Re: [TLS] Removing the "hint" from the Session Ticket Lifetime hint
Subodh Iyengar <subodh@fb.com> Tue, 23 February 2016 18:47 UTC
Return-Path: <prvs=1861dc1685=subodh@fb.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 481D41A21BC for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 10:47:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.377
X-Spam-Level:
X-Spam-Status: No, score=-0.377 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tphG2rY8lJZV for <tls@ietfa.amsl.com>; Tue, 23 Feb 2016 10:47:51 -0800 (PST)
Received: from mx0b-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31F871A1BE9 for <tls@ietf.org>; Tue, 23 Feb 2016 10:47:51 -0800 (PST)
Received: from pps.filterd (m0001255.ppops.net [127.0.0.1]) by mx0b-00082601.pphosted.com (8.15.0.59/8.15.0.59) with SMTP id u1NIkvVJ001791; Tue, 23 Feb 2016 10:47:42 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=pULj0/fuBsuhYUaBHqLYhIprRMY60rOQdX1WF5YsJyY=; b=JVnalJbJ5hVqlo6W5ws/ADUJEwOhr8RZgg4GT28n8G4LMMegmjRM8+qirOlIb7iUmKyz 0PLMMDzxBDO/eHI6UPn6DNJf1Wi3JTJEcyCwXT4YZE+vbm8/cPFA63UihGIetF4wz3qb jfALgTgjEolqJM0FIN+Bzd+EitAb6aXnY6I=
Received: from mail.thefacebook.com ([199.201.64.23]) by mx0b-00082601.pphosted.com with ESMTP id 2189n8usea-2 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 23 Feb 2016 10:47:42 -0800
Received: from PRN-MBX01-4.TheFacebook.com ([169.254.3.151]) by PRN-CHUB07.TheFacebook.com ([fe80::d38:43fc:554e:146a%12]) with mapi id 14.03.0248.002; Tue, 23 Feb 2016 10:46:34 -0800
From: Subodh Iyengar <subodh@fb.com>
To: Benjamin Kaduk <bkaduk@akamai.com>, Nick Sullivan <nick@cloudflare.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Removing the "hint" from the Session Ticket Lifetime hint
Thread-Index: AQHRbmGau7ZdmtJqV0qE3JnbE5+PR586fYiA//96DoA=
Date: Tue, 23 Feb 2016 18:46:34 +0000
Message-ID: <974CF78E8475CD4CA398B1FCA21C8E99564E774A@PRN-MBX01-4.TheFacebook.com>
References: <CAFDDyk_dFOwv=GiQY7FdPqVcBR2ynN1fg0FzU8LeiYVDFPgArQ@mail.gmail.com>, <56CCA853.4070601@akamai.com>
In-Reply-To: <56CCA853.4070601@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.52.123]
Content-Type: multipart/alternative; boundary="_000_974CF78E8475CD4CA398B1FCA21C8E99564E774APRNMBX014TheFac_"
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-02-23_10:, , signatures=0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/zBXFRhnN45lMR57j6ttMJ5DKeCI>
Subject: Re: [TLS] Removing the "hint" from the Session Ticket Lifetime hint
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2016 18:47:53 -0000
One other proposal which is related is to make server config have relative time as well instead of absolute time. If we don't make this relative this expiration time might not be practically enforceable due to clock skew. This enforcement is relevant in situations where compromise of the ephemeral server config key is not the same as compromising the long term private key, for example in a SSL key offloading infrastructure. I do not think relative time introduces any new threats because the server still needs to prove possession of the private key to make new clients accept a server config. Thus a compromise of a server config key should only affect the initial data of clients who have cached a config modulo relative expiration time. Subodh Iyengar ________________________________ From: TLS [tls-bounces@ietf.org] on behalf of Benjamin Kaduk [bkaduk@akamai.com] Sent: Tuesday, February 23, 2016 10:43 AM To: Nick Sullivan; tls@ietf.org Subject: Re: [TLS] Removing the "hint" from the Session Ticket Lifetime hint On 02/23/2016 11:42 AM, Nick Sullivan wrote: My proposed change is to change the session ticket lifetime hint to a strict lifetime along the lines of the ServerConfiguration: But leave it as a relative time, contrasting the absolute expiration time of the server configuration -- why not go for full-out parallelism? -Ben ticket_lifetime Indicates the lifetime in seconds as a 32-bit unsigned integer in network byte order from the time of ticket issuance. Servers MUST NOT use any value more than 604800 seconds (7 days). The value of zero indicates that the ticket should be discarded immediately. Clients MUST NOT cache session tickets for longer than 7 days, regardless of the ticket_lifetime. It MAY delete the ticket earlier based on local policy. A server MAY treat a ticket as valid for a shorter period of time than what is stated in the ticket_lifetime. The full change is on Github as a pull request: https://github.com/tlswg/tls13-spec/pull/424<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_tlswg_tls13-2Dspec_pull_424&d=CwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=S4CFPnNBaB7swATOHOzQkIlnUwgvBaVelRwg-VJzz-g&s=IsvSLMYBUZf_IWLI_bWWg7vpIQk-qSFCzIvsMw7in_I&e=>
- [TLS] Removing the "hint" from the Session Ticket… Nick Sullivan
- Re: [TLS] Removing the "hint" from the Session Ti… Benjamin Kaduk
- Re: [TLS] Removing the "hint" from the Session Ti… Subodh Iyengar
- Re: [TLS] Removing the "hint" from the Session Ti… Martin Thomson
- Re: [TLS] Removing the "hint" from the Session Ti… Russ Housley
- Re: [TLS] Removing the "hint" from the Session Ti… Salz, Rich
- Re: [TLS] Removing the "hint" from the Session Ti… Martin Rex
- Re: [TLS] Removing the "hint" from the Session Ti… Salz, Rich
- Re: [TLS] Removing the "hint" from the Session Ti… Viktor Dukhovni
- Re: [TLS] Removing the "hint" from the Session Ti… Subodh Iyengar