Re: [TLS] TLS 1.2 Long-term Support Profile draft posted
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sun, 20 March 2016 12:37 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D5FA12D751 for <tls@ietfa.amsl.com>; Sun, 20 Mar 2016 05:37:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmwFFuzJQWQG for <tls@ietfa.amsl.com>; Sun, 20 Mar 2016 05:37:18 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1A1412D6FB for <tls@ietf.org>; Sun, 20 Mar 2016 05:37:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1458477438; x=1490013438; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=aaVZtAGQRBIRRnPrjLxJkp/tDp70gUpV+x2UpEJaTRs=; b=Gqn2YN+nohLBUHegpICn8H18rfJYLc/7RJ+e9D0rMkgPcapYcXzR+wxn JRQcQKwOQW6hI6PQzvkNRYz0XEzndB3YjGvwAdSHZFxgvYXfP0zRAWRZe CmWOa2DkMWquF3RaYF2vstWaNY2Iu5KkbbwKUm+VYWpxEI6PvyE+8QtHG u0OveCqfdpJ/5GUxpGvSsdKVmCaKq2rIc9U8EZeoJh4/AQtMENcSkx4B5 ZgO63m0oNU0PbmYvcs9BCSxflyy7eZcdjArjDCGYSWqSKAIG0kSKMplPI 3PBr8JHgEaTVPF7eWjnU51fz10IxLMh6Ws2afyZW16nowUR7GeP4DGAGP w==;
X-IronPort-AV: E=Sophos;i="5.24,365,1454929200"; d="scan'208";a="75319752"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from uxchange10-fe4.uoa.auckland.ac.nz ([130.216.4.171]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 21 Mar 2016 01:37:16 +1300
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.241]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0266.001; Mon, 21 Mar 2016 01:37:15 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Thread-Topic: [TLS] TLS 1.2 Long-term Support Profile draft posted
Thread-Index: AdF/gGiJXC2ZI/lER3iVToFYg5p2egCSfaaAACoKC6r//3MHgIAA5Mgg//8p5wCAAOOLTw==
Date: Sun, 20 Mar 2016 12:37:15 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4C27A2B@uxcn10-tdc05.UoA.auckland.ac.nz>
References: <9A043F3CF02CD34C8E74AC1594475C73F4C2374E@uxcn10-tdc05.UoA.auckland.ac.nz> <201603191930.35445.davemgarrett@gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4C27783@uxcn10-tdc05.UoA.auckland.ac.nz> <20160320110945.GA30544@LK-Perkele-V2.elisa-laajakaista.fi> <9A043F3CF02CD34C8E74AC1594475C73F4C279D0@uxcn10-tdc05.UoA.auckland.ac.nz>, <8AE45263-3667-4B0B-974F-CB6B2BD20AAE@gmail.com>
In-Reply-To: <8AE45263-3667-4B0B-974F-CB6B2BD20AAE@gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.6.2.5]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/xtQNHvlyBr6aIuqfFIsDnpb71s4>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.2 Long-term Support Profile draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Mar 2016 12:37:19 -0000
Karthikeyan Bhargavan <karthik.bhargavan@gmail.com> writes: >Adding the handshake hash to the ServerKeyExchange (a la EMS) provides some >nice protections against downgrade and seems to be worth the effort. My only real concern with this is that if you've got an API that doesn't allow forking, you're now running three hashes in parallel. Still, for everything else it'd be pretty straightforward, fork once after Server Hello for the Server Keyex sig and a second time after Client Keyex for EMS. So presumably instead of hashing the bare nonces for the keyex sig you'd hash the entire hello message that contains them? >Of course, for all of these LTS improvements, we need to assume that the LTS >extension itself cannot be deleted by the attacker. That is, we’d assume that >the client or server supports *only* LTS mode. Otherwise, we’d have to look >closer to eliminate other downgrade attacks. There's an SCSV-shaped hole in the draft for that :-). Peter.
- [TLS] TLS 1.2 Long-term Support Profile draft pos… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Watson Ladd
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Wan-Teh Chang
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Paterson, Kenny
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Watson Ladd
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Paterson, Kenny
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Sven Schäge
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Ilari Liusvaara
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Karthikeyan Bhargavan
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Karthikeyan Bhargavan
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Eric Rescorla
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… D. J. Bernstein
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Joachim Strömbergson
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Salz, Rich
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Yoav Nir
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Tony Arcieri
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Tony Arcieri
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Joachim Strömbergson
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Hubert Kario
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile draft… Henrick Hellström
- [TLS] TLS 1.2 Long-term Support Profile vs HTTP/2… Nikos Mavrogiannopoulos
- Re: [TLS] TLS 1.2 Long-term Support Profile vs HT… Dave Garrett
- Re: [TLS] TLS 1.2 Long-term Support Profile vs HT… Peter Gutmann
- Re: [TLS] TLS 1.2 Long-term Support Profile vs HT… Martin Thomson
- Re: [TLS] TLS 1.2 Long-term Support Profile vs HT… Yoav Nir