Re: [TLS] Doing without renegotiation
Henrick Hellström <henrick@streamsec.se> Thu, 17 April 2014 05:44 UTC
Return-Path: <henrick@streamsec.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01FC91A03E8 for <tls@ietfa.amsl.com>; Wed, 16 Apr 2014 22:44:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.45
X-Spam-Level: *
X-Spam-Status: No, score=1.45 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J8zXPpPByNyK for <tls@ietfa.amsl.com>; Wed, 16 Apr 2014 22:44:01 -0700 (PDT)
Received: from vsp4.ballou.se (vsp4.ballou.se [91.189.40.102]) by ietfa.amsl.com (Postfix) with SMTP id 268B11A002A for <tls@ietf.org>; Wed, 16 Apr 2014 22:44:00 -0700 (PDT)
Received: from nmail1.ballou.se (unknown [10.0.0.116]) by vsp4.ballou.se (Halon Mail Gateway) with ESMTP for <tls@ietf.org>; Thu, 17 Apr 2014 07:40:56 +0200 (CEST)
Received: from [192.168.0.195] (c-a2c1e555.06-134-73746f39.cust.bredbandsbolaget.se [85.229.193.162]) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id 0F9C91DE66 for <tls@ietf.org>; Thu, 17 Apr 2014 07:43:55 +0200 (CEST)
Message-ID: <534F6A06.6090508@streamsec.se>
Date: Thu, 17 Apr 2014 07:43:34 +0200
From: Henrick Hellström <henrick@streamsec.se>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: tls@ietf.org
References: <20140417035011.GA25499@localhost>
In-Reply-To: <20140417035011.GA25499@localhost>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/vdJEGPdx_wFpykyPiQpyA4dtfhY
Subject: Re: [TLS] Doing without renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 05:44:03 -0000
On 2014-04-17 05:50, Nico Williams wrote: > My proposals: > > - For rekeying just introduce a CCS-like record whose purpose is to > indicate that the sender is changing to new keys on the send side. > The new keys are derived from the same master secret as the preceding > keys, in the same way, but with a counter appended to the "key > expansion" salt. > > There's no need to synchronize, but DTLS requires retransmission of > such messages else when dropped the recipient will not be able to > decrypt any subsequent messages. This might be an option if the purpose of the renegotiation is just to reduce the risk of state collisions in the bulk encryption cipher, but it is no replacement for renegotiation of DHE/ECDHE sessions in order to refresh the perfect forward secrecy.
- [TLS] Doing without renegotiation Nico Williams
- Re: [TLS] Doing without renegotiation Henrick Hellström
- Re: [TLS] Doing without renegotiation Yoav Nir
- Re: [TLS] Doing without renegotiation Nico Williams
- Re: [TLS] Doing without renegotiation Nico Williams
- Re: [TLS] Doing without renegotiation Watson Ladd
- Re: [TLS] Doing without renegotiation Martin Thomson
- Re: [TLS] Doing without renegotiation Martin Thomson