Re: [TLS] draft-dkg-tls-reject-static-dh
Töma Gavrichenkov <ximaera@gmail.com> Sat, 08 December 2018 16:49 UTC
Return-Path: <ximaera@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC2E9130E3B for <tls@ietfa.amsl.com>; Sat, 8 Dec 2018 08:49:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id slVQ1FLKN0tR for <tls@ietfa.amsl.com>; Sat, 8 Dec 2018 08:49:26 -0800 (PST)
Received: from mail-yb1-xb34.google.com (mail-yb1-xb34.google.com [IPv6:2607:f8b0:4864:20::b34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF793130DE8 for <tls@ietf.org>; Sat, 8 Dec 2018 08:49:26 -0800 (PST)
Received: by mail-yb1-xb34.google.com with SMTP id f9so54712ybm.13 for <tls@ietf.org>; Sat, 08 Dec 2018 08:49:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=trYe0eAPk5mi18jwA26uFPawKF1SAoi0qJlU2TuaNOI=; b=kf31EG98CxgcYW9bh1HKUx3PhdHP6+x+RyjtolNmG2VDu5uPGaRkUd947ZoSw/QyvB +jYvazswv9nakXRW9FKorjGNWdt0vaj3IEObdoVNt2JJacxeGE7Gn/aPHa2gCksDcEUP pMYp56aCCrhP8Lx6lNFsjg1REHUWq1vjjWUsARgqV+8WzIL9dU3JWJJmd46kHJ91chri kBrSC5LKko+X8lzms9eUDyA5vjViqWyub7Nk+L9OBhbvb2cuqZdex4AYz14v7BabN3I+ GtoYJH8dUjWOpItzkmHPYwijl6WX73kfS7ESAU6G1pjaFn5uxOOhmdarIiAovph+y0JM mFGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=trYe0eAPk5mi18jwA26uFPawKF1SAoi0qJlU2TuaNOI=; b=ru0pDPlbRu4zA7eaMEWGm0gKPqkXP2H20j7xzo3JRo23KNIe7icKzq79rAXxc66naY r/vNIwZ2vaFw2XqOjwf9ABhhI/LyWANp5mQE9DOOE8974fw9/+m4SmRXCHPGOE3zavtM /Us42RAStCYgvw7gewQ6ptSH0kvwNwpG1QO3c5nHcCfS2+C3dAejFK0XmFSOMOSblI9+ I5RnIZoDJB5nKFnx/xvwb8ZKOwMlpkMWcti8PTG4avYOIZpBo/iHOeJrmONoy9/k9cPO 13ztlpEI3CK1I4gXfbE9pccsLon2ao6dT0YAmPigaKYV0ClybBQhYCBtThkRn/jXLjSS 3fYw==
X-Gm-Message-State: AA+aEWbOSy5FWg5glf5sJZrQtq0wrrCz3WAeRefa/kycVz6EX87O2Fqq kY+0x3lVuA4Y3SaLrwebENDdvPiU6Nkj2Ipa/Yzd/MyA
X-Google-Smtp-Source: AFSGD/XjbCxFY+9lSKCLkiwhB/ZEVrc6MAX1L67Bpcvfg4+ig3TQFXICG3g0BhOGXv0ntIrjGs7ozrhRnO0Ic8Rub4c=
X-Received: by 2002:a5b:d06:: with SMTP id y6-v6mr6247754ybp.147.1544287765770; Sat, 08 Dec 2018 08:49:25 -0800 (PST)
MIME-Version: 1.0
References: <9a9be8fb-9667-0c6a-9fac-cc167f94599f@cs.tcd.ie> <1677fd00312.126588f7d311133.5876875696654149093@nerd.ninja> <9D8FEAB5-B06F-42B8-9C3C-B3E8CC4BAEF9@dukhovni.org> <1677fe8d22f.1122a5066314965.3351079353052065811@nerd.ninja>
In-Reply-To: <1677fe8d22f.1122a5066314965.3351079353052065811@nerd.ninja>
From: Töma Gavrichenkov <ximaera@gmail.com>
Date: Sat, 08 Dec 2018 19:49:14 +0300
Message-ID: <CALZ3u+b3dej3RDqNbk4grXFbrhYrhU4NwQkCbgMQavfEsKM_Kg@mail.gmail.com>
To: r@nerd.ninja
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/v_CqCy0UOfl_7_bsDaDThuB8Qfw>
Subject: Re: [TLS] draft-dkg-tls-reject-static-dh
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Dec 2018 16:49:29 -0000
On Wed, Dec 5, 2018 at 10:47 PM R duToit <r@nerd.ninja> wrote: > 2. The DoS (prevention) engineers should also weigh in on this. Would servers not start reusing TLS 1.3 keyshare values when under DoS attack? DDoS (mitigation) engineer here, I'll reiterate the idea I've raised before in quic-wg. The operation of a server (or a client, because a client could be attacked too) under a DDoS attack should be as close to a normal way of operation as possible. Every single case where it's different should be seen as opening a motivation for an attacker to hunt exactly for that difference. E.g. if you add RTTs under an attack, then an attacker can play with jitter, or make your server appear slower for clients than their server (assuming the attack is ordered by your market competition). (This is by the way the reason why fast open wasn't a nice idea from the DDoS mitigation perspective) So no. TLS keyshare reuse is visible from the attacker's point of view, so must not be done under a DDoS attack. | Töma Gavrichenkov | gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191 | mailto: ximaera@gmail.com | fb: ximaera | telegram: xima_era | skype: xima_era | tel. no: +7 916 515 49 58
- [TLS] draft-dkg-tls-reject-static-dh Stephen Farrell
- Re: [TLS] draft-dkg-tls-reject-static-dh R duToit
- Re: [TLS] draft-dkg-tls-reject-static-dh Viktor Dukhovni
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh R duToit
- Re: [TLS] draft-dkg-tls-reject-static-dh Daniel Kahn Gillmor
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann
- Re: [TLS] draft-dkg-tls-reject-static-dh Nico Williams
- Re: [TLS] draft-dkg-tls-reject-static-dh Daniel Kahn Gillmor
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann
- Re: [TLS] draft-dkg-tls-reject-static-dh Tony Arcieri
- Re: [TLS] draft-dkg-tls-reject-static-dh Töma Gavrichenkov
- Re: [TLS] draft-dkg-tls-reject-static-dh Peter Gutmann