Re: [TLS] Rethink TLS 1.3

Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 28 November 2014 08:45 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ED041A1AC6 for <tls@ietfa.amsl.com>; Fri, 28 Nov 2014 00:45:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.51
X-Spam-Level:
X-Spam-Status: No, score=-1.51 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KIbX1wblRaMg for <tls@ietfa.amsl.com>; Fri, 28 Nov 2014 00:45:05 -0800 (PST)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B90941A1ABB for <tls@ietf.org>; Fri, 28 Nov 2014 00:45:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1417164305; x=1448700305; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=uju8MCtFb25UamDLbAze8ESxMpvP3rGBjp2uwjLYoq8=; b=pv3pGXRnvU6H7t7REU1ATvzPcMiM+a7Zk2FPeiYebRorx/j/liV480Jg a7og+QwvV4wF4VRxkFDdabI+axgP9dcacoTqumcKzf+xJKNtpPjgRMSqm YrRtV8PKZk39SGn8Fn9++Q1JN4Gmfi6O3YFZBJlbUtj+T+l51LXPLsmek A=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="293657030"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 28 Nov 2014 21:45:01 +1300
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.139]) by uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id 14.03.0174.001; Fri, 28 Nov 2014 21:45:01 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Rethink TLS 1.3
Thread-Index: AdAK55gq4jkCFYQCTFqXPvK/jKPC5w==
Date: Fri, 28 Nov 2014 08:45:00 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C739B9F68FC@uxcn10-tdc05.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/zyFYw8a5UuKl2BlxKF0SbiH2Q1A
Subject: Re: [TLS] Rethink TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2014 08:45:10 -0000

Nico Williams <nico@cryptonector.com>; writes:
>On Tue, Nov 25, 2014 at 6:28 PM, Peter Gutmann
><pgut001@cs.auckland.ac.nz>; wrote:
>> Exactly.  The Internet Threat Model is frequently referred to, but I have no
>> idea what it actually is.  AFAIK it's either:
>>
>>   "I'm OK, you're OK, and the network is the problem".
>>
>> a quaint relic from the 1980s that hasn't been relevant for 15-20 years
>
>Yes, it's quaint.  It's also as best we can do, unless...

If that's the best we can do then it's better to have no threat model at all
than something that misleading, because all it's doing is giving a false sense
of security.  It doesn't even begin to capture semantics like:

  Alice will perform arbitrary scripted operations at the request of Mallory,
  directed against herself and/or Bob.

a standard feature of every web browser out there.  As a model against which
to measure the security of an application or implementation, it's only
slightly less useless than nothing at all.

Peter.