Re: [TLS] Consensus call for keys used in handshake and data messages

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Fri, 17 June 2016 17:08 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5823912D7E5 for <tls@ietfa.amsl.com>; Fri, 17 Jun 2016 10:08:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bd752NCIbhCU for <tls@ietfa.amsl.com>; Fri, 17 Jun 2016 10:08:05 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0604.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::604]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C23F12D7CB for <tls@ietf.org>; Fri, 17 Jun 2016 10:08:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com; s=selector1-rhul-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=YMCiEeXtoWt9W/cck8LoNDEgksSJ8AQMtDXU7RFYcqo=; b=M68Wf9alzoWCXQId2bEklvHJ2lT1kp3wXO7csBcq1kS3wRqEnmIpSRHJ0pqmn75GgH32q4vEgYIo47r8HDIspUUMuIvsIvW3AGVgMfAf+eo0y3LPzTHuKTqpommv1ol0Co/VHO1VWJ41E+R10etNvaEqnULv45jVr2uyKVUDit4=
Received: from AM4PR03MB1811.eurprd03.prod.outlook.com (10.167.88.147) by AM4PR03MB1810.eurprd03.prod.outlook.com (10.167.88.146) with Microsoft SMTP Server (TLS) id 15.1.517.8; Fri, 17 Jun 2016 17:04:41 +0000
Received: from AM4PR03MB1811.eurprd03.prod.outlook.com ([10.167.88.147]) by AM4PR03MB1811.eurprd03.prod.outlook.com ([10.167.88.147]) with mapi id 15.01.0517.014; Fri, 17 Jun 2016 17:04:41 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, Yoav Nir <ynir.ietf@gmail.com>
Thread-Topic: [TLS] Consensus call for keys used in handshake and data messages
Thread-Index: AQHRyLpWJei848R7FkitH7EamdOzjw==
Date: Fri, 17 Jun 2016 17:04:41 +0000
Message-ID: <D389EC15.6EA58%kenny.paterson@rhul.ac.uk>
References: <CAOgPGoDRZdJN7DY10tDoEEidVkxeKabCcW_U3vQqaaH6x162gw@mail.gmail.com> <95ACB42E-A0FF-4E46-87E9-212DAF033F42@gmail.com> <20160614190144.GA9787@LK-Perkele-V2.elisa-laajakaista.fi>
In-Reply-To: <20160614190144.GA9787@LK-Perkele-V2.elisa-laajakaista.fi>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.4.160422
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [134.219.148.47]
x-ms-office365-filtering-correlation-id: ebcb9345-368c-4aa0-1d32-08d396d1797c
x-microsoft-exchange-diagnostics: 1; AM4PR03MB1810; 6:ENFlvLx3vi8hmGN8r61/ELDBR+NOeavSiROmZcxxuN7jCbybGQv96aB3oQoGvoVIn3bppkSt+ndBL200jmIQcohOzLZrQ15LUWcIjTOPMdRjvY9xGd9D4haaQ0hyrxRSvEUN/DW/eAEUkJu6BwXBr2LJdSLETS3rcMZxLvd0rz3PZtuhOX2h4F7tonhMMuU05cuUMUxZOGjqBGM96jYMwfM8mBpPiRhQGHe3yOWxbFShVBsNswiA8gbAxJy1E+l4t2+6XcQsK294aHEmAFFHSw0JbpHU7xq/3i/YMT9ij7s=; 5:YzgA/oBhyoZXNfj3LCAMQkoHneID1baj+3Vt2Bk+SA7T0yVo3TFLebwQOMcqLn6jGy2JmIpNa0QXsqp50S2EABYsLdbgkRmIOb9LsmlFsq5AKeT/S3qTpiTZoJYMSlEZDNaExafxAMU/36jSSczYJA==; 24:R21ckmRSb01JWwMPzA4N4byv7ycndglkvm9KRg75+Gd89xPrEux9b/MJ8ASQgtD1JYoy5ZeiF/hffRPAwzd0jXxnKUF1sTUty9hjmmlzpVk=; 7:qm+AxA0nDp7llyVW3Td+o8L81hckb52eaZDhBH3f1p3HZR3w4MtR2n/thnefFr/KYkPu1lqYUdqyQTeMNaSgFbXuDuuqwNX9/GEhmS2hp4MuxXczgMDJsLCpYE9cA6Al5hwDSxaU808ifwhr5esoePcN6ddBkBZULkL3u53AvQ/At6LMLvVLNDBKZa2rEJeOSZHGzi1JBnSicCn5DXxr0Q==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM4PR03MB1810;
x-microsoft-antispam-prvs: <AM4PR03MB18107205C03067785ED587D4BC570@AM4PR03MB1810.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:AM4PR03MB1810; BCL:0; PCL:0; RULEID:; SRVR:AM4PR03MB1810;
x-forefront-prvs: 09760A0505
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(189002)(24454002)(199003)(76176999)(50986999)(15650500001)(105586002)(5001770100001)(54356999)(10400500002)(5002640100001)(19580395003)(122556002)(97736004)(4001350100001)(19580405001)(101416001)(8936002)(2906002)(4326007)(81166006)(81156014)(7846002)(8676002)(77096005)(106116001)(2950100001)(87936001)(15975445007)(74482002)(2900100001)(106356001)(3846002)(11100500001)(102836003)(6116002)(3280700002)(3660700001)(5004730100002)(86362001)(66066001)(36756003)(83506001)(68736007)(189998001)(92566002)(586003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR03MB1810; H:AM4PR03MB1811.eurprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; CAT:NONE; LANG:en; CAT:NONE;
received-spf: None (protection.outlook.com: rhul.ac.uk does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <D7A028F6CF0DDB4D8433A3861882FB83@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2016 17:04:41.8328 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR03MB1810
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/v0Yr1F3CSk9hKOv2Jw-uHqM0rII>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Consensus call for keys used in handshake and data messages
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2016 17:08:08 -0000

Hi Ilari,

On 14/06/2016 20:01, "TLS on behalf of Ilari Liusvaara"
<tls-bounces@ietf.org on behalf of ilariliusvaara@welho.com> wrote:

>I too haven't seen an argument (or am I able to construct one
>myself) on why using the same key causes more issues than
>"more difficult for cryptographers" (without assumptions known
>to be false or cause severe problems no matter what).
>
>
>Such arguments could include e.g. crypto screw (no proof of
>exploitability needed), implementability, narrowing works-vs-
>correct gap, etc...
>
>
>About every other issue I could come up with, it seems to be just
>as bad with separate keys and public content types (except those
>ones that are just worse with public content types of course).
>

Since no-one else replied: it's a detailed technical issue about
constructing proofs of security. At a very high level, and at the risk of
over-simplifying, the more "key separation" you have, the easier it is to
get them to go through.

Maybe someone else who is more into the details than me can chime in with
the next-level explanation.

Cheers

Kenny 

>
>
>-Ilari
>
>_______________________________________________
>TLS mailing list
>TLS@ietf.org
>https://www.ietf.org/mailman/listinfo/tls