Re: [TLS] Issue 471: Relax requirement to invalidate sessions on fatal errors
Benjamin Kaduk <bkaduk@akamai.com> Tue, 24 May 2016 23:23 UTC
Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6CFC12B04A for <tls@ietfa.amsl.com>; Tue, 24 May 2016 16:23:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.127
X-Spam-Level:
X-Spam-Status: No, score=-4.127 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ia6lskbH2rWA for <tls@ietfa.amsl.com>; Tue, 24 May 2016 16:23:11 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [23.79.238.175]) by ietfa.amsl.com (Postfix) with ESMTP id 9AE1A12D5C5 for <tls@ietf.org>; Tue, 24 May 2016 16:23:10 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id CBBB143342C; Tue, 24 May 2016 23:23:04 +0000 (GMT)
Received: from prod-mail-relay11.akamai.com (prod-mail-relay11.akamai.com [172.27.118.250]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id AA238433404; Tue, 24 May 2016 23:23:04 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1464132184; bh=/SQJgj5q4V5dlm5BWG70bYztQ4+wdD+4HCkBoVBBG8A=; l=2404; h=To:References:From:Date:In-Reply-To:From; b=FmyzFYzOGMBwCBSDc/AfXhB86E8lRVlUN52moqfnPL2cxbW7dS104eFPZgghjE+vJ GF0FYUqlraVa5Qlz0ooukrQSZQLnzm6mQbQE4tLY82X9beId/lQL2R9Oi6rpwuk9Zb jPSc1XjQqzS3EgMkPThU6zGFtn8lPS28IcSrgUyg=
Received: from [172.19.0.25] (bos-lpczi.kendall.corp.akamai.com [172.19.0.25]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id 1B4E71FC99; Tue, 24 May 2016 23:23:04 +0000 (GMT)
To: Yaron Sheffer <yaronf.ietf@gmail.com>, Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
References: <CABcZeBPmtcxks_8E3r6pN-NE+VL+FWU97DJVBwduHJQiVCXkPQ@mail.gmail.com> <57417AFC.7030702@gmail.com>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <5744E257.2020609@akamai.com>
Date: Tue, 24 May 2016 18:23:03 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <57417AFC.7030702@gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/tt_Pkl1UZddT-dkkAsdaT93539A>
Subject: Re: [TLS] Issue 471: Relax requirement to invalidate sessions on fatal errors
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2016 23:23:13 -0000
Version -13 includes neither the word "stateful" nor "stateless", so if Yaron's proposal is taken, it would be better to explicitly refer to session tickets or ID-based resumption (with appropriate citations). That said, I'm not sure I see the need for a normative requirement on the server; we could note that the previous version required session invalidation and clients should not expect to be able to reuse sessions in this state, and leave it at that. (Or do that and drop to a MAY be invalidated.) -Ben On 05/22/2016 04:25 AM, Yaron Sheffer wrote: > This still makes the *stateful* implementation much more deterministic > and those implementations are common enough. So how about: > > Alert messages with a level of fatal result in the immediate > termination of the connection. In this case, other connections > corresponding to the session may continue, but the session identifier > MUST be invalidated, preventing the failed session from being used to > establish new connections. This requirement does not apply when the > server's implementation of session resumption is stateless. > > Thanks, > Yaron > > On 22/05/16 01:11, Eric Rescorla wrote: >> https://github.com/tlswg/tls13-spec/issues/471 >> >> >> http://tlswg.github.io/tls13-spec/#alert-protocol says: >> >> "Alert messages with a level of fatal result in the immediate >> termination of the connection. In this case, other connections >> corresponding to the session may continue, but the session identifier >> MUST be invalidated, preventing the failed session from being used to >> establish new connections." >> >> However, this is not consistent with a stateless implementation of >> session tickets. >> RFC5077 is a bit handwavy on this but implies that you shouldn't do this >> with tickets >> (see also [SBR04] for discussion of this). I propose we remove this >> requirement >> >> >> -Ekr >> >> >> [SBR04] Shacham, H., Boneh, D., and E. Rescorla, "Client-side >> caching for TLS", Transactions on Information and System >> Security (TISSEC) , Volume 7, Issue 4, November 2004. >> >> >> >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] Issue 471: Relax requirement to invalidate … Eric Rescorla
- Re: [TLS] Issue 471: Relax requirement to invalid… Yaron Sheffer
- Re: [TLS] Issue 471: Relax requirement to invalid… Benjamin Kaduk