IETF Logo Mail Archive

Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?

Aaron Zauner <azet@azet.org> Tue, 01 December 2015 13:15 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 347E21B2D20 for <tls@ietfa.amsl.com>; Tue, 1 Dec 2015 05:15:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4AXDM2scqoUa for <tls@ietfa.amsl.com>; Tue, 1 Dec 2015 05:15:07 -0800 (PST)
Received: from mail-lf0-x232.google.com (mail-lf0-x232.google.com [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EAB01B2D15 for <tls@ietf.org>; Tue, 1 Dec 2015 05:15:07 -0800 (PST)
Received: by lfaz4 with SMTP id z4so7553145lfa.0 for <tls@ietf.org>; Tue, 01 Dec 2015 05:15:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet.org; s=gmail; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=J1puTTTmuEtUbgHdRCwFbgYRbXV60tn6x+vNQ1/AinU=; b=d0iIzinkM+0u1ByhDQLBl53UJ9l32BRxid/dPeSDZSbITGORrPkxbH9mLPQtnhSetq Gz0OejTaR7RkPpHSDSgGWg99BzEf6+9JaY/y7M/p+Qqp3cgIJY47y0VXg765EK9tTEQc alyEfwT8UGMFbS15gPuSmQoPJGMBu2GK7rSyU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=J1puTTTmuEtUbgHdRCwFbgYRbXV60tn6x+vNQ1/AinU=; b=TXYk58rP50I7w+2Dl4L+1xwW1XOxYnujRXi5SuACtwl/NHFhY8fy8sRkFOw7SQGJ43 wDmTUUwP18OcRJ3IbbESuIzsANP4JuVD0juUFy8TFiCEhkYsoaQS9c8xpZz4pmQ4XnQu 88E7jxnR4Lkn34drDj0F4VmIk6KQ+enq67cMQJxiMg8/Ye7MgRFrWHdoi4V72cxIJ6hS 56P5z3Q8kAMKCoTEROdBqiY2CzDhAjl7558llQ68M1GudObJFZc+Nv+x1beiOujXcMcf bqI8q1+N75+P9LOYSU1I1xQG5UqLdNYAEGTM+xj8p01H2kmW8z8BEEqzolY97whDmuGx z2qw==
X-Gm-Message-State: ALoCoQmyrPVQHVyySSSQoFb8uD9OlWc9F3PV100nXT2+cEjhbkivpTP21zrwgIjDjGpE0sSfPCWM
X-Received: by 10.112.129.98 with SMTP id nv2mr17392953lbb.17.1448975705447; Tue, 01 Dec 2015 05:15:05 -0800 (PST)
Received: from [192.168.1.117] ([41.232.114.68]) by smtp.gmail.com with ESMTPSA id sv10sm5387127lbb.46.2015.12.01.05.15.03 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 01 Dec 2015 05:15:04 -0800 (PST)
Message-ID: <565D9D54.1050100@azet.org>
Date: Tue, 01 Dec 2015 14:15:00 +0100
From: Aaron Zauner <azet@azet.org>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Hubert Kario <hkario@redhat.com>
References: <56586A2F.1070703@gmail.com> <2564045.EyFMgGcPZE@pintsize.usersys.redhat.com> <CAFggDF0yyMP3ErgHjNKbF1Nu3CUutCXaay+e0vEMOiDNNbKSLQ@mail.gmail.com> <8237123.IbIWt7fMrM@pintsize.usersys.redhat.com>
In-Reply-To: <8237123.IbIWt7fMrM@pintsize.usersys.redhat.com>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig0CA8B1857FF51B7DC1BBB37D"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/wjauMA9VokpLCicgpPl6wPStpZ0>
Cc: tls@ietf.org
Subject: Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2015 13:15:09 -0000

Hi,

Hubert Kario wrote:
> then we need Best Current Practice for applications describing to them 
> how TLS needs to be used, e.g. make sure that they are doing writes as 
> big as possible, checking if timing of responses doesn't leak much 
> information, etc. Forcing TLS implementation to combine writes will 
> easily cause serious problems with interactivity of sessions...
> 

FYI: similar IETF documents like that exists for TLS (up to 1.2)
already. Might make sense to update them or have similar ones when time
comes. Though spreading everything out over a lot of documents makes it
harder for implementers to find all the information they might be
looking for, IMO. Actually, as far as I understand the whole objective
of UTA-WG is putting out documents like that (Utilizing TLS in
Applications).

https://tools.ietf.org/html/rfc7457
https://tools.ietf.org/html/rfc7525

Aaron

v2.23.0 | Report a Bug | By Email