Re: [TLS] ticket lifetimes

2019-01-29 Thread Nikos Mavrogiannopoulos
On Tue, Jan 29, 2019 at 11:53 PM David Benjamin wrote: > On Tue, Jan 29, 2019 at 4:14 PM Subodh Iyengar wrote: > >> > Wouldn't this issue also be mitigated by requiring the server to >> re-authenticate during resumption with the certificate once in a while? >> >> I think it's probably just easie

Re: [TLS] ticket lifetimes

2019-01-29 Thread David Benjamin
Agreed. > Subodh > -- > *From:* David Benjamin > *Sent:* Tuesday, January 29, 2019 2:52 PM > *To:* Subodh Iyengar > *Cc:* Nick Sullivan; tls@ietf.org > > *Subject:* Re: [TLS] ticket lifetimes > On Tue, Jan 29, 2019 at 4:14 PM Subodh Iyengar wro

Re: [TLS] ticket lifetimes

2019-01-29 Thread Subodh Iyengar
e ticket lifetime. Subodh From: David Benjamin Sent: Tuesday, January 29, 2019 2:52 PM To: Subodh Iyengar Cc: Nick Sullivan; tls@ietf.org Subject: Re: [TLS] ticket lifetimes On Tue, Jan 29, 2019 at 4:14 PM Subodh Iyengar mailto:sub...@fb.com>> wrote: > Wou

Re: [TLS] ticket lifetimes

2019-01-29 Thread David Benjamin
t is willing to make vulnerable to a single session secret. We'd probably do something similar if we implemented TLS 1.3's plain psk_ke, but we only do psk_dhe_ke.) David > Subodh > -- > *From:* David Benjamin > *Sent:* Tuesday, January 29, 2019

Re: [TLS] ticket lifetimes

2019-01-29 Thread Subodh Iyengar
nt in BoringSSL. 😊 Fantastic. Would it help to have an extension to set a lower bound on this value, or just make it more painful? Subodh From: David Benjamin Sent: Tuesday, January 29, 2019 1:02 PM To: Nick Sullivan Cc: Subodh Iyengar; tls@ietf.org Subject: Re: [TL

Re: [TLS] ticket lifetimes

2019-01-29 Thread David Benjamin
tely write that >> up >> if people don't think it's the worst idea in the world. >> >> Subodh >> -- >> *From:* Christopher Wood >> *Sent:* Monday, January 28, 2019 10:13:36 PM >> *To:* Subodh Iyengar >> *Cc:* tls@ietf.org

Re: [TLS] ticket lifetimes

2019-01-29 Thread Nick Sullivan
8, 2019 10:13:36 PM > *To:* Subodh Iyengar > *Cc:* tls@ietf.org > *Subject:* Re: [TLS] ticket lifetimes > > On Mon, Jan 28, 2019 at 10:04 PM Subodh Iyengar wrote: > > > > > Since clients already store tickets, could they not also store the > > time of original ticket

Re: [TLS] ticket lifetimes

2019-01-29 Thread Subodh Iyengar
ristopher Wood Sent: Monday, January 28, 2019 10:13:36 PM To: Subodh Iyengar Cc: tls@ietf.org Subject: Re: [TLS] ticket lifetimes On Mon, Jan 28, 2019 at 10:04 PM Subodh Iyengar wrote: > > > Since clients already store tickets, could they not also store the > time of original ticket iss

Re: [TLS] ticket lifetimes

2019-01-28 Thread Christopher Wood
uot; you mean the resumed (and renewed) sessions, then yep! Best, Chris > > Subodh > > From: Christopher Wood > Sent: Monday, January 28, 2019 9:57 PM > To: Subodh Iyengar > Cc: tls@ietf.org > Subject: Re: [TLS] ticket lifetimes > > O

Re: [TLS] ticket lifetimes

2019-01-28 Thread Subodh Iyengar
? That is not just limit it to the scope of the ticket but the entire TLS session? That would be fine to by me, however might break some folks. Subodh From: Christopher Wood Sent: Monday, January 28, 2019 9:57 PM To: Subodh Iyengar Cc: tls@ietf.org Subject: Re:

Re: [TLS] ticket lifetimes

2019-01-28 Thread Christopher Wood
On Mon, Jan 28, 2019 at 9:43 PM Subodh Iyengar wrote: > > In TLS 1.3 we added a maximum age to the ticket lifetime to be 7 days. This > had several original motivations including reducing the time that a ticket is > reused (for privacy or PFS). Another major motivation for this was to limit > t

[TLS] ticket lifetimes

2019-01-28 Thread Subodh Iyengar
In TLS 1.3 we added a maximum age to the ticket lifetime to be 7 days. This had several original motivations including reducing the time that a ticket is reused (for privacy or PFS). Another major motivation for this was to limit the exposure of servers that use keyless ssl like mechanisms, i.e.