On Τετάρτη, 11 Μαρτίου 2020 9:10:56 Π.Μ. CET Lukas Tribus wrote: > Hello, > > On Wed, 11 Mar 2020 at 08:32, Илья Шипицин <[email protected]> wrote: > >> On 09.03.20 20:37, Lukas Tribus wrote: > >> >> I think the wording from the patch is still quite relaxed :). One of > >> >> the best > >> >> summaries describing the session ticket flaws, which I recommend is > >> >> this: > >> >> https://blog.filippo.io/we-need-to-talk-about-session-tickets/ > >> > Nothing about this is a MITM attack. The point in the article is that > >> > when the ticket-key is compromised, captured traffic can be passively > >> > decrypted (which is what broken PFS means, as explained by the Apache > >> > docs). > >> > >> take also this article, which clearly states that session tickets are > >> vulnerable to replay attacks (which are a kind of MITM): > >> https://eprint.iacr.org/2019/228.pdf > > > > > > > > major players of a big picture are 0RTT and session tickets. > > indeed, if you wish to fight replay attack, you cannot use 0RTT (also, you > > are supposed to maintain keys rotation). > > > > as for keys rotation, for unfamiliar people it is not clear why haproxy > > itself does not provide such rotation. > > at least, it should be better documented. > > Sure. But we are not gonna use the documentation to spread wrong > information and FUD, based on partial, incorrect and out of context > quotes. > > We already explain the forward secrecy issue with TLS ticket > resumption, just as we explain replay-attacks for TLSv1.3 0RTT. If > anyone thinks this still needs improvement, feel free to send RFC > patches based on FACTUAL information. > > But let's stop making up things and then go on a fishing expeditions > to justify it. > > > As for automatic key rotation features, I'm not aware of anyone doing > this by default, expect some niche projects (Caddy I believe does > this). Not nginx, not Apache. These are features that someone has to > actually develop. > > > > -lukas >
+1 from me who had deployed TLS tickets across multiple HAProxy servers. The people who experiment with these advantaged features know very well the pros and cons. My 2 cents, Pavlos
