IETF Logo Mail Archive

Re: [TLS] 答复: Connection ID Draft

Eric Rescorla <ekr@rtfm.com> Sat, 14 October 2017 02:40 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC9911321F5 for <tls@ietfa.amsl.com>; Fri, 13 Oct 2017 19:40:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bwkgzIDRalxN for <tls@ietfa.amsl.com>; Fri, 13 Oct 2017 19:40:00 -0700 (PDT)
Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8CFB132397 for <tls@ietf.org>; Fri, 13 Oct 2017 19:39:59 -0700 (PDT)
Received: by mail-qt0-x233.google.com with SMTP id j58so11767542qtj.0 for <tls@ietf.org>; Fri, 13 Oct 2017 19:39:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Qxhv+D62ID+URkpSAbD9qq7dcIVQjSfGK54BRgcagXk=; b=KSR2wFFEXXPd7pFKQtt2/i7bhGpRBWbGEkL7tQKga+FBICRxb4aGOnjrW5F6F9qDhi 3XJ6KwzMftpgBYNYk1UAb4eIMcqcF9AlnAQ17Ij86Ok3whqKuHCC9vcJiA5eKGPoDHlf r6Sv7uaUR5RKJbUlOeFX7Y7n7JYsrFNh3Dxxjw6XoUTwNJIudCVINR5cvjWnr6PB9NBS Yd0F0ueMzWUjQ9e8/kbeBYfSp4fV/gm/QXvJfi3dyT9gmju5Vos8QrBrLSFAq5BTbU0K mwA0lCyp9gegiB2HyDSDv6jZnJ1c4NYOEdbsRwzKmg6AbuiGiK8HZ3MVam99Gt9v0x4F KiBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Qxhv+D62ID+URkpSAbD9qq7dcIVQjSfGK54BRgcagXk=; b=Sp9Vk7FuiYlve22lqnsU0sBq3jWDZLRmCQafXQyJUqfvqh2g8lpLNamvciC15OPLoh +n7p92rl9py6eSXa2zXmp2XYaNJh2fErrj5sX8vwVwNq62HbXX8GjIjuiTHfZG6z4iZ0 w2lhKuSyge5NF72Xb1W2CIo7r9dZ+89qMuC8TVBto4xcS2YCisxXPklCFVzKESCg1gbW 5zobdTj1Kk+yxC3x09ZemzWczMzx+1MeM6Y9+cxXCbahrcnPdEQChgs8FnVwdyTZj+03 gZzB4x9kBm7H/a0PfC5I54tlKBYWbTFMxW9hWGPgKyOCIZ3XlUCs2yxpjWPCqI0ZDPE8 kRpA==
X-Gm-Message-State: AMCzsaWqKRgSYEdgoM6R2B/fPiBlSfOkfOI2jn8YV+V5ZrCwkl5GsUkY NECSITB+SFVhKVtX8QpfWtt7ECJ3Lwer/24hqVLV5Q==
X-Google-Smtp-Source: AOwi7QDU20koQJ2QlFv0r/QH0HaptyLonyyOYyitmLDLx/s7/Wa/k1MTSF7nHuPZv6hiNBr3eXBXMNiyIK9raTdHCZM=
X-Received: by 10.129.26.208 with SMTP id a199mr2096789ywa.280.1507948798989; Fri, 13 Oct 2017 19:39:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.75.194 with HTTP; Fri, 13 Oct 2017 19:39:18 -0700 (PDT)
In-Reply-To: <CABcZeBOakTsbSJODAroNFm7SsiVsnh9fhKMzT1J8i5PoC9rYXw@mail.gmail.com>
References: <DBDF9AE44733284D808F0E585E1919022C7A77E2@dggemi508-mbx.china.huawei.com> <9800fbbc-f23f-139d-b5a9-ef6515123f73@gmx.net> <DBDF9AE44733284D808F0E585E1919022C7AAC48@dggemi508-mbs.china.huawei.com> <CABcZeBOakTsbSJODAroNFm7SsiVsnh9fhKMzT1J8i5PoC9rYXw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 13 Oct 2017 19:39:18 -0700
Message-ID: <CABcZeBP4RN1BFFFbC+Vajsxx=egKzypAO1CU9rAy9SjebYBiNA@mail.gmail.com>
To: yinxinxing <yinxinxing@huawei.com>
Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a1142d0d480ee58055b78b03a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/wjJxE6wwVkDSRcr0lUTZDFjTWhg>
Subject: Re: [TLS] 答复: Connection ID Draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Oct 2017 02:40:02 -0000

On Fri, Oct 13, 2017 at 7:36 PM, Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Fri, Oct 13, 2017 at 7:28 PM, yinxinxing <yinxinxing@huawei.com> wrote:
>
>> Hi Hannes,
>>
>> "exchange new CIDs and switch between them every day" may not be a good
>> choice for power constrained IOT devices. From the point of saving battery,
>> it is better to transfer the new CID to the other peer in the application
>> responding message in passing, instead of sending an independent updating
>> CID message.
>>
>
> Well, that's obviously something you could do but it's not part of TLS,
> though of course you could use the connection ID in TLS.
>
>
>>
>> In addition, like what Stephen mentioned, it is essential to avoid
>> linkability between new CID and old CID. This is not covered in this draft.
>>
>
> New security considerations text welcome.
>
>
> For 1.2, in this draft, there is no NewConnectionID and
>> RequestConnectionID message, how can the CID be updated. This is what I
>> mean "worse".
>>
>
> Yes. As I said, I'm not really trying to fix TLS 1.2, though I'm happy to
> have the extension used both places.
>

With that said, it's not like it's impossible; it's just work. But the WG
policy has been to focus on TLS 1.3 and not on retrofitting TLS 1.3
improvements to 1.2.

-Ekr


>
> -Ekr
>
>
>> Regards,
>> Yin Xinxing
>>
>> -----邮件原件-----
>> 发件人: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net]
>> 发送时间: 2017年10月13日 23:41
>> 收件人: yinxinxing; Eric Rescorla; tls@ietf.org
>> 主题: Re: [TLS] Connection ID Draft
>>
>> I would like to focus on one of the points raised below:
>> > 3.       We have a practical usecase in IoT. The IOT device, like
>> > intelligent water meter, sends one message per day, and goes to sleep.
>> > It wakes up in the second day and sends a message and then goes to
>> > sleep. If it always (or for a long time) use the same CID, there may
>> > be a risk of tracing IOT device or the owner of this device.
>> > Therefore, it is important to recommend user to update CID once it
>> > finishes sending message. For the CID in DTLS1.2, this becomes worse.
>>
>>
>> The user is typically not doing anything.
>>
>>
>> Without this CID extension you would send a full exchange or use session
>> resumption. This would allow someone in the middle to see the handshake.
>> In DTLS/TLS 1.2 this would reveal the client certificate.
>>
>> With DTLS 1.3 and this extension you would hide the certificate and you
>> could echange new CIDs and switch between them every day. The source IP
>> address will most likely still reveal the subscriber (if you consider some
>> cooperation with the ISP).
>>
>> So, you actually get pretty good privacy properties with DTLS 1.3 & CID
>> (unless some of the data center folks destroy it again with their fancy
>> extensions). With DTLS 1.2 there is only a performance benefit but the
>> privacy properties remain the same IMHO.
>>
>> Ciao
>> Hannes
>>
>>
>> >
>> >
>> >
>> > Regards,
>> >
>> > Yin Xinxing
>> >
>> >
>> >
>> > *发件人:*TLS [mailto:tls-bounces@ietf.org] *代表 *Eric Rescorla
>> > *发送时间:*2017年10月13日7:14
>> > *收件人:*tls@ietf.org
>> > *主题:*[TLS] Connection ID Draft
>> >
>> >
>> >
>> > Hi folks,
>> >
>> >
>> >
>> > I have just posted a first cut at a connection ID draft.
>> >
>> > https://tools.ietf.org/html/draft-rescorla-tls-dtls-connection-id-00
>> >
>> >
>> >
>> > Comments welcome.
>> >
>> >
>> >
>> > -Ekr
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > TLS mailing list
>> > TLS@ietf.org
>> > https://www.ietf.org/mailman/listinfo/tls
>> >
>>
>
>

v2.23.0 | Report a Bug | By Email