[TLS] TLS 1.3 and max_fragment_length

2017-03-13 Thread Martin Thomson 
When we added padding to TLS 1.3, we created an ambiguity with the
max_fragment_length extension.

Does the limit apply to len(TLSInnerPlaintext) or does it apply to
len(TLSInnerPlaintext.content) (i.e., TLSPlaintext.length)?  That is,
does is include the padding and content type, or not?

Including the padding would recognize the limitations apply to
handling large blobs of encrypted data (see earlier email from Thomas
Pornin).  That would be my preference.  I think that we need to say
that though.  I guess the second-order question is whether to roll
RFC6066-bis or patch these things in TLS 1.3 directly.

(BTW, RFC 6066 is quite poor.  It's not very precise in identifying
what it is talking about, it also describes a negotiation design
unlike anything else in TLS, one that can't be extended ever.)

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Interest in draft-sullivan-tls-exported-authentication

2017-03-13 Thread Brian Sniffen 
Can you help me understand what this means?

  servers that are authoritative for multiple domains the same
  connection but do not have a certificate that is simultaneously
  authoritative for all of them

I'm sure there's a word or two missing between "domains" and "the" in
the first line, but I'm not sure what they are.


More generally, it's great to see a replacement for renegotiation.  Can
you expand (maybe just here?) on the last paragraph of the security
considerations?  I think you mean that the sender of an authenticator
can't tell when it was received & understood.  But I'm not sure the
receiver can tell when it was sent---say, in the case of a smartcard
insertion, or access to a key from satisfying some local attestation
scheme, whether that key access precedes or follows the sending of a
request.

-Brian

Nick Sullivan  writes:

> All,
>
> I have updated the draft in preparation for the IETF 98:
> https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-01
>
> The details of the protocol haven't changed, but I've included some
> security considerations after speaking with Karthikeyan Bhargavan and
> others about the cryptographic soundness of the construction.
>
> Nick
>
> On Tue, Jan 3, 2017 at 8:59 PM Joseph Salowey  wrote:
>
>> There seemed to be support for draft-sullivan-tls-exported-authentication
>> (https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00)
>> in Seoul.   Since there has not been much discussion of this draft on the
>> list we are giving the working group a chance to review the draft before
>> calling for adoption later this month.
>>
>> Cheers,
>>
>> J
>> ___
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

-- 
Brian Sniffen
Akamai Technologies

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] Interest in draft-sullivan-tls-exported-authentication

2017-03-13 Thread Nick Sullivan 
All,

I have updated the draft in preparation for the IETF 98:
https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-01

The details of the protocol haven't changed, but I've included some
security considerations after speaking with Karthikeyan Bhargavan and
others about the cryptographic soundness of the construction.

Nick

On Tue, Jan 3, 2017 at 8:59 PM Joseph Salowey  wrote:

> There seemed to be support for draft-sullivan-tls-exported-authentication
> (https://tools.ietf.org/html/draft-sullivan-tls-exported-authenticator-00)
> in Seoul.   Since there has not been much discussion of this draft on the
> list we are giving the working group a chance to review the draft before
> calling for adoption later this month.
>
> Cheers,
>
> J
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] Updated DTLS draft

2017-03-13 Thread Eric Rescorla 
I have just posted a new version of the DTLS 1.3 draft, updated for
draft-19.
It's still very rough with a lot of open issues (some of which are even
noted
in the draft), and no doubt contains egregious errors.

https://tools.ietf.org/html/draft-rescorla-tls-dtls13-01

As usual, comments welcome.

-Ekr
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] I-D Action: draft-ietf-tls-rfc4492bis-15.txt

2017-03-13 Thread internet-drafts 

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security of the IETF.

Title   : Elliptic Curve Cryptography (ECC) Cipher Suites for 
Transport Layer Security (TLS) Versions 1.2 and Earlier
Authors : Yoav Nir
  Simon Josefsson
  Manuel Pegourie-Gonnard
Filename: draft-ietf-tls-rfc4492bis-15.txt
Pages   : 33
Date: 2017-03-13

Abstract:
   This document describes key exchange algorithms based on Elliptic
   Curve Cryptography (ECC) for the Transport Layer Security (TLS)
   protocol.  In particular, it specifies the use of Ephemeral Elliptic
   Curve Diffie-Hellman (ECDHE) key agreement in a TLS handshake and the
   use of Elliptic Curve Digital Signature Algorithm (ECDSA) and Edwards
   Digital Signature Algorithm (EdDSA) as authentication mechanisms.

   This document obsoletes and replaces RFC 4492.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-tls-rfc4492bis/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis-15

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-rfc4492bis-15


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] WGLC: draft-ietf-tls-tls13-19

2017-03-13 Thread Eric Rescorla 
Note to Ilari: I have already taken your email as WGLC comments, so no need
to
re-send.

-Ekr


On Mon, Mar 13, 2017 at 10:30 AM, Sean Turner  wrote:

> This is a working group last call announcement for
> draft-ietf-tls-tls13-19, to run through March 27.  Please send your reviews
> to the list as soon as possible so we can prepare for any discussion of
> open issues at IETF 98 in Chicago.
>
> Thanks,
> J
> ___
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] WGLC: draft-ietf-tls-tls13-19

2017-03-13 Thread Sean Turner 
This is a working group last call announcement for draft-ietf-tls-tls13-19, to 
run through March 27.  Please send your reviews to the list as soon as possible 
so we can prepare for any discussion of open issues at IETF 98 in Chicago.  

Thanks,
J
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls