IETF Logo Mail Archive

Re: [TLS] Tickets after key update/post handshake auth

Martin Thomson <martin.thomson@gmail.com> Fri, 16 March 2018 16:53 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0795312711D for <tls@ietfa.amsl.com>; Fri, 16 Mar 2018 09:53:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HvVLQywblAv3 for <tls@ietfa.amsl.com>; Fri, 16 Mar 2018 09:53:48 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB68A1200C5 for <tls@ietf.org>; Fri, 16 Mar 2018 09:53:47 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id a189so2176495oii.2 for <tls@ietf.org>; Fri, 16 Mar 2018 09:53:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tumD8XEl7Su0SX+X9W0LIc5y8rH0JtMWRiKcAH0JOWY=; b=VP4BTdYhKBNamLec0ztdGYTjj7e+kiZqxElv2jRBBUBIpMtQaVK7oCgz+3b19dQy5n RLCxRtP7swF88lVzCat2BBB8pPTW6t1sV0aosf4Sj+4SPmNpCTBul7BWZ6OQiSF+11ZR BPvF6DIZXrUrja/OGa0Hez11PCxG0XykPD8GU251G7szw+pXanrPv5GR7cbPia7ainDg nlWzzuG8pmHNXLd8ddzClOngLOoK8BOVuCZLIAEId6Gr98Z/koTsxWwN2LObeBqi76Zc 5J5W+Pw7ckUGcCvoa1glu5NftcrYxuPZJ/AMPU33detRVXmqgSj0A9vA6549zxotFpkC 1tbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tumD8XEl7Su0SX+X9W0LIc5y8rH0JtMWRiKcAH0JOWY=; b=XXMT7yJY2yCjQxfqyrMVb2gJMY9uNi9AkL40/3aKhQRtH7wH3FTLOa/SVAfijsWaGY gtwv85SLDt3M2PaCVAZ38bnpP3+crmsxVGDVX+fF1SUvpkv102jKDQWsua+VeLP5VCpg uvtUfJcgXNBB/+7iwipKXrHrEFZvL6CVAGU6AK7hmeDUVTsDl9cPL/5HgLzX7Sj4fsXn fY+XM9uANBPxjRyS493zp1fvDtQ/1WtmAFl1JuZwq/GSuOkeuFJs5etknTyr69NWGkkW f+zLACm03dy++2EHKu7zLD3IR/DgR3+qTzz4043JbrzqZJmRBG0OayLrhsC4PrrKriwh /Dkw==
X-Gm-Message-State: AElRT7F3uIqa5xhgS0tYh5rRIPih2ta1l6bLgucqzjTD9Ydv1VtvvYX0 ori+X9+Rux/BcWt5kz4w3r14qZR6KUiY1ypeeOI=
X-Google-Smtp-Source: AG47ELtdIVuGlv2RDtYwF68699Q9VBdjksn6IbNUIHzKo+OGfCkMlt6Z8d2YbE0UFjnijPRLg+VFIhPpFMl6oEPHYVs=
X-Received: by 10.202.198.141 with SMTP id w135mr1571609oif.215.1521219227130; Fri, 16 Mar 2018 09:53:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:1055:0:0:0:0:0 with HTTP; Fri, 16 Mar 2018 09:53:46 -0700 (PDT)
In-Reply-To: <CABcZeBNMFs0mGOkSq+oqw2LCDhZxfTzbrCWPYozVihiPED+Hxg@mail.gmail.com>
References: <54b7e8df-705c-64dc-9011-b0d2acc2950b@openssl.org> <CABcZeBNMFs0mGOkSq+oqw2LCDhZxfTzbrCWPYozVihiPED+Hxg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 16 Mar 2018 16:53:46 +0000
Message-ID: <CABkgnnWorgt9JOgxupoxTquk40tPfauhQ3p48tnWm0ETst7Yiw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Matt Caswell <matt@openssl.org>, "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/wFxChGNszMRwpNHFSK7F_HRxAuc>
Subject: Re: [TLS] Tickets after key update/post handshake auth
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Mar 2018 16:53:50 -0000

That's only because there is some chance that the ticket binds in more
contextual information.  In practice, this might also happen as a
result of application-layer changes.  At the TLS layer, it's hard to
know exactly why the new ticket was issued.  If it was just adding
another ticket to the pile of available tickets, or whether it
replaced previous tickets.  As the consequences of using an invalid
ticket aren't serious, I would suggest that you simply use the most
recent one.  If you only use each ticket once, then use the most
recent one and hope that it's still current.

As ekr says, the old ticket isn't invalid from the perspective of TLS.
That only happens at the expiration time, and as the server decides.
You know the former, and can only guess at the latter.

On Fri, Mar 16, 2018 at 4:36 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> On Fri, Mar 16, 2018 at 4:19 PM, Matt Caswell <matt@openssl.org> wrote:
>>
>> What is reasonable behaviour for a client to do with any tickets it has
>> previously received following a key update or a post-handshake
>> authentication? Should those old tickets be now considered out-of-date
>> and not used?
>
>
> There is no good reason to discard tickets received post KeyUpdate. The
> KeyUpdate
> has no impact on their security.
>
> It's probably reasonable to discard tickets received after Post-Handshake
> Auth if a new
> ticket is received, as that ticket might incorporate the client's
> authenticated identity. Otherwise
> I wouldn't bother.
>
> -Ekr
>
>>
>> Matt
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email