Re: [TLS] One stream to rule them all (was Re: Security review of TLS1.3 0-RTT)
Martin Thomson <martin.thomson@gmail.com> Thu, 04 May 2017 02:32 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0271128C84 for <tls@ietfa.amsl.com>; Wed, 3 May 2017 19:32:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.801
X-Spam-Level:
X-Spam-Status: No, score=-0.801 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L_sVkNMs-5R9 for <tls@ietfa.amsl.com>; Wed, 3 May 2017 19:32:01 -0700 (PDT)
Received: from mail-lf0-x233.google.com (mail-lf0-x233.google.com [IPv6:2a00:1450:4010:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EECB129443 for <tls@ietf.org>; Wed, 3 May 2017 19:32:01 -0700 (PDT)
Received: by mail-lf0-x233.google.com with SMTP id h4so435978lfj.3 for <tls@ietf.org>; Wed, 03 May 2017 19:32:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lOAe5EVvMpNjl/VLLWwG0O1LnAppSW2bMDbX0cPJQdw=; b=UE0Rt+sPOyL2GXTnr0YiJLaIgIqbLz3j/lukREyaul9j1AxOJFkIZjK2CkDf7836HQ McWCaunsCJGCAvncy0EoAZTnrRmZ73MRy37XfIlAiyolGptp9W6Oc7Urf2GrT0a9woL3 8tcXhToPRy0oU+a26IZbjuNiRDxH0dW3Iltcv/MDf0Cey1IQV7sMD5ZCjzFPHiVPXTC7 rmN5mEGhnQAD2kAj3oxYmaQXevyNGc+3KXDJKUHFmSFx8kLxgVYIICaIqSmCHqx9W3WC xlg6oVEeUDJdsA69AdGc/VElGmQYEWh9aDvPF8qdYfYwKgFAs01P3Z6l6lMEP+ZTrLBU 1aAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lOAe5EVvMpNjl/VLLWwG0O1LnAppSW2bMDbX0cPJQdw=; b=m0AmT1U6inyf8wyAK5rFdgpluqRTG8pU3dSWyRL9W5Ld79S3Br6lGa7thWFL4GINS8 gI9s11rGrFBFTxvLJL+b1QKWYRtmlnSgiwBcV4C+96xe0o4pGbNfh3D6rYNkQ6f6LSBR CaYFJDz7pUWNwAlmuo0W7//pYoxKeBV2332oMKMyHkY/kG7QzRFSzzRotBTFtq0bseqv FUxhzGV4Zerdw8+RteQ92yjbNC1FYvjQLqIyejlgLouL7/liDMWBDF28CRNsAsu5++nE RrUPsBRAtNPn35CQzkV42ne1by5PUQGPiw+TeQAlucMbG3tKReVi7yAUz9HjvGotKDI1 xVFg==
X-Gm-Message-State: AN3rC/4fowXVopPh0kEf0lDhwJbT5bxR4EyQy1HtF0+c9QjhFqMXHME6 QzHEWGCB2zc7/X4KYXChS0DklSuVQg==
X-Received: by 10.25.76.6 with SMTP id z6mr12890412lfa.172.1493865119559; Wed, 03 May 2017 19:31:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.83.2 with HTTP; Wed, 3 May 2017 19:31:58 -0700 (PDT)
In-Reply-To: <5242af630cb14f29847455c2de6ceb81@ustx2ex-dag1mb1.msg.corp.akamai.com>
References: <CABkgnnWseFHVLu_Qmn7AkdJVYHGdOAZfPP=Trz_3MbQV5H5Wcw@mail.gmail.com> <74c5b8f9c44149dda3b26ed833588eed@ustx2ex-dag1mb1.msg.corp.akamai.com> <5242af630cb14f29847455c2de6ceb81@ustx2ex-dag1mb1.msg.corp.akamai.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 04 May 2017 12:31:58 +1000
Message-ID: <CABkgnnUuxv1WbwiudOKxkjesrGH+DCJOYqThfUa0t6K0oFSv=A@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xtQMF8sZa_ETxE1RqaYX-hLGYS8>
Subject: Re: [TLS] One stream to rule them all (was Re: Security review of TLS1.3 0-RTT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 02:32:03 -0000
On 4 May 2017 at 12:29, Salz, Rich <rsalz@akamai.com> wrote: > That's kind of inflammatory. Apology accepted :) Yep, a bit stronger than ideal, sorry. > I don't want to make things hard. I want to make them clear and merging > two sets of data with different security properties does not seem like it's > helpful. A clear delineation of security properties exists, if the handshake is done, then you are in the clear. Otherwise, beware. The separation of the streams doesn't help if you consider the possibility that 0-RTT data can be retroactively blessed. I agree that it's complicated and we'll need to learn more. I fully appreciate that you want to be conservative in how to implement this feature. As a predominantly client stack with far fewer consumers, I guess we are taking a few more liberties. Are we not both entitled to our own approaches in this regard?
- [TLS] One stream to rule them all (was Re: Securi… Martin Thomson
- Re: [TLS] One stream to rule them all (was Re: Se… Benjamin Kaduk
- Re: [TLS] One stream to rule them all (was Re: Se… Martin Thomson
- Re: [TLS] One stream to rule them all (was Re: Se… Salz, Rich
- Re: [TLS] One stream to rule them all (was Re: Se… Martin Thomson
- Re: [TLS] One stream to rule them all (was Re: Se… Colm MacCárthaigh