Re: [TLS] WGLC for draft-ietf-tls-ticketrequests

"Martin Thomson" <mt@lowentropy.net> Tue, 21 January 2020 08:57 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAB48120071 for <tls@ietfa.amsl.com>; Tue, 21 Jan 2020 00:57:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=fK/SaP1V; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ELL44UOB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L2gRyvC28xPy for <tls@ietfa.amsl.com>; Tue, 21 Jan 2020 00:57:50 -0800 (PST)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29832120025 for <tls@ietf.org>; Tue, 21 Jan 2020 00:57:50 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 944BA337 for <tls@ietf.org>; Tue, 21 Jan 2020 03:57:49 -0500 (EST)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Tue, 21 Jan 2020 03:57:49 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=aHXiUhBWzFo3A917Z+cOWU6A2aneGiU Ry3UfKsOYBls=; b=fK/SaP1VFWv2miSbyKcp58eKO2bpKzLQYFKkUp5IbNZkUeG EjdNFJC/8tH2D88W8XeP9lGgYj4RBx/lwmBXmvF3xOj7KtUVtYz4UXlH6nWUwfxJ 8yGvlrdJEqyfjYAPNKUIVLUS6a+k3OrRQaeKe6BjHXTgrLiin0XDstlE4S+ENk5B +JKwxQOvLkAnFEBxedvZ7ECgBdG6TKC65R9q+MWx4Xs69uvkIoOycr+/+QvsHojC 9Eq/+truPgMw2YCtG530RhC6QUsemlgW1G6sLcpxGqSws/Y0zh5iG+QjbJrX/qNu XgUO6jVltP+ja2MAkFz8XzR302wHMypb9ziSrqg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=aHXiUh BWzFo3A917Z+cOWU6A2aneGiURy3UfKsOYBls=; b=ELL44UOBq2oo6me+50P31X U35B1Is4DSmL87AfjfJ88tbgMhTzU8LWVgdpo+iGu+pq4fnspUixLB+4mZ6gKtZg gDBfFqqxm6clmI0hZcXB1OV4Ys6kkx8hDHjPv/MMdjDwN//pXlz0VchbkEALTt/B AnyC8tbifTahN/OjiX6RBqadWcD8AsYiHTf9vGZkcAFImDUGZkZwWUY7MTrb/oZL NfX16jik7yLVI7zzDrP6ifoPWiqw2a0jhAoKEzFABonfx5kulpL9vm+eqrTMW5Y0 JJQ1JNLdyPF6W+HcQMNUWehHlM/3PthhKv3lygIRtYN/EiwW42nqoXPA5lyXkLtA ==
X-ME-Sender: <xms:DL0mXp6HfgX6eiv-o6ZhZLfxGVv6zbIpwYweFzZHuAbkyF8bFnlOHg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudejgdduvdefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:DL0mXgnAsQRPD2zvCJ3nnjPpfsGVtPftSO7JjjYiqe6J4iqBRfhFdA> <xmx:DL0mXna5-0PoVTCFH_0BL1TBfNBjeopUY9UioWDEib70IyWB9cBtvg> <xmx:DL0mXmMYzgs1nzi-zaWeyadeK8l5ElUMieoactYckYUif7l69yiNdw> <xmx:Db0mXoIFGlAn56X5cdkx7V-dCdH-lwjXMt3ln6QcSqw8vi5py0uJ7g>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C1D4BE00B0; Tue, 21 Jan 2020 03:57:48 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-754-g09d1619-fmstable-20200113v1
Mime-Version: 1.0
Message-Id: <97de6364-c628-45aa-8613-ba1a32cc41b2@www.fastmail.com>
In-Reply-To: <20200121055411.GJ73491@straasha.imrryr.org>
References: <20191116210617.GS34850@straasha.imrryr.org> <20191116235952.GR20609@akamai.com> <20191117002249.GV34850@straasha.imrryr.org> <CADZyTkmaUVj=sFdgg93MuM2au0B=1M1k3yCA1XDoaAneVDmnNw@mail.gmail.com> <14690874-E301-4BC0-B385-00DEBCBA94C2@apple.com> <20191120034812.GQ34850@straasha.imrryr.org> <5FBFE820-8C53-4B32-9520-343279C1A6CC@apple.com> <20191120064819.GR34850@straasha.imrryr.org> <CAPDSy+6DFJ+OYRtYK6eEiUt1noiik4KxqrGFx0ro_RL2Mft_VA@mail.gmail.com> <fd37bd2a-c799-4bf4-95b3-65943681683b@www.fastmail.com> <20200121055411.GJ73491@straasha.imrryr.org>
Date: Tue, 21 Jan 2020 19:57:27 +1100
From: "Martin Thomson" <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vygsgx-plf4hdaruJF3WUpBkEDk>
Subject: Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 08:57:57 -0000

On Tue, Jan 21, 2020, at 16:54, Viktor Dukhovni wrote:
> There's no need to exclude valid use-cases.  The refined proposal
> is rather non-invasive, and handles this case cost-effectively
> on clients that re-use tickets (and don't use early-data, ...).

I don't find your arguments persuasive.  This adds complexity specifically to address a case that has - in the general case - suboptimal characteristics, both in terms of forward secrecy and linkability.  Whether or not there are specific cases that might tolerate these suboptimalities, the complexity and risks are borne by everyone.

This is clearly a subjective call, so I'll step back now.