[TLS] Frequent ephemeral Diffie-Hellman in long-term (D)TLS 1.3 connections replacing IPsec
John Mattsson <john.mattsson@ericsson.com> Fri, 29 January 2021 15:52 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E94AE3A1173 for <tls@ietfa.amsl.com>; Fri, 29 Jan 2021 07:52:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.351
X-Spam-Level:
X-Spam-Status: No, score=-2.351 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6_uKL_bpWe1M for <tls@ietfa.amsl.com>; Fri, 29 Jan 2021 07:52:04 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20050.outbound.protection.outlook.com [40.107.2.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B2A23A115C for <TLS@ietf.org>; Fri, 29 Jan 2021 07:52:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TZeoWqmD20PAmQKyL3+K9xbcPVUJlvC4B21nSy+ybin4qVltnpLBOWtt9qOZFmjJTdGJLrLrYIVIflZKg/wWD72uGk3Fukvg9J4r0gAuNp9J2wK3z5JkSjBcpm21vJzVeZVdspe3/FfrBU7o+m5cZvMt97xLxbyGVufLzmYYc6hagg3ChuoRu6pVjk26aVMxAfoKEoIXse0A+BZeap9i/0F0aJOsLp58oJ3/Z7EM4Y/QbQ+mbY72IVnYgJiI8KyP46prVLosv+hwvY8wMmUg0DaxXBX3VfxQctGXVWq5t5Smwbp2UwG9nUHjXbC4+HS7zI2Tkbn9YAMnMg0EZGnNEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pMt006Gtn3ufPmx/CgkpZ36U7BINyoohoZEyAg9ljHY=; b=gJRWnCX3MmnIe9mBBVpwFuNyoZkJ+L3IPJZQeuN2YFeDzv30XXyPzy3hOnearDosLUpvPCWNzVeQmiCAIhY757IlE9VhnWRakr84qoYk6kM94lqq1RgnhZpY/wa2+8lG9mktbw9ynb+A8ZONJKS8glgvE0Ar9h2HW4Jvtiet/vu5HhzD6BucmSoaqXfMSG5Z/4TPHbpb3LIpeyAotG6mG15TIYcyzvwPFjGcN2WD/EUzJOYKb7uoyVd+Jc6kqNwhGeZsMT0BvuqMYaIgrzjgzUfHRvWgHyQNF5tdlIc+iDL4fmsK/ZWFDnchPS/+VSrKLUOX0RlnKXGtv79GSDbP0A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pMt006Gtn3ufPmx/CgkpZ36U7BINyoohoZEyAg9ljHY=; b=MNW4AM0kh+by2e7ngO6LZTW9/OS0NMRm9M4cV8sI69TRNzbtBeEDuIS6+2IRxZqnenh+6AMoriPwBqGMMNXA5e3KpfbS5OtCINsCGSkUPkijvoopBp8DMwsxTZWM7ng+dq3koo8XulPbZMbwX2aQXxXTdW+rAENO/IeIhH91P8k=
Received: from (2603:10a6:3:4b::8) by HE1PR0701MB2826.eurprd07.prod.outlook.com (2603:10a6:3:4a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.5; Fri, 29 Jan 2021 15:51:58 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c555:6e47:970c:1268]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::c555:6e47:970c:1268%11]) with mapi id 15.20.3805.017; Fri, 29 Jan 2021 15:51:58 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "TLS@ietf.org" <TLS@ietf.org>
Thread-Topic: Frequent ephemeral Diffie-Hellman in long-term (D)TLS 1.3 connections replacing IPsec
Thread-Index: AQHW9latXxWCVa9XoUWGPfn8TWupiQ==
Date: Fri, 29 Jan 2021 15:51:58 +0000
Message-ID: <B6D23BB0-0E53-40FA-ADCB-CF9D0C402020@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.44.20121301
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 71b12df5-084f-4e5f-3cfc-08d8c46dcfb4
x-ms-traffictypediagnostic: HE1PR0701MB2826:
x-microsoft-antispam-prvs: <HE1PR0701MB2826E863CCF3DED67377075B89B99@HE1PR0701MB2826.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cDjlYVk+A75hsHUhwJ5+8MyYdgZs7WD07EP76wiVIDTwJKRVnS0VV5wR8yfIAYP6OQZApj/wIB6UYTyCgwAniT9HsV5l8IlcMRMnHIW88VyyImEAZ1hgbutOjppa2FkSwfqcAU9hO4BJo6axSQ9qQanpPXgZNeX3DyD3FClgWlRYGRTQ4n1cnTPZP6DvA8HPXzvNiHo2lMYAb9Z1Dq+hm/BYcZp4g79Ic8hTXlpCjtefa8S4MJucrQpjUtln409LaXNr4SB+yFcQc3EHMClA7eQP6AedjaglMGEd9rr/PNuIcLGWg23l8ebOi6L+hyx1ifBnMSek0eXcWqN93PBbfe2bHONcGgAlqeFmEu1CYIqmtPKvVd3U1X/9ACB/nJ8WVlTdl44D0Jxz8LeWBVMajmgUkAAWlme17nlvOMQLQHZiJxoGP7IQ+iGohh5hc8TjeRuHPzpyXnH3Iddp3RIhcvv85eVphLdcBxUPDXh5G3MkJ2fVeNZqMEy5NYhXs9wSH0lJ7eG0mnoNdHSWyvCDo1r/U9BcGg5bezl2b1XzfUqYJ3Bwc6+g4I2k0ahqFrojxwR/6Hlp0boXlyve2gd19w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(346002)(39860400002)(366004)(376002)(26005)(83380400001)(76116006)(66446008)(44832011)(86362001)(478600001)(316002)(6512007)(66556008)(66946007)(8676002)(5660300002)(66476007)(64756008)(33656002)(8936002)(2616005)(6506007)(2906002)(186003)(71200400001)(36756003)(6486002)(6916009)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 77x2qujDrvRcffjYNPHFLQ+OkshTbX+HmXNYLS9C1EmuASR9QOcdCZ4S9/q96+9A5/HVG5bK+JSlBjiIGuyRdDOVYSLtqAWKZkJVFdhYiz39i+W1SKFAJPUIsPeJAN6j/71/dd4iVCrGWFXzuhD/xbsY67xBJfHnnu+ldEUaXMjoOdoxZ1VJ8HM4If6PEW+uG6wU3kKGQO2NhaGLnYeJkuUm0QdmJMHE5gooeQ7U6ZJ61Tk7iRomCgLm3nz7V8BohLvAZLKrmDp0CjMRAjWfMQQ8ch8jfTxf6IvMCENjuCXNChQsKNDyPnTR/bPkhQH+xMvHeyzhZYSLkdWUcbq1wsEwqz8UQsQkdAFdiXLTTRghaZIxQ0iUU4omyW9IGTZgjs07qeWXA5rL0Pt5pL6mWppFhQ2LTX9xc6RQeVqMaipBSMf7amglatT15DMNq8VazTxciuc9rW38zgdKOrx7akycMG4pOZks2IIsLnts+pPrJyvRd+/O8XsF25L2aKBfjbmJXp2eKwP4Vl2HMNQZFxza/xE3IS4pYMmRZEvs0hsz4yqBQPyXble4BxDIKH/jVqO2/xpUk2HCDURPNfFpdXtmBSKi+ekJRz/nzD6MetkBSFulz2J4fR4GvWQJvRSkJXlJtNvP+XlLDRFda7R2O3aczW+P5ynxLJbnu1o6IoLyKcCCCTzUCgboEDKC3ym1FRg/zkDau/PRndlC6zh2tJLytKtl1uUqTh8CAbPAIJIDlDQrGb2j7NKi1JTwzGpsjFFN7X8P097oiqY09rXuNABl4fkqrcNXxdE71IhOdBtVmO9Eeg0VZkT9BJmjiPdFqhSBFRJGyhgaJjIke0TAGHEBAoLvU1M9rYEzWr+qFKqTxhL2qsJqmgF994ywGWM4dZ8kSBB/EPhSLO3Wh5JXh46mMRx1efK43evisL5j7J0S1m4gtAvAa7FLANXUBuI2AF/uGR6K5yWNIcTWpXJkosXA9mspx4hldYpzeD1pABM//PI5sdcuHmZE5g0RdHAAzXhQzEbYJ9WfbhEoI1W7xlYr744172vtiU6aghuVHX1+QuONgKy2w3iGf48xe4GMhgud9Iue8MqXyFVss6u89w==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <6284D3085616484BB24B80BF94580F6E@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 71b12df5-084f-4e5f-3cfc-08d8c46dcfb4
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jan 2021 15:51:58.6571 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QetDLbi3RGtKVUW2LbLPQxzSZQOEqF66RZ8fdHhMpS5kl0/ESi0BpSDb2XmXDJQibv+ERawl3vk03xNavW7bpniWseVsdsAQrz4GrCytAxg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2826
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vv_GRfOwr9w8m3RONQ3BKxc_0sk>
Subject: [TLS] Frequent ephemeral Diffie-Hellman in long-term (D)TLS 1.3 connections replacing IPsec
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2021 15:52:12 -0000
Hi, 3GPP has historically to a large degree used IPsec to protect interfaces in the core and radio access networks. Recently, 3GPP has more and more been specifying use of (D)TLS to replace or complement IPsec. Most 3GPP usage of (D)TLS are long-term connections. Current best practice for long-term connections is to rerun Ephemeral Diffie-Hellman frequently to limit the impact of a key compromise. For IPsec, ANSSI (France) recommends to rerun Ephemeral Diffie-Hellman every hour and every 100 GB, BSI (Germany) recommend at least every 4 h, and NIST (USA) recommends at least every 8 h. These recommendations are formally for IPsec but makes equal sense for any long-term connection such as (D)TLS. If I understand correctly, the KeyUpdate handshake message only provides Forward Secrecy (compromise of the current key does not compromise old keys). To ensure that compromise of the current key does not compromise future keys (post-compromise security, backward secrecy, future secrecy) my understanding is that one would have to frequently terminate the connection and do resumption with psk_dh_ke. Seems like this would cause a noticeable interruption in the connection, or? Are there any best practice for how to do frequent ephemeral Diffie-Hellman for long-term (D)TLS connections? Seems to me that frequent ephemeral Diffie-Hellman should be the recommendation for any long-term (D)TLS connection as it is for IPsec. Cheers, John
- [TLS] Frequent ephemeral Diffie-Hellman in long-t… John Mattsson
- Re: [TLS] Frequent ephemeral Diffie-Hellman in lo… Watson Ladd
- Re: [TLS] Frequent ephemeral Diffie-Hellman in lo… John Mattsson