131.27 with SMTP id f27mr38256017iod.190.1456265301715; Tue, 23 Feb 2016 14:08:21 -0800 (PST)
Received: by 10.36.53.79 with HTTP; Tue, 23 Feb 2016 14:08:21 -0800 (PST)
In-Reply-To: <15C73D91-9CDD-488E-87AF-4EBB1C8202CB@gmail.com>
References: <CABkgnnW1LRhSA_i0nL=rDYnUwBZWg5dSys7yk6aDefYWptnpZQ@mail.gmail.com> <8FA1A0FD-B911-474F-AC08-6208A80EB980@gmail.com> <CADi0yUPOEL++R+_Nhy4NTfhzsA6UjbVbMAEiPx1Qg9+vPPHt7g@mail.gmail.com> <CABkgnnUHmtrRNnOyVXdOe-fnAcN7WVKfX=ycXiugV8A77OjQCQ@mail.gmail.com> <15C73D91-9CDD-488E-87AF-4EBB1C8202CB@gmail.com>
Date: Tue, 23 Feb 2016 14:08:21 -0800
Message-ID: <CABkgnnVxrpkMqdmV_JkMaEY39BZ=O07xeWcpod2fwRb3W4_sQA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/tqLFDuUja-sQD9AUmhQEli43mrA>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] 0.5 RTT
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2016 22:08:23 -0000
On 23 February 2016 at 14:01, Karthikeyan Bhargavan <karthik.bhargavan@gmail.com> wrote: > The main downgrade concern, I think, is for the 0.5-RTT data’s confidentiality; i.e. it may have been sent encrypted under a broken cipher. Hmm, that's a good point. So Antoine's analogy is closer to correct than I had thought, and the need for Finished remains. There's an argument that says that 0.5RTT data isn't confidential because the server would send it to anyone, but I don't agree with that viewpoint. And we're potentially also handling 0-RTT data before sending 0.5 data. Like I said on the weekend, we don't have to solve every problem. None of the cipher suites in TLS 1.3 would fail to qualify as broken currently, but if they did, then logic similar to what we recommend for false start seems reasonable to me. Other than that, we can simply document the shortcoming. I don't think that any of this justifies a stronger response than that, and that includes extra key updates.
- [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT Karthikeyan Bhargavan
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Thomson
- Re: [TLS] 0.5 RTT Stephen Farrell
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT stephen.farrell
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Martin Rex
- Re: [TLS] 0.5 RTT Martin Rex
- Re: [TLS] 0.5 RTT Antoine Delignat-Lavaud
- Re: [TLS] 0.5 RTT Hugo Krawczyk
- Re: [TLS] 0.5 RTT Eric Rescorla
- Re: [TLS] 0.5 RTT Watson Ladd
- Re: [TLS] 0.5 RTT Hugo Krawczyk