[TLS] TLS 1.3 and existing drafts

Watson Ladd <watsonbladd@gmail.com> Fri, 28 March 2014 01:55 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id BCE431A0422 for <tls@ietfa.amsl.com>; Thu, 27 Mar 2014 18:55:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id HzvtWNKTq1I5 for <tls@ietfa.amsl.com>; Thu, 27 Mar 2014 18:55:53 -0700 (PDT)
Received: from mail-yk0-x22e.google.com (mail-yk0-x22e.google.com [IPv6:2607:f8b0:4002:c07::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 599E21A07B1 for <tls@ietf.org>; Thu, 27 Mar 2014 18:55:53 -0700 (PDT)
Received: by mail-yk0-f174.google.com with SMTP id 20so3170893yks.33 for <tls@ietf.org>; Thu, 27 Mar 2014 18:55:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=cP7RU6MfkcTJgMGpsVXwnXk3DLeNXdjOV86teFY2cfo=; b=slAhk9lJlC812XEK1jnAuntWN7SjtiavRyv6mdRIz9tfhu6C7aztRg2a+Qvy5XAyeJ ID7ZXv8HYDjxMCIp2U2dFpyrM5R6QZD47tNbdLjS2K1nTlI2N0ZxIrJcbx0hL9/6rWWo PNZwFeXOvxIj5cOY6kMwaWp7AMpyIhznptH2uGJWoH5Xu/MFbep75ZoWvgtrT+CDIFpI HAi4btD2C/UBOlt2WZWLWUMeGRHSSTlIYp37wdVdLpRSC7ZG6p8z8B4QAJGIxFaZ2jRW Dpx0VCIEx9a7Bt5Kv1MfiWUGFzw4uVY+SViHnPCKQ08P4W5I21iKqvMNpxOqlbsB2cjC 14gQ==
MIME-Version: 1.0
X-Received: by with SMTP id t67mr7080391yhp.86.1395971751217; Thu, 27 Mar 2014 18:55:51 -0700 (PDT)
Received: by with HTTP; Thu, 27 Mar 2014 18:55:51 -0700 (PDT)
Date: Thu, 27 Mar 2014 21:55:51 -0400
Message-ID: <CACsn0ckdJm=8i4D2SRfwL3kKdfdteCCHZaSQzNeebq-Xy1R9Ww@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/uPYLhOtlSpcODQavAw7VMY-ogjY
Subject: [TLS] TLS 1.3 and existing drafts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Mar 2014 01:55:55 -0000

Dear all:

draft-bhargavan-tls-session-hash-00.txt will likely need to be either
adopted or obviated (by making the required behavior mandatory) in TLS
1.3: it fixes a real problem, which even eliminating renegotiation
doesn't solve. (If we fix the handshake for TLS 1.3, we still need to
indicate this in case of fallback)

The proposed shift to AEAD schemes only seems to leave behind
draft-ietf-tls-encrypt-then-mac-00, unless this is being defined ala
AES+GCM, which I don't think it is.

In both cases, having two separate fixes, one in TLS 1.2, and one in
TLS 1.3 seems like a terrible idea. These drafts have not yet become
RFCs, but if we want to avoid having TLS 1.3 as a new version on the
wire, we should probably avoid having two distinct solutions for the
same problem.

Watson Ladd