Re: [TLS] 0-RTT and Anti-Replay
Martin Thomson <martin.thomson@gmail.com> Mon, 23 March 2015 14:42 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBC801A8AE4 for <tls@ietfa.amsl.com>; Mon, 23 Mar 2015 07:42:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4vXDJHeFkUKW for <tls@ietfa.amsl.com>; Mon, 23 Mar 2015 07:42:51 -0700 (PDT)
Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com [IPv6:2607:f8b0:4003:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E3AA1A8ADC for <tls@ietf.org>; Mon, 23 Mar 2015 07:42:51 -0700 (PDT)
Received: by oigv203 with SMTP id v203so142179047oig.3 for <tls@ietf.org>; Mon, 23 Mar 2015 07:42:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=5X9WDvLcszd6LQO27O916N2EyA54pI8rQrxrOJPiCUA=; b=MykUSKw1i2SJQFtO3q9QmZFNI42ynuXURxbnP9IqRc/0QhxUGcplJuMAd1a91BrBNB sEvT3dDHCj9J2txQYpr9HcBWhTxb1TO31TxuUiwKcAHGr5QZK0qMVD72otzOLZ5u+6Co IcFCG9RJwc3zNHGIM8lsyYOrEz8boL0+N/lrBpEA7sOA6uzmY94Vbq35vkP8ivRk0fxk K0TRLE7oZR56dz5bqmmzHoheykIolPuCtWfsX62SLclzdSgMLVtT7R0y9MUSTFXeph3s Wx8xNceuZJaZFuboZ2BAF7o/dv3/RMLBnUyOiaVCb5aDsRxu1XUAQuU+TH7k4duY2eoG LbOA==
MIME-Version: 1.0
X-Received: by 10.182.39.195 with SMTP id r3mr34606862obk.44.1427121770639; Mon, 23 Mar 2015 07:42:50 -0700 (PDT)
Received: by 10.202.48.151 with HTTP; Mon, 23 Mar 2015 07:42:50 -0700 (PDT)
In-Reply-To: <CAAF6GDcwxoVu1CyAQijOw6kbXU=hBxNAnwF9z+fQ02N29rf5bw@mail.gmail.com>
References: <CABcZeBP9LaGhDVETsJeecnAtSPUj=Kv37rb_2esDi3YaGk9b4w@mail.gmail.com> <CAAF6GDfuuWBaF1OZXn7hWVzJe_rqzsMqSy8N5ds_07qJk=yVEA@mail.gmail.com> <CABkgnnV8UekO9KMTu_BezbYD6NeayrwrnuyuSWjmYNEzvU56qQ@mail.gmail.com> <CAAF6GDcwxoVu1CyAQijOw6kbXU=hBxNAnwF9z+fQ02N29rf5bw@mail.gmail.com>
Date: Mon, 23 Mar 2015 07:42:50 -0700
Message-ID: <CABkgnnXP3VwjQ7D3xUiN8CEbEN_4rZB0EQrXLf834GEO9x353A@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Colm MacCárthaigh <colm@allcosts.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/zkd-aXYYQG83t6xEYmtLNeoQ7JE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] 0-RTT and Anti-Replay
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2015 14:42:52 -0000
On 23 March 2015 at 07:26, Colm MacCárthaigh <colm@allcosts.net> wrote: > I haven't been able to get my head around this. Doesn't that mean that > an attacker can disable 0RTT for third parties at will? To the extent that they can create connections that use 0RTT, yes. And yes, narrowing the window means that clients need clocks that are increasingly better synchronized to that of the server if they are to succeed under these sorts of conditions.
- [TLS] 0-RTT and Anti-Replay Eric Rescorla
- Re: [TLS] 0-RTT and Anti-Replay Mohamad Badra
- Re: [TLS] 0-RTT and Anti-Replay Eric Rescorla
- Re: [TLS] 0-RTT and Anti-Replay Stephen Checkoway
- Re: [TLS] 0-RTT and Anti-Replay Daniel Kahn Gillmor
- Re: [TLS] 0-RTT and Anti-Replay Andrey Jivsov
- Re: [TLS] 0-RTT and Anti-Replay Eric Rescorla
- Re: [TLS] 0-RTT and Anti-Replay Martin Thomson
- Re: [TLS] 0-RTT and Anti-Replay Andrey Jivsov
- Re: [TLS] 0-RTT and Anti-Replay Colm MacCárthaigh
- Re: [TLS] 0-RTT and Anti-Replay Colm MacCárthaigh
- Re: [TLS] 0-RTT and Anti-Replay Nico Williams
- Re: [TLS] 0-RTT and Anti-Replay Ilari Liusvaara
- Re: [TLS] 0-RTT and Anti-Replay Nico Williams
- Re: [TLS] 0-RTT and Anti-Replay Nico Williams
- Re: [TLS] 0-RTT and Anti-Replay Martin Thomson
- Re: [TLS] 0-RTT and Anti-Replay Eric Rescorla
- Re: [TLS] 0-RTT and Anti-Replay Roland Zink
- Re: [TLS] 0-RTT and Anti-Replay Martin Thomson
- Re: [TLS] 0-RTT and Anti-Replay Colm MacCárthaigh
- Re: [TLS] 0-RTT and Anti-Replay Viktor Dukhovni
- Re: [TLS] 0-RTT and Anti-Replay Martin Thomson
- Re: [TLS] 0-RTT and Anti-Replay Brian Sniffen
- Re: [TLS] 0-RTT and Anti-Replay Salz, Rich
- Re: [TLS] 0-RTT and Anti-Replay Roland Zink
- Re: [TLS] 0-RTT and Anti-Replay Martin Thomson
- Re: [TLS] 0-RTT and Anti-Replay Martin Thomson
- Re: [TLS] 0-RTT and Anti-Replay Viktor Dukhovni
- Re: [TLS] 0-RTT and Anti-Replay Roland Zink
- Re: [TLS] 0-RTT and Anti-Replay Viktor Dukhovni
- Re: [TLS] 0-RTT and Anti-Replay Roland Zink
- Re: [TLS] 0-RTT and Anti-Replay Colm MacCárthaigh
- Re: [TLS] 0-RTT and Anti-Replay Ilari Liusvaara
- Re: [TLS] 0-RTT and Anti-Replay Viktor Dukhovni
- Re: [TLS] 0-RTT and Anti-Replay Ilari Liusvaara
- Re: [TLS] 0-RTT and Anti-Replay Nico Williams
- Re: [TLS] 0-RTT and Anti-Replay Viktor Dukhovni
- Re: [TLS] 0-RTT and Anti-Replay Nico Williams
- Re: [TLS] 0-RTT and Anti-Replay Nico Williams
- Re: [TLS] 0-RTT and Anti-Replay Eric Rescorla
- Re: [TLS] 0-RTT and Anti-Replay Nico Williams
- Re: [TLS] 0-RTT and Anti-Replay Patrick McManus
- Re: [TLS] 0-RTT and Anti-Replay Dave Garrett
- Re: [TLS] 0-RTT and Anti-Replay Martin Thomson
- Re: [TLS] 0-RTT and Anti-Replay Eric Rescorla
- Re: [TLS] 0-RTT and Anti-Replay Eric Rescorla
- Re: [TLS] 0-RTT and Anti-Replay Nico Williams
- Re: [TLS] 0-RTT and Anti-Replay Ilari Liusvaara
- Re: [TLS] 0-RTT and Anti-Replay Watson Ladd
- Re: [TLS] 0-RTT and Anti-Replay Ilari Liusvaara
- [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Ilari Liusvaara
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Martin Thomson
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Ilari Liusvaara
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Martin Thomson
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Ilari Liusvaara
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Martin Thomson
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Ilari Liusvaara
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Martin Thomson
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Daniel Kahn Gillmor
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Ilari Liusvaara
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Ilari Liusvaara
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Martin Thomson
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Nico Williams
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Ilari Liusvaara
- Re: [TLS] 0-RTT (Was: Re: 0-RTT and Anti-Replay) Ilari Liusvaara