Re: [TLS] Consensus call for keys used in handshake and data messages
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Fri, 17 June 2016 17:08 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5823912D7E5 for <tls@ietfa.amsl.com>; Fri, 17 Jun 2016 10:08:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bd752NCIbhCU for <tls@ietfa.amsl.com>; Fri, 17 Jun 2016 10:08:05 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0604.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::604]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C23F12D7CB for <tls@ietf.org>; Fri, 17 Jun 2016 10:08:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com; s=selector1-rhul-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=YMCiEeXtoWt9W/cck8LoNDEgksSJ8AQMtDXU7RFYcqo=; b=M68Wf9alzoWCXQId2bEklvHJ2lT1kp3wXO7csBcq1kS3wRqEnmIpSRHJ0pqmn75GgH32q4vEgYIo47r8HDIspUUMuIvsIvW3AGVgMfAf+eo0y3LPzTHuKTqpommv1ol0Co/VHO1VWJ41E+R10etNvaEqnULv45jVr2uyKVUDit4=
Received: from AM4PR03MB1811.eurprd03.prod.outlook.com (10.167.88.147) by AM4PR03MB1810.eurprd03.prod.outlook.com (10.167.88.146) with Microsoft SMTP Server (TLS) id 15.1.517.8; Fri, 17 Jun 2016 17:04:41 +0000
Received: from AM4PR03MB1811.eurprd03.prod.outlook.com ([10.167.88.147]) by AM4PR03MB1811.eurprd03.prod.outlook.com ([10.167.88.147]) with mapi id 15.01.0517.014; Fri, 17 Jun 2016 17:04:41 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, Yoav Nir <ynir.ietf@gmail.com>
Thread-Topic: [TLS] Consensus call for keys used in handshake and data messages
Thread-Index: AQHRyLpWJei848R7FkitH7EamdOzjw==
Date: Fri, 17 Jun 2016 17:04:41 +0000
Message-ID: <D389EC15.6EA58%kenny.paterson@rhul.ac.uk>
References: <CAOgPGoDRZdJN7DY10tDoEEidVkxeKabCcW_U3vQqaaH6x162gw@mail.gmail.com> <95ACB42E-A0FF-4E46-87E9-212DAF033F42@gmail.com> <20160614190144.GA9787@LK-Perkele-V2.elisa-laajakaista.fi>
In-Reply-To: <20160614190144.GA9787@LK-Perkele-V2.elisa-laajakaista.fi>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.4.160422
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [134.219.148.47]
x-ms-office365-filtering-correlation-id: ebcb9345-368c-4aa0-1d32-08d396d1797c
x-microsoft-exchange-diagnostics: 1; AM4PR03MB1810; 6:ENFlvLx3vi8hmGN8r61/ELDBR+NOeavSiROmZcxxuN7jCbybGQv96aB3oQoGvoVIn3bppkSt+ndBL200jmIQcohOzLZrQ15LUWcIjTOPMdRjvY9xGd9D4haaQ0hyrxRSvEUN/DW/eAEUkJu6BwXBr2LJdSLETS3rcMZxLvd0rz3PZtuhOX2h4F7tonhMMuU05cuUMUxZOGjqBGM96jYMwfM8mBpPiRhQGHe3yOWxbFShVBsNswiA8gbAxJy1E+l4t2+6XcQsK294aHEmAFFHSw0JbpHU7xq/3i/YMT9ij7s=; 5:YzgA/oBhyoZXNfj3LCAMQkoHneID1baj+3Vt2Bk+SA7T0yVo3TFLebwQOMcqLn6jGy2JmIpNa0QXsqp50S2EABYsLdbgkRmIOb9LsmlFsq5AKeT/S3qTpiTZoJYMSlEZDNaExafxAMU/36jSSczYJA==; 24:R21ckmRSb01JWwMPzA4N4byv7ycndglkvm9KRg75+Gd89xPrEux9b/MJ8ASQgtD1JYoy5ZeiF/hffRPAwzd0jXxnKUF1sTUty9hjmmlzpVk=; 7:qm+AxA0nDp7llyVW3Td+o8L81hckb52eaZDhBH3f1p3HZR3w4MtR2n/thnefFr/KYkPu1lqYUdqyQTeMNaSgFbXuDuuqwNX9/GEhmS2hp4MuxXczgMDJsLCpYE9cA6Al5hwDSxaU808ifwhr5esoePcN6ddBkBZULkL3u53AvQ/At6LMLvVLNDBKZa2rEJeOSZHGzi1JBnSicCn5DXxr0Q==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM4PR03MB1810;
x-microsoft-antispam-prvs: <AM4PR03MB18107205C03067785ED587D4BC570@AM4PR03MB1810.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:AM4PR03MB1810; BCL:0; PCL:0; RULEID:; SRVR:AM4PR03MB1810;
x-forefront-prvs: 09760A0505
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(189002)(24454002)(199003)(76176999)(50986999)(15650500001)(105586002)(5001770100001)(54356999)(10400500002)(5002640100001)(19580395003)(122556002)(97736004)(4001350100001)(19580405001)(101416001)(8936002)(2906002)(4326007)(81166006)(81156014)(7846002)(8676002)(77096005)(106116001)(2950100001)(87936001)(15975445007)(74482002)(2900100001)(106356001)(3846002)(11100500001)(102836003)(6116002)(3280700002)(3660700001)(5004730100002)(86362001)(66066001)(36756003)(83506001)(68736007)(189998001)(92566002)(586003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR03MB1810; H:AM4PR03MB1811.eurprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; CAT:NONE; LANG:en; CAT:NONE;
received-spf: None (protection.outlook.com: rhul.ac.uk does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <D7A028F6CF0DDB4D8433A3861882FB83@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2016 17:04:41.8328 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR03MB1810
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/v0Yr1F3CSk9hKOv2Jw-uHqM0rII>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Consensus call for keys used in handshake and data messages
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2016 17:08:08 -0000
Hi Ilari, On 14/06/2016 20:01, "TLS on behalf of Ilari Liusvaara" <tls-bounces@ietf.org on behalf of ilariliusvaara@welho.com> wrote: >I too haven't seen an argument (or am I able to construct one >myself) on why using the same key causes more issues than >"more difficult for cryptographers" (without assumptions known >to be false or cause severe problems no matter what). > > >Such arguments could include e.g. crypto screw (no proof of >exploitability needed), implementability, narrowing works-vs- >correct gap, etc... > > >About every other issue I could come up with, it seems to be just >as bad with separate keys and public content types (except those >ones that are just worse with public content types of course). > Since no-one else replied: it's a detailed technical issue about constructing proofs of security. At a very high level, and at the risk of over-simplifying, the more "key separation" you have, the easier it is to get them to go through. Maybe someone else who is more into the details than me can chime in with the next-level explanation. Cheers Kenny > > >-Ilari > >_______________________________________________ >TLS mailing list >TLS@ietf.org >https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] Consensus call for keys used in handsha… Eric Rescorla
- Re: [TLS] Consensus call for keys used in handsha… Will Serumgard
- Re: [TLS] Consensus call for keys used in handsha… Björn Tackmann
- Re: [TLS] Consensus call for keys used in handsha… Subodh Iyengar
- Re: [TLS] Consensus call for keys used in handsha… Ilari Liusvaara
- Re: [TLS] Consensus call for keys used in handsha… Dave Garrett
- Re: [TLS] Consensus call for keys used in handsha… Colm MacCárthaigh
- Re: [TLS] Consensus call for keys used in handsha… Eric Rescorla
- Re: [TLS] Consensus call for keys used in handsha… Daniel Kahn Gillmor
- Re: [TLS] Consensus call for keys used in handsha… Hugo Krawczyk
- Re: [TLS] Consensus call for keys used in handsha… Martin Rex
- Re: [TLS] Consensus call for keys used in handsha… Paterson, Kenny
- Re: [TLS] Consensus call for keys used in handsha… Paterson, Kenny
- Re: [TLS] Consensus call for keys used in handsha… Ilari Liusvaara
- Re: [TLS] Consensus call for keys used in handsha… Daniel Kahn Gillmor
- Re: [TLS] Consensus call for keys used in handsha… Hubert Kario
- Re: [TLS] Consensus call for keys used in handsha… Dave Garrett
- Re: [TLS] Consensus call for keys used in handsha… Daniel Kahn Gillmor
- Re: [TLS] Consensus call for keys used in handsha… Nick Sullivan
- Re: [TLS] Consensus call for keys used in handsha… Dan Harkins
- Re: [TLS] Consensus call for keys used in handsha… Ilari Liusvaara
- Re: [TLS] Consensus call for keys used in handsha… Daniel Kahn Gillmor
- Re: [TLS] Consensus call for keys used in handsha… Yoav Nir
- Re: [TLS] Consensus call for keys used in handsha… Nikos Mavrogiannopoulos
- Re: [TLS] Consensus call for keys used in handsha… Benjamin Dowling
- Re: [TLS] Consensus call for keys used in handsha… Ilari Liusvaara
- Re: [TLS] Consensus call for keys used in handsha… Felix Günther
- Re: [TLS] Consensus call for keys used in handsha… Björn Tackmann
- Re: [TLS] Consensus call for keys used in handsha… Martin Thomson
- Re: [TLS] Consensus call for keys used in handsha… Yoav Nir
- Re: [TLS] Consensus call for keys used in handsha… Watson Ladd
- Re: [TLS] Consensus call for keys used in handsha… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Consensus call for keys used in handsha… Henrik Grubbström
- Re: [TLS] Consensus call for keys used in handsha… Hannes Mehnert
- Re: [TLS] Consensus call for keys used in handsha… Cas Cremers
- Re: [TLS] Consensus call for keys used in handsha… Eric Rescorla
- [TLS] Consensus call for keys used in handshake a… Joseph Salowey
- Re: [TLS] Consensus call for keys used in handsha… Andrei Popov
- Re: [TLS] Consensus call for keys used in handsha… Karthikeyan Bhargavan