IETF Logo Mail Archive

Re: [TLS] Adoption call for draft-sy-tls-resumption-group

Erik Sy <sy@informatik.uni-hamburg.de> Tue, 16 April 2019 08:36 UTC

Return-Path: <sy@informatik.uni-hamburg.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B1C7120361 for <tls@ietfa.amsl.com>; Tue, 16 Apr 2019 01:36:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NAGT5Xx7F6ST for <tls@ietfa.amsl.com>; Tue, 16 Apr 2019 01:35:57 -0700 (PDT)
Received: from mailhost.informatik.uni-hamburg.de (mailhost.informatik.uni-hamburg.de [134.100.9.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 422BC120354 for <tls@ietf.org>; Tue, 16 Apr 2019 01:35:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailhost.informatik.uni-hamburg.de (Postfix) with ESMTP id 5CAAAFBC; Tue, 16 Apr 2019 10:35:55 +0200 (CEST)
X-Virus-Scanned: amavisd-new at informatik.uni-hamburg.de
Received: from mailhost.informatik.uni-hamburg.de ([127.0.0.1]) by localhost (mailhost.informatik.uni-hamburg.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id mCwhHm85YziZ; Tue, 16 Apr 2019 10:35:54 +0200 (CEST)
Received: from svs26.informatik.uni-hamburg.de (svs26.informatik.uni-hamburg.de [134.100.15.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: sy) by mailhost.informatik.uni-hamburg.de (Postfix) with ESMTPSA id 8647EFBB; Tue, 16 Apr 2019 10:35:53 +0200 (CEST)
Reply-To: sy@informatik.uni-hamburg.de
To: Martin Thomson <mt@lowentropy.net>, tls@ietf.org
References: <4f21da8a-a30c-4255-9400-aab3a599fb9b@www.fastmail.com> <9ae5725b-c0a7-4602-bd0a-da04509db62a@www.fastmail.com>
From: Erik Sy <sy@informatik.uni-hamburg.de>
Openpgp: preference=signencrypt
Autocrypt: addr=sy@informatik.uni-hamburg.de; prefer-encrypt=mutual; keydata= mQENBFdYdRoBCADpTVcxZw2Z+3IEm8QgmYNdzKQdCPnDm3mvV+dskI2vNuhAM7eTHE62Ibl8 TD08JJ0Q5DbaHLZBYZR7dVc6Vw+p5Ns5YM5MpDH4rcJTm9FR/QgJ94dH0dOKwtq9gMhLdlhV N0v/OgDb7YdfNYzhthVc3MUxBEznspDaBsGXCASM98SvCaovrhDU05OyIIq6yaIZc6W1ad8z oLn3kZ1O0NkJFuS2H6W1Sg6+af2980SagRTEntr/U6y9wKrKMr0woPBkgYjjivW31yRpjbW0 FClGr/WamdETrJFMTnn6Zc4tELj4pI5T/3jsSCuJ+Mf0fxGIoznG1xW09E5KoT4RBQZ7ABEB AAG0JkVyaWsgU3kgPHN5QGluZm9ybWF0aWsudW5pLWhhbWJ1cmcuZGU+iQFBBBMBCgArAhsD BQkFo5qABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCV8aJfQIZAQAKCRB4ziXHIWIRJSVz B/wJ1qq82vLrjp+4GOUJf3w23FGK3gtK0THs7VVwtZD+xRGYOzoMG+my0TscPZI5drHnZJeK vYmx+bz0IvJSW9DgYib5kUKtz2qPmj0HR6qW7o5opbIMWmkZJO0ACUEI3pAX+j7O3nEApijT 6dg3XhkLdRBgKVHD6x7n8a0ZbYEta6Co0vmPSpIU8XL1B0MmC9fC/L85kH3MBU0bNA4QU0b+ I9ojylgLnqHhIL39mqpJ/cRfCkuzWeeyFvvD+EGMBVxVKVu7ULNk4sKvqutsoYV6GQ7pAx+O pCKQO87M8aeMF7ytpQ67WGscqCO6IWO5tqDXX3aV9MCswPsuwn+PGjAguQENBFdYdRoBCADQ HO0cmKfEv9y5WW6sXJdnn7PEknFyiI9HoCULGVJi4vWyqYoQBGAM8wWRAVstm8zhqIWTlKR2 EntH6JBQB9dkUtmvuVRBBXs9SSloZU4R7SDysuTmDo3derqbIcomtyTkbfxYI50EQayL8TgR sA6jj9OJzyeywX3c+Nr6G8a0kVvCB97I1qLO5RA1tTIxTiXJMbL+E3CurUIMAakxbuqfH3SV mtH+lmlvGzvUF9mI4a5xti1Jkl/k6p2Q5z3nLt6MgkC9n47BSvrzelIr526FzNTamFIVb4fT /QnC33IydbaVQZaOYD9wi9dHTRBaeAF5a+zY5MCUu17GV3jR36SVABEBAAGJASUEGAECAA8F AldYdRoCGwwFCQWjmoAACgkQeM4lxyFiESV1zwf+PwKloXwIb7450kQq/OukJ90o9jkfGMz1 uC84E/HoYaz8KBUJVmx07zYi0zopAn2Pvh+HtTB6NzoGoRvmvajVa3lWRVeytgtJp+YqdcJq mKa+c1MsrJD2iMr3jMLB70bWT+GA8Moe1Slw4+/c+BndlwnfA5B54PVHjnZtaJDVsyVO1dnj gPReP6YNOQP/AgGexfSqUMYI/ni1QKwMT8e806hc48zT2A1ZnBit5PkGjzvQU0Qoel6Cwj3R uzZJgC5iEdX6kxMEOB0mD6zSKzBg4FNn2r3kUQ24IhbTuMm6/aCv6YlObR8HHkqXcQF6/BTH jlkuqsjIxOXZXqe4DeUnhw==
Message-ID: <2e691b63-2108-2d25-4b2d-7c56ce79d583@informatik.uni-hamburg.de>
Date: Tue, 16 Apr 2019 10:35:52 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <9ae5725b-c0a7-4602-bd0a-da04509db62a@www.fastmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vOE7Mlcphxf4DWBngRgaU4ULCJ4>
Subject: Re: [TLS] Adoption call for draft-sy-tls-resumption-group
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 08:36:00 -0000

Hi Martin,

can you please explain, why you think this is not the right solution?

To start the discussion, I provide below some insights on why I ended up
with this solution.

Question 1: Shall the problem be solved by a cross-layer solution or by
a TLS-only approach?

Arguments for a TLS-only approach:
+ It is simpler to solve the problem within TLS
+ TLS resumptions across SNI values are available for every use case of TLS
+ So far, there does not exist a mechanism in another protocol which can
be directly used to indicate feasible session resumptions across SNI values

Arguments for a cross-layer solution:
+ Context information of other protocols such as HTTP and IP can be used
to fine-tune resumptions across SNI values

Question 2: Shall the TLS resumption group be defined as a separate list
provided by the server or cover the entire SAN list of the certificate?
Note, that it is a strict requirement that resumptions across SNI values
are only conducted if the involved SNI values are valid for the server
certificate presented during the initial connection establishment.

Arguments for a separate list:
+ Flexibility, to define the resumption group without some entries of
the SAN list

Arguments for defining the resumption group as the entire SAN list:
+ smaller overhead in terms of data traffic
+ Simpler and hopefully avoids new security errors that implementations
allow to conduct session resumptions to illegitimate SNI values

Finally, I ended up with a TLS-only approach using the entire SAN list a
resumption group. However, I do not claim that the provided lists of
arguments are complete and would like to encourage you to contribute to
this list.

Thanks,
Erik


On 4/13/19 06:10, Martin Thomson wrote:
> I like the basic idea, but I don't think that this is the right solution.  I realize that we can adopt and fix, but I my preference is to have a little more time to discuss solutions before we adopt anything.
>
> On Sat, Apr 13, 2019, at 09:35, Christopher Wood wrote:
>> At TLS@IETF104, there was interest in the room to adopt 
>> draft-sy-tls-resumption-group as a WG item. The draft can be found here:
>>
>>     https://datatracker.ietf.org/doc/draft-sy-tls-resumption-group/
>>
>> This email starts the call for adoption. It will run until April 26, 
>> 2019. Please indicate whether or not you would like to see this draft 
>> adopted.
>>
>> Thanks,
>> Chris, Joe, and Sean
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email