Re: [TLS] WGLC: draft-ietf-tls-cached-info
Eric Rescorla <ekr@rtfm.com> Sun, 17 August 2014 18:47 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A17351A00A8 for <tls@ietfa.amsl.com>; Sun, 17 Aug 2014 11:47:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rz6XMdj7zJ0f for <tls@ietfa.amsl.com>; Sun, 17 Aug 2014 11:47:44 -0700 (PDT)
Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B78391A0072 for <tls@ietf.org>; Sun, 17 Aug 2014 11:47:43 -0700 (PDT)
Received: by mail-wg0-f51.google.com with SMTP id b13so4099638wgh.34 for <tls@ietf.org>; Sun, 17 Aug 2014 11:47:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=swgKT29VasLTl27qEGrS6zQuXSSA7wVwHkOrlWngH3A=; b=b+MK0q3Z/0LtMKVCbqjc69PoHyIwX3Cw2sreD8s2r27SDonS9z7GxEsaob0+lvfmml Ql6B7oRSaBH2JK9JxAUX++qtAryK9JC8GIuhBdtaWqMVqVzYOwfT17I6WibICFIRTrTE OqKQtBtgyQU+x6fTD2PcDsCyxvyK4lQ1naMiaJnrzaetwx/QEhpHwokljSa0H1T24Z6/ 8+yOVFqxwzfy++mJQq/yyyAkrW9bZlwVvBEXct0FxIm6XwR7MZtukIn1pTt+djLYR8IY UoeTropxvRwP4oHZyPVGyFTzVXIUgp/O1LrAG+qiBgNnVs3fIQpc55kLZZ3nIwthQVWe 5gfw==
X-Gm-Message-State: ALoCoQldw1etxX95WIrJd/rj4BiBCT/jBjPKPdeqpr5PGIqWmJYAOf35Q2KPlYG2RROIhyLYonPX
X-Received: by 10.180.39.34 with SMTP id m2mr68299962wik.80.1408301262170; Sun, 17 Aug 2014 11:47:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.217.128.12 with HTTP; Sun, 17 Aug 2014 11:47:02 -0700 (PDT)
X-Originating-IP: [2620:101:80fc:232:4ca8:f93c:912:f129]
In-Reply-To: <D6DB2CDC-3DA6-4A5F-97E9-1F1C511C4687@ieca.com>
References: <D6DB2CDC-3DA6-4A5F-97E9-1F1C511C4687@ieca.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 17 Aug 2014 11:47:02 -0700
Message-ID: <CABcZeBMuf5dPgAbrmBuacBDsy+5EAZ=rB7xKEKHgrtRrL-XvGw@mail.gmail.com>
To: Sean Turner <TurnerS@ieca.com>
Content-Type: multipart/alternative; boundary="001a1134b5b8780b690500d7b0fd"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/w-lZ-Nor2g5MWTidp4YUMOWm66I
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] WGLC: draft-ietf-tls-cached-info
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Aug 2014 18:47:45 -0000
Comments below. Generally, I think some work is still needed here. I'm starting to wonder whether this piecemeal design is really the one we want here. I.e., it's possible for the client to let the server cache X and Y but not Z. I wonder if we instead want the server to advertise "This is configuration XXX and the client just says OK" rather than letting the client pick and choose. How much more bandwidth would that really lose? Conversely, if we're going to have a pick and choose design, we should think about adding the client's cert since that can be large. I think the text needs to be tightened up to be clear on what's going on. As I understand it: - The client can offer as many cached items as it wants including multiples of the same type. - The server can respond with at most one of each type. If he offers a value that the client offered that means he is going to omit that value. If he offers a value that the client didn't offer, that means he would be willing to let the client cache that value. Is this correct? If so, these seem like kind of confusing semantics, since it means that, for instance, if the client offers: certificate = X and the server responds with: certificate = X Then it means that the server will omit the cert but if the server offers certificate = Y it means "I would be willing to omit cert Y" but I didn't omit X. I trust it does not mean "I omit Y". That seems confusing. Section 3. I Suggest renaming the "trusted_cas". That seems like a bad name for this. Do we want to add OCSP responses to this. Section 4: Following a successful exchange of the "cached_information" extensions in the client and server hello, the server omits sending the corresponding handshake message. My understanding was that you in fact shrank the message but didn't omit it. Section 4.2. When a fingerprint for an object of type 'trusted_cas' is provided in the client hello, the server MAY send a DistinguishedName in the Certificate Request message with an actual length field of zero (=empty vector). This is a sequence of DistinguishedNames. So do you send a list with one empty DN in it or an empty list? Is there a reason not to just compress the entire message? Surely the types and algorithms are just as stable. Section 5: namely 'trusted_cas' (also defined in this document), and the 'foo- bar' extension (i.e., an imaginary extension that yet needs to be defined). Nit: extensions generally have underscores. Please make these diagrams match the style in RFC 5246. Section 6: The hash algorithm used in this specification is required to have reasonable random properties in order to provide reasonably unique You don't mean "random", right? I also share AGL's concerns about the security analysis. On Tue, Jul 29, 2014 at 5:48 AM, Sean Turner <TurnerS@ieca.com> wrote: > This is the working group last call for draft-ietf-tls-cached-info: > http://datatracker.ietf.org/doc/draft-ietf-tls-cached-info/ > Please send comments on this draft to the TLS list before August 19, 2014. > > J&S > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] WGLC: draft-ietf-tls-cached-info Sean Turner
- Re: [TLS] WGLC: draft-ietf-tls-cached-info Adam Langley
- Re: [TLS] WGLC: draft-ietf-tls-cached-info Eric Rescorla