IETF Logo Mail Archive

Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?

"Salz, Rich" <rsalz@akamai.com> Wed, 02 December 2015 15:46 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A83261A6FFA for <tls@ietfa.amsl.com>; Wed, 2 Dec 2015 07:46:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e3LYkaof-FWY for <tls@ietfa.amsl.com>; Wed, 2 Dec 2015 07:46:07 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [23.79.238.175]) by ietfa.amsl.com (Postfix) with ESMTP id 4299A1A92B8 for <tls@ietf.org>; Wed, 2 Dec 2015 07:46:04 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id B5DDE433486; Wed, 2 Dec 2015 15:46:02 +0000 (GMT)
Received: from prod-mail-relay11.akamai.com (prod-mail-relay11.akamai.com [172.27.118.250]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id A02AC433457; Wed, 2 Dec 2015 15:46:02 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1449071162; bh=NeYXhcOsU4I+8NMCHjJCqFvzCtogvQv790w0yhmnTwE=; l=330; h=From:To:CC:Date:References:In-Reply-To:From; b=yvoOvKu2uDmA5l9M0XFTuN8SIXcqeyLfIQnD34V3920hsz5Sf0UkQTNtr3/E7dQ0Q J8oj87pfBrvBAFTLlvT8X+KJiOSdXWzN6scuo2zS3KdNG3RllAD62nfXoztfQG5E7q +6a+77oV/8bULgjzdVUrZZWNy5KmpUWYC87I/Wlo=
Received: from email.msg.corp.akamai.com (usma1ex-cas1.msg.corp.akamai.com [172.27.123.30]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id 9D1B1205C; Wed, 2 Dec 2015 15:46:02 +0000 (GMT)
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Wed, 2 Dec 2015 07:46:02 -0800
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1076.000; Wed, 2 Dec 2015 10:46:02 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Jacob Appelbaum <jacob@appelbaum.net>, Eric Rescorla <ekr@rtfm.com>
Thread-Topic: [TLS] Encrypting record headers: practical for TLS 1.3 after all?
Thread-Index: AQHRKc4vwBJv/xDF6kerxoHYn7vyUZ6zDYQAgAEO5oCAAH2vgIAAG3yAgADwwYCAAAtCAIAAf4CAgAG7GgCAAAXqAIAAEJQAgAAK8QCAAAmZgIAAGKEA//+tXmA=
Date: Wed, 02 Dec 2015 15:46:01 +0000
Message-ID: <861d2065dc7a4fb9a2dec2c5dda3c8aa@usma1ex-dag1mb1.msg.corp.akamai.com>
References: <56586A2F.1070703@gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B8DA2A@uxcn10-5.UoA.auckland.ac.nz> <565AC278.2010904@gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B92E74@uxcn10-5.UoA.auckland.ac.nz> <565C0F25.7000507@gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B9331B@uxcn10-5.UoA.auckland.ac.nz> <20151201005609.GD18315@mournblade.imrryr.org> <CAFggDF03fzyAw95Ka8NHtBGEcebAe3RCt5pRd3r8_nhBbR7oNw@mail.gmail.com> <3B906BDF-CA30-4EDF-ADA9-ABFC2A25014D@gmail.com> <CAFggDF2sWLr-2yXPDrznymO_E1Zx_UCm1zn92J8O84WZh2gMrA@mail.gmail.com> <A4341585-0020-4F8B-84CC-BBC0EE7F57CB@gmail.com> <CAFggDF2Mvmqc7RifSYf7Q=tJdK7oWipUQjwK=GmhgB-rvZCqdA@mail.gmail.com> <FC4B4A5A-3D42-411B-AFF9-2381DE61E63E@gmail.com> <CABcZeBPSygpOZpkj2a+UM1CL+VY3ygg4jP1Aoy9owo1+QS7=1Q@mail.gmail.com> <CAFggDF3W7gznbhuv+N+am=_uR7VkrBf5qZn=hTTUyLXgzhDUFA@mail.gmail.com>
In-Reply-To: <CAFggDF3W7gznbhuv+N+am=_uR7VkrBf5qZn=hTTUyLXgzhDUFA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.38.164]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/yCUmDnpuxNjc8fp2BKkEvuviYcc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 15:46:10 -0000

>Again, I'm surprised that no one is attacking the crypto design that Bryan offered...

They are.  Security is about trade-offs, and the questions have been if the benefit is worth the complexity.  People are assuming that it works.

v2.14.0 | Report a Bug | By Email