IETF Logo Mail Archive

Re: [TLS] Session resumption ticket reuse considered harmful

Martin Thomson <mt@lowentropy.net> Thu, 05 March 2020 21:35 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD6BE3A0C55 for <tls@ietfa.amsl.com>; Thu, 5 Mar 2020 13:35:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=gSxvApQ4; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=JrpPcqkF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U_1T5IIF1FGD for <tls@ietfa.amsl.com>; Thu, 5 Mar 2020 13:35:26 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC0C43A0AD5 for <tls@ietf.org>; Thu, 5 Mar 2020 13:35:26 -0800 (PST)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 9FE6722025 for <tls@ietf.org>; Thu, 5 Mar 2020 16:35:25 -0500 (EST)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Thu, 05 Mar 2020 16:35:25 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=3QKg8v1SEVi0pOHj43P6CwcNyUWuw6H 6lu2WkTEUpqA=; b=gSxvApQ4R/C1C+emnBcw+juWEBFm3cIDPg7ItbA/WuDSU+1 2v79WuxmdtT0u4LjVDcG03IhQ8ykv4WtFUoZ/Xb7PYfdd7i44ioEXTi7ZSdck1HT TYkyyBJ12RharIf5yNxNmtBilsczLRTLIU7y767FLX4AWoVO4Q2Ks/2n5h7+33jB 2mhaY/6RVIT9btkpWSGr5+RMJSZE+tYgDsWuc5pBueJWTSr8PSMwUq+WapcG49gB QA0ESqMVGfPl8Zy2o6Iy06nuIMalwweFWR0ttA29lBPd424xR1NgRsJUMUfGKCR8 NVGSPKTaTYQy3JswrVRAXdawZRlhKafvtOP6ojQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=3QKg8v 1SEVi0pOHj43P6CwcNyUWuw6H6lu2WkTEUpqA=; b=JrpPcqkFhFClo8GGNPpLxH /QQuOqWev6fRP84aRU8/w6hZH2Gi76ZO8j1Rct4nBK0uIXZH5MWHBIbibZ5VeG0K lnIwsLNSbKMxBtYOOvXp86sOPcqI6HBcyByExj4qa11zT6yOJ3LJSi/B+DTnkb/9 A+HXrkp17u0N7ga2Dmop0kVJMJUNfy3lLKDADqrTKbMJl/h5NZ8oR9FdaUwqomU1 PxVdHcYIKN49bVQM/GRpL0tE1TlHNMwG7DTYhKK6rkACOoNYOtNkJ+PjFBsYcfja WzpQN2briQHs/Kkd+dYgbYFqO3dE91M5voLpUJuKEjuA+6hAcIrF3Rnc9avCH8zw ==
X-ME-Sender: <xms:nXBhXiuV9_Aptl3VzOZ5gHwEClM9MviHK6aeo4vXMpskYKpHEEdvOw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedruddutddgudehhecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesth dtredtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehl ohifvghnthhrohhphidrnhgvtheqnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg hmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:nXBhXn67sRx9IJSkWWrqxdXEEC8aYVpKN7Uzeb87pPuK3qCHyCYRjA> <xmx:nXBhXkpLGt0VahLA6WZjQinq3iN2FtsfyRrT0daX4pn580X3OtQSsg> <xmx:nXBhXjf6Ia8reM8EycozFPxi5eBdQuxygADODNClO9NKnjFFlSBPKg> <xmx:nXBhXp8ntGz77iPSMAQUN54tnme24RR9QaNHcSeBoaPN-T1rx_dLPQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3DE70E00C8; Thu, 5 Mar 2020 16:35:25 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-991-g5a577d3-fmstable-20200305v3
Mime-Version: 1.0
Message-Id: <78240ee1-20ea-45b2-bd0e-e967077c509e@www.fastmail.com>
In-Reply-To: <20200305205524.GR18021@localhost>
References: <20200305205524.GR18021@localhost>
Date: Fri, 06 Mar 2020 08:35:07 +1100
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/y6AdN7fbkSKybDLrSH5kjF9mAE8>
Subject: Re: [TLS] Session resumption ticket reuse considered harmful
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 21:35:28 -0000

On Fri, Mar 6, 2020, at 07:55, Nico Williams wrote:
> .... unless both parties agree.  It takes two to agree.

RFC 8446 says:
   Clients SHOULD NOT reuse a ticket for multiple connections.  Reuse of
   a ticket allows passive observers to correlate different connections.

Are you arguing that there are exceptions that justify not respecting the "SHOULD NOT", or that the "SHOULD NOT" is too strong?  Because no one is violating any specifications when they reuse tickets, just recommendations.

(In other words, I don't understand the strength and vehemence of the arguments being used.)

v2.23.0 | Report a Bug | By Email