Re: [TLS] More clarity on resumption and session hash

Karthikeyan Bhargavan <karthikeyan.bhargavan@inria.fr> Tue, 26 May 2015 06:17 UTC

Return-Path: <karthikeyan.bhargavan@inria.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DFF21A8912 for <tls@ietfa.amsl.com>; Mon, 25 May 2015 23:17:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.56
X-Spam-Level:
X-Spam-Status: No, score=-6.56 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vf_wurpSrHiR for <tls@ietfa.amsl.com>; Mon, 25 May 2015 23:17:19 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A5F11A88E1 for <tls@ietf.org>; Mon, 25 May 2015 23:17:18 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.13,496,1427752800"; d="asc'?scan'208";a="127769763"
Received: from 14.92.69.86.rev.sfr.net (HELO [192.168.1.44]) ([86.69.92.14]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/AES128-SHA; 26 May 2015 08:17:16 +0200
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_28C16D35-3565-4FBA-A3AF-63C3A174AD05"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail 2.5b6
From: Karthikeyan Bhargavan <karthikeyan.bhargavan@inria.fr>
In-Reply-To: <CABkgnnVYu-YVQ9WkV_pi8R94dAmXSC9FrJ37iFRV=E4OxJyHTg@mail.gmail.com>
Date: Tue, 26 May 2015 08:17:15 +0200
Message-Id: <065E8B97-8EA0-4C6B-84B4-955648C329BE@inria.fr>
References: <CABcZeBM9UGZoifzDZZ3METMJJHa1ueX9CdHiccYTDW5UVC3RrA@mail.gmail.com> <CABkgnnVYu-YVQ9WkV_pi8R94dAmXSC9FrJ37iFRV=E4OxJyHTg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ysZpozQPVfkMtpXvb0HazW5xS4s>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] More clarity on resumption and session hash
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2015 06:17:21 -0000

The feedback we’ve been getting on the draft has been to try and preserve interoperability
with legacy clients and servers (even more than the current draft.)
Considering this goal, aborting seems harsh.

Best,
Karthik

On 26 May 2015, at 07:03, Martin Thomson <martin.thomson@gmail.com> wrote:

> On 25 May 2015 at 10:35, Eric Rescorla <ekr@rtfm.com> wrote:
>> The two main options appear to be:
>> 
>>    1. Fall back to a full handshake.
>>    2. Abort the connection
>> 
>> The argument for the first appears to be interop. The argument for the
>> second appears to be that it's likely there is an error or a mid-flight
>> reconfiguration on the client (which seems not good). My mild preference
>> is for abort but I think it's important in any case that the draft be
>> clear.
> 
> 
> I'd prefer the second two.  That is, unless someone can come up with a
> legitimate scenario where the former is needed.
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls