IETF Logo Mail Archive

[TLS] Comment on draft-sullivan-tls-opaque-00

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Mon, 08 March 2021 14:43 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A0FF3A2B9B for <tls@ietfa.amsl.com>; Mon, 8 Mar 2021 06:43:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.599
X-Spam-Level:
X-Spam-Status: No, score=-9.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=KyyaWcbL; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Ojfrv0eZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zSePa94330zh for <tls@ietfa.amsl.com>; Mon, 8 Mar 2021 06:43:16 -0800 (PST)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06E493A2B96 for <tls@ietf.org>; Mon, 8 Mar 2021 06:43:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7613; q=dns/txt; s=iport; t=1615214596; x=1616424196; h=from:to:subject:date:message-id:mime-version; bh=MHEpIZYBH4hR4QIU3hb45PAG7XKYOlFmFYIf0GYn1U8=; b=KyyaWcbLeyhQjrP+8AxvufFl2Yz1Sd3zsb5Av/XzHoSTIh490W1dzRY/ KtnbY63qO5QS6zLhxPOmcV+SO9LupbXx06Zlo3IegGJqbEctRf2DcEd0i ZWH5M28Qw8P8G2iELqv6kOU/z1yWqGsAEYh/eQjSeo3IRBrRou7s+YDZ5 U=;
X-IPAS-Result: A0BbBABcN0ZgkJtdJa1iHgEBCxIMQIFEC4EjMFF9WjYxCod/A4U5iFaUM4RzglMDVAsBAQENAQEyAgQBAYRNAoF6AiU3Bg4CAwEBAQMCAwEBAQEFAQEBAgEGBBQBAQEBAQGGOA2GeBMBATgRAYEAJgEEG4JoAYF+VwMvAaITAooldIE0gwQBAQaFCxiCEwmBOYJ2hAaGbByBSUKBVIc7GoNIgiuCRG6BOYEFKB1EmymeKAqCfgScRJMdkE+yQYRIAgQCBAUCDgEBBoFqIoFZcBWDJFAXAg2OHxmDVopZczgCBgoBAQMJfI0bAYEOAQE
IronPort-PHdr: 9a23:psd5fhOTdqQMWGJKpDcl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEvKw33l7EQYud7OhL2KLasKHlDGoH55vJ8HUPa4dFWBJNj8IK1xchD8iIBQyeTrbqYiU2Ed4EWApj+He2YklYBMi4YEfd8TW+6DcIEUD5Mgx4bu3+Bo/ViZGx0Oa/s53eaglFnnyze7R3eR63tg7W8MIRhNhv
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.81,232,1610409600"; d="scan'208,217";a="658180668"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Mar 2021 14:43:15 +0000
Received: from mail.cisco.com (xbe-rcd-004.cisco.com [173.37.102.19]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 128EhE7i028129 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK) for <tls@ietf.org>; Mon, 8 Mar 2021 14:43:15 GMT
Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xbe-rcd-004.cisco.com (173.37.102.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Mon, 8 Mar 2021 08:43:14 -0600
Received: from xfe-aln-001.cisco.com (173.37.135.121) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Mon, 8 Mar 2021 08:43:14 -0600
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-001.cisco.com (173.37.135.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3 via Frontend Transport; Mon, 8 Mar 2021 08:43:14 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FI5oJ0vr3fA1JnMxgZnxc0FrgYXfZgGfW6SDAXiPpnkFvoziAfYujFMTG62meuetdkhgYq+zq0GaG1SOl9vrWlgeVu7PGEfJTwPrwE9PLp0aJERB0bW1D4khh760de2DX3ku/kkTJV/XQPKdcXCRO5eFgdFv+e84Ulm+hvzGSa6ifkPcz3q+OY4c8kODb4X6IpbPhzlZqbG/F1XJlW4eKFpIbV+UIfUV4mpKk5WgMeB6LKLISzzy3IQO8VLaxyguq9BUcFPKAou7ZgXgc7UXAS+FnrOrqSK7LyVBiKI8whXR2pgCWT2vMuAbdC5W7XExPuhzXj1fG6XmKeS5oeTYIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IYyHKLGiRJS3vT92teBr+O6+PAncD2OLJ/5nV+nKJDE=; b=kQkPwvK5+OLSz5kbgZePq9iMTD6iXZmATUUR1Qg/tP+p55Z86GIVBLzD6wYgfkn5GbPFwgEy9q7hYl7IU/71XBcnPhl2By5+k1hjCUO5qKpQERfUKweCtTi+ACY427OplE0OvKgXrY2II1nx+9sQAz2n+lu9FCcsTvMvEHT4XegKhRw8dTbxhFbrmFWAHuAXgPvQj/6ULQvr1nBKY6L3BJ96HiY6gRVqRxTbgOSEkFu3uROdwMyBBC0EY7qtO7f6awwKPpsI5kbk4UTt16u5yWM933QTfaxvkbsPCAs+AUtFQcNVbRR5xLlgv7S3OIyze1Aeu6G+DcDL6cZf8Ht/3w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IYyHKLGiRJS3vT92teBr+O6+PAncD2OLJ/5nV+nKJDE=; b=Ojfrv0eZCpsuU/0CI1GwzllS4Q47roWLeCxazMCFag7Z534OPgLjiQsHacgcDsqUx14vSiD5wTGbrSLtmP8RxrX7uTahjOjM0Mp9CDGr5Tq/FdQ2Cpkc2cPD1P/BGxmIUk2lX52bDzAUMP15DRfbZj3SRbvTrS/U240165vWs4g=
Received: from BN7PR11MB2641.namprd11.prod.outlook.com (2603:10b6:406:b1::25) by BN8PR11MB3649.namprd11.prod.outlook.com (2603:10b6:408:84::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17; Mon, 8 Mar 2021 14:43:12 +0000
Received: from BN7PR11MB2641.namprd11.prod.outlook.com ([fe80::4543:b45a:9f32:bde0]) by BN7PR11MB2641.namprd11.prod.outlook.com ([fe80::4543:b45a:9f32:bde0%7]) with mapi id 15.20.3890.038; Mon, 8 Mar 2021 14:43:12 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: TLS List <tls@ietf.org>
Thread-Topic: Comment on draft-sullivan-tls-opaque-00
Thread-Index: AdcUJ5xu+7O3VaJXROCL78d16m2Aqg==
Date: Mon, 08 Mar 2021 14:43:11 +0000
Message-ID: <BN7PR11MB264146CFAF3B91391522B70DC1939@BN7PR11MB2641.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.76]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f86a0a7d-cdea-4892-ac95-08d8e2407ffc
x-ms-traffictypediagnostic: BN8PR11MB3649:
x-microsoft-antispam-prvs: <BN8PR11MB3649155979C468D65A9D4A78C1939@BN8PR11MB3649.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3Ky7unyAKNI5MKvLttPouLUPrvUUteR1bUsRVPRBIfsASjNOKb4nw84SR3bh2r5wpCL0seswM3lotzSBIECi0NiQdU6pOPgb8eWy9y3W/WcvZujU93hyTuB10feE/XCW/6d2F/4IXtq0EtrMRQYZ4V2UlJ/kuQs8hI1zeEbrtAdpMMOIGT3HQEZaSB58KyHCVGhMyWp2H/ATF7/his4hp2Byx48SeqGxuS0X+zm70AZH731H0nsv++V3nG2OMDlc7hhGf6BXC1Yxtwlt+uVQiqv+Vz7Du+5vKVwpAgdze5gIKDFBL8EEcni9vQi1RRkqlqp8UjHhOGmvtGH4JRVQKuuaCs8bYrpq5QwoNpDWRsxw9nq+/G0Z25E+/VOtT1pnhdKEo5MdWa+2YJ/cYjNYgtHrcmvAqygJ85w9xGB51dYB6SxoNc/wDp8uhumiEg8V+R0ykR00zk/AfZ1lVc0E/YrkjB4vTuavp1JCZBGpB+Jt3cq8opTGHl0o7XhBHsG3Mr9frT5sYwr1fcqGBTFKqA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN7PR11MB2641.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(366004)(39860400002)(376002)(396003)(136003)(478600001)(6506007)(9686003)(26005)(186003)(76116006)(55016002)(52536014)(66556008)(64756008)(33656002)(316002)(66446008)(8676002)(6916009)(66946007)(66476007)(8936002)(7696005)(86362001)(71200400001)(2906002)(5660300002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: WQwv/bgJJVaX2i6/abYGtcxOFzwVG/W5j7z8Jbju3yeopHpLx1UgqsJ6mDsf5Ub/2Z9oPC9Gpmr+yigWyejvfrGNi6LHbqcA9lN9VQWv+dl1elifWk+dBQHYuRyWgE6lXO/waq1zDDSMb/pqoJUC/1Tx092jDcxfhr/MbSe324PtT1w5dZK1gP+cgZIL2hPWEBCih7Yd/kvljEC7W7g9taw00Asggd1NVVz3NGCrZvVZTrJkRjEk0Z4jU8LLfat+M/6TPoZxiaPXktbbIPLImnD7impyLWiidIEyc+O40UJ98sMOOPHPLV1Yrl9CVMEWGXMD+CFJXcHMSw0WQvNSR4ISg2JfoAv+YcRRS5DU/dcKZi+++SKFdjRZTKRNSYp/clxZiPbIATdyDBsjnxvXI7lJf8RtGD8C4tAL1yq7bZtqUrP6V0RyKePUgqSdSXiQUQKkBhVeFpJDsrMGfgP4l8RF3GsXKAmDev+GFM71FN//NEZ35ExDsieu2SYC3lU7Q9xXOlNHU64A41nTkd3udJx8Iblg0TSSW4S4YssZPPddQP4uXR2hQke5aPvk8hKVHvTU0Kkd6e14QLjtf4NDHncmAl7cqPPHJtqg4NbYcUvdkynyy93gOQH4rtZja38UVARFdfcoFuE5OTTsg114/SrdKadS1M5E+d2CyYVuzjviA74//mRe33lA5ZyIICRvCKb8YQHjU84cAH1V5ON00xpJH4VQqOhU9b2DqJdMzW3bYxKOFkxRT0PgUQ6cFlfwC8VQ/3MUlzu6lC4RwcwYFZZh3AOYhW1I7e7f+S9gP9UA5OT9vSY2aw0Zw6QJCSVpRTBqePl88BLmxsP9M8XH6p7NMOuaPbJ5NH29zS+hR7GfQxz8YuTOxzkUSWy9YjtElwsJyjyJurmaNJY+VtZzW2sQIWvxslFXog5nrZ4liGT4d1UYVyxm9wi29OCAEI6t3sbacq4bRDOik1KcHgY+WnuFIpy6eDslksN1vW9TTQY8S9bmvlgbqZ1TyH3AX2mzwIzrI4QwpHS1ylkfGTUiHaFzzWCZ0zYWMLik3LEs8eiQzoN+r2bsb2nCOiISCJhQSA+mK8ZMUIGBbo92WmH98Xcv3Khfzkm6pjdRp4YyFzV2Yg4b6UCmWipJYIjfWlduiwUQ2VGNfqq+JMgCAtgSJuQnfk5O5AGbLCLVHnBTEphvwAFKPV7/HpY2PCHciI+lPMcIcQbZugtnRDX978NSdxOml4xlG0wIRue2pxnLhF1KF79UaA5SeUXW/bprWu5NXJQvebcPOjoje+vyf/FdhL2Doz6DTLGg0SSQIGpSBwIBkpCUrEXQh8lkJJQa66Tv
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BN7PR11MB264146CFAF3B91391522B70DC1939BN7PR11MB2641namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN7PR11MB2641.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f86a0a7d-cdea-4892-ac95-08d8e2407ffc
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2021 14:43:12.5545 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: E7qAEyErMdPijbi8DiVK27Ie7g65svZ6WI3eh6ExXadRw1/GGgPmBOrHCWfq6KK+W1lIyu84RWdxS22wNJLPBQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3649
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.19, xbe-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/yCBYp10QuYPSu5zOoM3v84SAIZE>
Subject: [TLS] Comment on draft-sullivan-tls-opaque-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 14:43:25 -0000

I am glad that someone in the working group is looking at this.  However, as I reviewed this before the wg meeting, I was completely puzzled by this text (from section 6.1):

3DH

   C computes K = H(g^y ^ PrivU || PubU ^ x || PubS ^ PrivU || IdU || IdS )
   S computes K = H(g^x ^ PrivS || PubS ^ y || PubU ^ PrivS || IdU || IdS )

Obviously these needs to be the same for an honest client-server pair.  I can't see where the above variables are defined in the doc; I would assume that the meanings are:


  *   x, y are the private values from the ephemeral DH operation, and are randomly selected for each exchange.
  *   PrivU, PubU, PrivS, PubS are static values from the Opaque record.

However, if that's the case, I can't see how that could work; for one, g^y ^ PrivU and g^x ^ PrivS would be different values, and so differing values would be stirred into the Master Secret.  In addition, I can't see how PubU ^ x (where PubU and x would appear to be client specific) could be expected to be the same as PubS ^ y (as both those values would be server specific).

What am I missing?

v2.23.0 | Report a Bug | By Email