Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt
Michael D'Errico <mike-list@pobox.com> Fri, 04 May 2012 18:49 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2BA621F8575 for <tls@ietfa.amsl.com>; Fri, 4 May 2012 11:49:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bSC1qcHJuZ9F for <tls@ietfa.amsl.com>; Fri, 4 May 2012 11:49:20 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-sd.pobox.com [74.115.168.62]) by ietfa.amsl.com (Postfix) with ESMTP id 05FD621F856F for <tls@ietf.org>; Fri, 4 May 2012 11:49:19 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 163E496D3; Fri, 4 May 2012 14:49:18 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=+OdH86yA0aJv PGp6+8gY4/+fEvU=; b=duLbIcB2DhfNXioHWVSGn56w9VGkfC35y1TfYQVt6LQY l0D9w7ruKO1oS7Qsy59w1vmKTSQBRx0ekfGTOH4oQAMPB6MbTJTfDRLeA39cJj9l ehSsjTxnMzsMcrLuFDXZJVJGBHApf3l3S9LCjLY5826HTWHMMBQ7sl/RtV7aYY8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=w8cloq xAWSaTfCg9shMp+mQoBCJNqE2p6bQninIudVRrflliRMWQhHfkunTybSwPhggp/g sySVYTW4Moz379TuyTnIxCyCdW1OWtRB2Hk8EWtYE1jETblGCSqFbBNwZ8KoQsAB Lzu0hFdDYNfhLwRZsBmkWcPOGw3XaNtv3ueV0=
Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 0E5AC96D2; Fri, 4 May 2012 14:49:18 -0400 (EDT)
Received: from iMac.local (unknown [68.104.126.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id 4845296D1; Fri, 4 May 2012 14:49:17 -0400 (EDT)
Message-ID: <4FA424A3.2010409@pobox.com>
Date: Fri, 04 May 2012 11:49:07 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: Marsh Ray <marsh@extendedsubset.com>
References: <4FA401F7.5060003@extendedsubset.com>
In-Reply-To: <4FA401F7.5060003@extendedsubset.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: DA130642-9619-11E1-8C7B-8BEB728A0A4D-38729857!a-pb-sasl-sd.pobox.com
Cc: tls@ietf.org
Subject: Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2012 18:49:21 -0000
Was it intentional to leave out the ChangeCipherSpecs that immediately precede Finished? I think they still need to be there. Mike Marsh Ray wrote: > > I would appreciate it if the participants of the TLS WG will give this > draft a reading and serious consideration to taking it up as a work item: > > ------------------------------ > http://datatracker.ietf.org/doc/draft-ray-tls-encrypted-handshake/ > > A new version of I-D, draft-ray-tls-encrypted-handshake-00.txt has been > successfully submitted by Marsh Ray and posted to the IETF repository. > > Filename: draft-ray-tls-encrypted-handshake > Revision: 00 > Title: Transport Layer Security (TLS) Encrypted Handshake > Creation date: 2012-05-04 > WG ID: Individual Submission > Number of pages: 18 > Abstract: > This specification defines a Transport Layer Security (TLS) extension > which allows endpoints to negotiate the use of encryption with > forward secrecy at the beginning of the handshake. Two levels of > functionality are defined. Implementations are free to support one > or both levels, with the first level incurring no additional > computational or round-trip overhead. The TLS cryptographic > calculations are unchanged. > ------------------------------ > > This draft is motivated by the discussions in recent weeks, when some > related issues came up in a similar context: > > * AGL et al. have some particular requirements for the handshake when > using the NP(N)/SPDY feature. They really need confidentiality in > negotiating the next protocol but they cannot afford the overhead of > even one extra round trip (let alone renegotiation). I would like for > them to be able to implement NP(N) in an RFC-defined way. > > * When coupled with the RFC 4680 'TLS Handshake Message for Supplemental > Data' that Martin Rex pointed out, it provides a powerful and very > general way of negotiating features under encryption. It could possible > enable new features. > > * Alternatively, we could view this as a round-trip-saving optimization > for certain handshake operations that really do need encryption. > > * It allows to encrypt the client certificate without renegotiation, > magic cipher suite values, or a bunch of new protocol that isn't useful > for anything else. > > * I watched a fascinating presentation from the Tor project > https://www.youtube.com/watch?v=GwMr8Xl7JMQ > Unfortunately, they are having to minimize their dependence on TLS > because it's so easy to DoS selectively. I don't know if this proposal > will make TLS suitable for Tor again, but I do think it represents a > shortcoming of the protocol which deserves fixing. > > * There's simply no reason TLS needs to leak so much plaintext. > > * I believe it may help a little with the issue Nikos Mavrogiannopoulos > and I were discussing, where an attacker is able to trick the client > into interpreting the server's signed key exchange parameters as the > wrong type of structure. > > * To the implementers in the group: don't be fooled, it's not as big a > change as it looks! I just tried to be extra careful to describe it > step-by-step in the spec. Did I mention it doesn't change the crypto > calculations? > > Thanks, > > - Marsh
- [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Adam Langley
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Michael D'Errico
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Michael D'Errico
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Paul Hoffman
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Michael D'Errico
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Paul Hoffman
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Michael D'Errico
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Paul Hoffman
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Mohamad Badra
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Paul Hoffman
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Mohamad Badra
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Mohamad Badra
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Stephen Farrell
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Paul Hoffman
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- [TLS] draft-ray-tls-encrypted-handshake-00.txt Peter Sylvester
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Peter Sylvester
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Yoav Nir
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Martin Rex
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Peter Saint-Andre
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Peter Sylvester
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Tom Ritter
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Adam Langley
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nico Williams
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Eric Rescorla
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Nikos Mavrogiannopoulos
- Re: [TLS] draft-ray-tls-encrypted-handshake-00.txt Marsh Ray