Re: [TLS] Unifying tickets and sessions

Richard Fussenegger <richard@fussenegger.info> Thu, 23 October 2014 22:52 UTC

Message-ID: <544986A3.6010801@fussenegger.info>
Date: Fri, 24 Oct 2014 00:52:19 +0200
From: Richard Fussenegger <richard@fussenegger.info>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: tls@ietf.org
References: <2A0EFB9C05D0164E98F19BB0AF3708C71D3A8C48AF@USMBX1.msg.corp.akamai.com> <CAK3OfOj9bZcSDdWhHGeGT0STg6XBkYaExW+rQFN-FFE4oaPLrw@mail.gmail.com> <54483C33.4000702@polarssl.org> <11886639.VyNDkQ3oKj@pintsize.usersys.redhat.com> <54493904.7010807@fussenegger.info> <20141023174537.GW19158@mournblade.imrryr.org> <5449463D.7080904@fussenegger.info> <20141023183637.GX19158@mournblade.imrryr.org> <54494F20.7060002@fussenegger.info> <20141023200702.GZ19158@mournblade.imrryr.org>
In-Reply-To: <20141023200702.GZ19158@mournblade.imrryr.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms040700050005050509010106"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/yrWuWoMek-uiJRGcf5UAwyFCvPs
Subject: Re: [TLS] Unifying tickets and sessions
Precedence: list

On 10/23/2014 10:07 PM, Viktor Dukhovni wrote:
> On Thu, Oct 23, 2014 at 08:55:28PM +0200, Richard Fussenegger wrote:
>> I didn't implement it but nginx requires 48 B otherwise it's not working and
>> that's definitely more than only key and mac. Maybe the complete thing is
>> broken in nginx then? [1]
>
> The reason nginx has 48 bytes is that it stores a 16 byte name,
> followed by a 16-byte (AES-128) key and a 16-byte HMAC secret.

Oh silly me, I could have found that myself: 
https://github.com/nginx/nginx/blob/master/src/event/ngx_event_openssl.h#L99-L107

> Postfix uses 16 + 32 + 32 = 80, because the key is for AES-256 and
> the HMAC key for SHA2-256 is also chosen to be 256 bits.
>
> The nginx implementation can be "strengthened" from AES-128 to
> AES-256 just in case someone wants to burn a few million years of
> a 4GW power plant to brute force a session ticket on a classical
> computer, or future quantum computers can search a 2^128 key space
> in 2^64 time.

But then nginx needs additional code, as you wrote earlier. It would be 
better (and that's also what the nginx devs want) if the library takes 
care of all that. Right now nginx has not a single line of code for 
session tickets (beside that function for external key sets). Well, we 
can only hope that you might take care of that and commit some OpenSSL 
code. ;-)

Richard

Attachment: smime.p7s

[TLS] Unifying tickets and sessions Salz, Rich
Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
Re: [TLS] Unifying tickets and sessions Brian Smith
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Martin Thomson
Re: [TLS] Unifying tickets and sessions Brian Smith
Re: [TLS] Unifying tickets and sessions Salz, Rich
Re: [TLS] Unifying tickets and sessions Salz, Rich
Re: [TLS] Unifying tickets and sessions Richard Fussenegger, BSc
Re: [TLS] Unifying tickets and sessions Martin Thomson
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions David Leon Gil
Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
Re: [TLS] Unifying tickets and sessions Hubert Kario
Re: [TLS] Unifying tickets and sessions David Leon Gil
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Ryan Carboni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Nico Williams
Re: [TLS] Unifying tickets and sessions Ryan Carboni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Nico Williams
Re: [TLS] Unifying tickets and sessions Nico Williams
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Salz, Rich
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
Re: [TLS] Unifying tickets and sessions Martin Thomson
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Aaron Zauner
Re: [TLS] Unifying tickets and sessions Hubert Kario
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Manuel Pégourié-Gonnard
Re: [TLS] Unifying tickets and sessions Hubert Kario
Re: [TLS] Unifying tickets and sessions Aaron Zauner
Re: [TLS] Unifying tickets and sessions Douglas Stebila
Re: [TLS] Unifying tickets and sessions Blumenthal, Uri - 0558 - MITLL
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Nico Williams
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Stephen Checkoway
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Viktor Dukhovni
Re: [TLS] Unifying tickets and sessions Richard Fussenegger
Re: [TLS] Unifying tickets and sessions Hubert Kario
Re: [TLS] Unifying tickets and sessions Joseph Salowey
Re: [TLS] Unifying tickets and sessions Hubert Kario
Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
Re: [TLS] Unifying tickets and sessions Nico Williams
Re: [TLS] Unifying tickets and sessions Daniel Kahn Gillmor
Re: [TLS] Unifying tickets and sessions David Leon Gil

Re: [TLS] Unifying tickets and sessions

Attachment: smime.p7s