starting on tls 1 3
play

Starting on TLS 1.3 Eric Rescorla ekr@rtfm.com IETF 85 Random - PowerPoint PPT Presentation

Sep 15, 2023 •49 likes •269 views

Starting on TLS 1.3 Eric Rescorla ekr@rtfm.com IETF 85 Random CNAMEs 1 Reminder: Objectives Encrypt as much of the handshake as possible Reduce handshake latency, with a target of 0-RTT for repeated handshakes and 1-RTT for full

  1. Starting on TLS 1.3 Eric Rescorla ekr@rtfm.com IETF 85 Random CNAMEs 1

  2. Reminder: Objectives • Encrypt as much of the handshake as possible • Reduce handshake latency, with a target of 0-RTT for repeated handshakes and 1-RTT for “full” handshakes • Reevaluate handshake contents • Reevaluate record protection mechanisms (not discussed here) IETF 85 Random CNAMEs 2

  3. Rough time allocation Time Topic 30 New handshake flows 7 Should we allow renegotiation 7 Should we stop supporting RSA? 7 Should we get rid of resumption? 7 Random sizes 2 Other? IETF 85 Random CNAMEs 3

  4. New Handshake Flows • Almost nothing here is new • Ideas cribbed from – False Start – Snap Start – NPN – Marsh Ray’s encrypted handshake draft – A bunch of other people • Writeup in: draft-rescorla-tls13-new-flows – Just posted (sorry about that!) IETF 85 Random CNAMEs 4

  5. DISCLAIMER DISCLAIMER: THIS IS A VERY ROUGH DRAFT. EVERYTHING HERE IS SUPER-HANDWAVY AND HASN’T REALLY HAD ANY SECURITY ANALYSIS. I DON’T PROMISE IT’S NOT VERY VERY WRONG BUT I WANTED TO BE ABLE TO HAVE AN EARLY DISCUSSION ABOUT DIRECTION. IETF 85 Random CNAMEs 5

  6. Reminder: TLS 1.2 Full Handshake ClientHello --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] {Finished} --------> [ChangeCipherSpec] <-------- {Finished} {Application Data} <-------> {Application Data} IETF 85 Random CNAMEs 6

  7. Reminder: TLS 1.2 Resumed Handshake ClientHello --------> ServerHello [ChangeCipherSpec] <-------- {Finished} [ChangeCipherSpec] {Finished} --------> {Application Data} <-------> {Application Data} IETF 85 Random CNAMEs 7

  8. Reminder: False Start ClientHello --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] {Finished} {Application Data} --------> [ChangeCipherSpec] <-------- {Finished} {Application Data} <-------> {Application Data} IETF 85 Random CNAMEs 8

  9. Warm-up: Fast Track (sort-of) ClientHello + CI ClientKeyExchange --------> ServerHello + CI Certificate* ServerKeyExchange* ServerHelloDone [ChangeCipherSpec] <-------- {Finished} [ChangeCipherSpec] {Finished} {Application Data} --------> {Application Data} <-------> {Application Data} IETF 85 Random CNAMEs 9

  10. Warm-up: Falling back under prediction failure ClientHello + CI ClientKeyExchange --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] {Finished} --------> [ChangeCipherSpec] <-------- {Finished} {Application Data} <-------> {Application Data} IETF 85 Random CNAMEs 10

  11. Reduced RT handshake with privacy ClientHello + CI ClientKeyExchange --------> ServerHello[1] + CI ServerKeyExchange* [ChangeCipherSpec] {ServerHello[2]} {Certificate*} {CertificateRequest*} {ServerHelloDone} <-------- {AlmostFinished} [ChangeCipherSpec] {Certificate*} {CertificateVerify*} {Finished} {Application Data} --------> <-------- {Finished} {Application Data} <-------> {Application Data} IETF 85 Random CNAMEs 11

  12. Reduced RT handshake with privacy ClientHello[1] + CI ClientKeyExchange --------> ServerHello[1] <-------- ServerKeyExchange* ClientHello[2] + CI // For consistency ClientKeyExchange [ChangeCipherSpec] {ClientHello[3]} --------> [ChangeCipherSpec] {ServerHello} {Certificate*} {ServerKeySignature*} {CertificateRequest*} {ServerHelloDone} <-------- {AlmostFinished} {Certificate*} {CertificateVerify*} {Finished} {Application Data} --------> <-------- {Finished} {Application Data} <-------> {Application Data} IETF 85 Random CNAMEs 12

  13. Zero RT Handshake (resumed) ClientHello + CI + AR [ChangeCipherSpec] {Finished} {Application Data} --------> ServerHello + CI + AR [ChangeCipherSpec] <-------- {Finished} {Application Data} <-------> {Application Data} IETF 85 Random CNAMEs 13

  14. Zero RT Handshake (non-resumed) ClientHello[1] + CI + AR ClientKeyExchange {ClientHello[2]} [ChangeCipherSpec] {Certificate*} {CertificateVerify*} {Finished} {Application Data} --------> ServerHello[1] [ChangeCipherSpec] {ServerHello[2]} {ServerHelloDone} <-------- {Finished} {Application Data} <-------> {Application Data} IETF 85 Random CNAMEs 14

  15. Zero-RTT Fallback Options • How many fallback options should we have? • Potentially – 0RTT resumed → 0RTT non-resumed → 1RTT Fast Track → Full handshake • This seems awful complicated – Both for specification and for client IETF 85 Random CNAMEs 15

  16. PFS just got complicated • Resumption obviously doesn’t provide PFS • But even the non-resumed handshake doesn’t provide it – Because it assumes a static server public key • Options – Do a rehandshake – Have a two-phase handshake with the server supplying a key and client cuts over IETF 85 Random CNAMEs 16

  17. Handwaving ClientHello[1] + CI + AR ClientKeyExchange {ClientHello[2]} [ChangeCipherSpec] {Finished} {Application Data} --------> ServerHello[1] [ChangeCipherSpec] {ServerHello[2]} {Certificate} {ServerKeyExchange} {ServerHelloDone} <-------- {{Finished}} {{Application Data}} <-------> {{Application Data}} IETF 85 Random CNAMEs 17

  18. Should we remove renegotation? • Raised by a number of people on the list • Arguments for – Obvious point of complexity – We’ve had problems here before • Arguments against – Change parameters – PFS refresh/rekey – To prevent cipher exhaustion (other ways to fix this) – Are we breaking people’s actual applications • Discuss. IETF 85 Random CNAMEs 18

  19. Should we stop supporting RSA? • Obviously suboptimal performance characteristics • Complexity – Doesn’t match the PFS pattern – See the handshakes above • But everyone uses it... – And they have RSA certificates – Nice to have options – Discuss. IETF 85 Random CNAMEs 19

  20. Should we remove resumption? • Servers have gotten a lot faster – As have our cipher suites • Arguments for – Remove complexity • Arguments against – People definitely use it – And not everyone has gone to EC – Some devices have gotten much slower (DICE) • Discuss. IETF 85 Random CNAMEs 20

  21. Random values • Current random values are (allegedly) 4 bytes of time and 28 bytes of randomness • Make them shorter – Reduce entropy leakage from the PRNG – Is there an easier way to do this, e.g., separate PRNGs? • Make them longer – Still waiting for a security analysis here • Remove time – Potential fingerprinting service – But maybe useful for some stuff – Compatibility questions probably not a big issue • Discuss. IETF 85 Random CNAMEs 21

  22. Other topics? IETF 85 Random CNAMEs 22

Recommend

E L E C T R I C V E H I C L E S | M A I N S T R E A M &amp; A F F O R D A B L E Starting at

E L E C T R I C V E H I C L E S | M A I N S T R E A M &amp; A F F O R D A B L E Starting at

E L E C T R I C V E H I C L E S | M A I N S T R E A M &amp; A F F O R D A B L E Starting at $35,000 Tesla Model 3 reservations are currently over 373,000 E V S A L E S A R E G R O W I N G E V E R Y Y E A R S O U R C E : G L O B A L

588 views • 9 slides
School Starting Time Steering Committee May 16, 2017 Tonights Agenda School Starting Time

School Starting Time Steering Committee May 16, 2017 Tonights Agenda School Starting Time

Garden City Public Schools Report of the School Starting Time Steering Committee May 16, 2017 Tonights Agenda School Starting Time Steering Committee The Committees recommendations Background Committee activities Survey

329 views • 28 slides
Introduction In 2001, number of women starting in CS at UIUC was ridiculously low: 9%; way

Introduction In 2001, number of women starting in CS at UIUC was ridiculously low: 9%; way

Introduction In 2001, number of women starting in CS at UIUC was ridiculously low: 9%; way lower than fraction of women among faculty, or among students starting in mechanical engineering; retention was also worse than for men. Decided to

436 views • 29 slides
Beautiful Code in Rails 3 by Gregg Pollack Starting a new app New Router API ActionController

Beautiful Code in Rails 3 by Gregg Pollack Starting a new app New Router API ActionController

Beautiful Code in Rails 3 by Gregg Pollack Starting a new app New Router API ActionController - respond_with ActionMailer Syntax ActiveRelation (arel) ERB Strings Escaped Unobtrusive Javascript Starting a New App $ rails Usage: rails

593 views • 45 slides
1 3 1/3 1/3 yes no -22-19 wye-delta -22-20 auto- 2 2 transformer -22-21

1 3 1/3 1/3 yes no -22-19 wye-delta -22-20 auto- 2 2 transformer -22-21

IEV 411 Starting winding mains current % torque % interruption starting time critical method current % -22-18 direct - - - no no -22-26 series-parallel 1/2 1/4 1/4 yes no 1 3 1/3 1/3 yes no -22-19 wye-delta

832 views • 33 slides
UDL for Student Voices STARTING THE CONVERSATION Brooke Hessler, Learning Resources Bobby White,

UDL for Student Voices STARTING THE CONVERSATION Brooke Hessler, Learning Resources Bobby White,

2 February 2019 UDL for Student Voices STARTING THE CONVERSATION Brooke Hessler, Learning Resources Bobby White, Teaching Support Studio AGENDA UDL &amp; Chimeric Learners Starting with Names: Moodle profiles &amp; discussion boards

367 views • 19 slides
Experiences in starting measurement of services in Poland 31 ST VOORBURG GROUP MEETING CROATIA,

Experiences in starting measurement of services in Poland 31 ST VOORBURG GROUP MEETING CROATIA,

Experiences in starting measurement of services in Poland 31 ST VOORBURG GROUP MEETING CROATIA, 19-23 SEPTEMBER, 2016 CENTRAL STATISTICAL OFFICE OF POLAND TRADE AND SERVICES DEPARTMENT AGNIESZKA MATULSKA-BACHURA The starting and development of

643 views • 24 slides
Zalando. The Starting Point for Fashion. Q3 / 2019 Earnings Call October 31, 2019 Highlights

Zalando. The Starting Point for Fashion. Q3 / 2019 Earnings Call October 31, 2019 Highlights

Zalando. The Starting Point for Fashion. Q3 / 2019 Earnings Call October 31, 2019 Highlights and Business Update Strong financial performance driven by outstanding traffic and active customer growth Starting point strategy: Site visits

601 views • 20 slides
ST GEORGES STREET, CANTERBURY PROPOSED PUBLIC REALM IMPROVEMENTS The starting point

ST GEORGES STREET, CANTERBURY PROPOSED PUBLIC REALM IMPROVEMENTS The starting point

ST GEORGES STREET, CANTERBURY PROPOSED PUBLIC REALM IMPROVEMENTS The starting point Understanding the past is an important prelude to good design. In the Canterbury context the starting point is often looking back in history to understand

499 views • 20 slides
We will be starting soon. #PromisingApproaches Supported by Agenda Welcome and

We will be starting soon. #PromisingApproaches Supported by Agenda Welcome and

We will be starting soon. #PromisingApproaches Supported by Agenda Welcome and introductions Paul Cann Introducing the revised framework Kate Jopling Breakout discussions The Psychology of Loneliness Dr Kalpa

877 views • 70 slides
Starting point : Multicomponent signals (1) L s ( t ) = a ( t ) cos( ( t )) , t

Starting point : Multicomponent signals (1) L s ( t ) = a ( t ) cos( ( t )) , t

Starting point : Multicomponent signals (1) L s ( t ) = a ( t ) cos( ( t )) , t R Transform ee de Riesz multi- echelles et =1 a limage 1 Applications ` - Decomposition problem : extraction of the di ff erent

466 views • 11 slides
Hello If you can see this then you will be able to view todays session. We will be starting

Hello If you can see this then you will be able to view todays session. We will be starting

Hello If you can see this then you will be able to view todays session. We will be starting shortly, thank you for your patience. Managing employees through severe weather 24/7 professional support for business, across employment law, HR,

463 views • 11 slides
Helping People In Forming Companies, Opening Bank Account &amp; Getting Licenses Truly

Helping People In Forming Companies, Opening Bank Account &amp; Getting Licenses Truly

Helping People In Forming Companies, Opening Bank Account &amp; Getting Licenses Truly Simplifying Offshore Solutions Starting Offshore Ltd Registered in Saint Vincent &amp; Grenadines with IBC Number 23836 ABOUT STARTING OFFSHORE Starting

510 views • 9 slides
MEMPHIS C I V I C C O M M O N S The Fourth Bluff The Starting Point Life and commerce in

MEMPHIS C I V I C C O M M O N S The Fourth Bluff The Starting Point Life and commerce in

MEMPHIS C I V I C C O M M O N S The Fourth Bluff The Starting Point Life and commerce in Memphis began at the river with the Fourth Bluff at its heart. We will draw Memphians back to this original starting point and revitalize the Fourth

578 views • 22 slides
UTOPIAE is a 3.9M starting 01 January 2017 research and training network supported by the 15

UTOPIAE is a 3.9M starting 01 January 2017 research and training network supported by the 15

U NCERTAINTY Q UANTIFICATION IN O RBITAL M ECHANICS Massimiliano Vasile, Aerospace Centre of Excellence, Department of Mechanical &amp; Aerospace Engineering, University of Strathclyde UTOPIAE will last 4 years UTOPIAE is a 3.9M starting 01

808 views • 60 slides
In 2015/16, new 0% starting rate for savings income up to maximum of 5,000. But only

In 2015/16, new 0% starting rate for savings income up to maximum of 5,000. But only

FINANCE ACT 2015 Robert Jamieson MA FCA CTA (Fellow) TEP 25 September 2015 NEW STARTING RATE FOR SAVINGS In 2015/16, new 0% starting rate for savings income up to maximum of 5,000. But only in point for those whose non- savings

931 views • 64 slides
A Balance Sheet Perspective on Financial Success: Why Starting Early Matters FLEC Financial

A Balance Sheet Perspective on Financial Success: Why Starting Early Matters FLEC Financial

A Balance Sheet Perspective on Financial Success: Why Starting Early Matters FLEC Financial Literacy Research Symposium Starting Early for Financial Success: Capability into Action September 16, 2014 Ray Boshara and William Emmons* Center for

115 views • 10 slides
T Constance Walker Special Needs and The Boys Project Manager Starting Point, Cleveland, Ohio

T Constance Walker Special Needs and The Boys Project Manager Starting Point, Cleveland, Ohio

5/8/19 Introducing T Constance Walker Special Needs and The Boys Project Manager Starting Point, Cleveland, Ohio FACTS AND STRATEGIES Starting Point FOR NURTURING BOYS The Early Childhood Resource and Referral Agency For Northeast Ohio

247 views • 13 slides
Drainage the key factors and starting to address them Dick Godwin Visiting Professor -

Drainage the key factors and starting to address them Dick Godwin Visiting Professor -

Dick Godwin - Drainage the key factors and starting to address them Repairing the Damaged Soils of 2012 Drainage the key factors and starting to address them Dick Godwin Visiting Professor - Harper Adams University Outline Fundamentals

511 views • 25 slides
Starting, Buying or Expanding a Small Business? Discover what it takes by charting your course

Starting, Buying or Expanding a Small Business? Discover what it takes by charting your course

Exploring the Possibilities of Starting, Buying or Expanding a Small Business? Discover what it takes by charting your course with Small Business Basics Training https://www.sba.gov/starting-business Small Business Development Planning

188 views • 15 slides
TREES II CS2110 Spring 2018 Announcements 2 Prelim 1 is Tonight, bring your student ID

TREES II CS2110 Spring 2018 Announcements 2 Prelim 1 is Tonight, bring your student ID

Lecture 12 TREES II CS2110 Spring 2018 Announcements 2 Prelim 1 is Tonight, bring your student ID 5:30PM EXAM OLH155: netids starting aa to dh OLH255: netids starting di to ji PHL101: netids starting jj to ks (Plus students

468 views • 36 slides
Starting, Maintaining and Expanding Ubuntu Hours by iheartubuntu What is an Ubuntu Hour?

Starting, Maintaining and Expanding Ubuntu Hours by iheartubuntu What is an Ubuntu Hour?

Starting, Maintaining and Expanding Ubuntu Hours by iheartubuntu What is an Ubuntu Hour? Ubuntu Hours are simply a local public get together to help promote Ubuntu and it is easy to do Starting a new Ubuntu Hour locate like minded Ubuntu

181 views • 6 slides
EUROPE FOR CITIZENS LIFT OFF : STARTING FROM THE GROUND Hannah Peschel - Senate Chancellery Free

EUROPE FOR CITIZENS LIFT OFF : STARTING FROM THE GROUND Hannah Peschel - Senate Chancellery Free

EUROPE FOR CITIZENS LIFT OFF : STARTING FROM THE GROUND Hannah Peschel - Senate Chancellery Free and Hanseatic City of Hamburg September 2016 Europe for Citizens at a glance Key information about the programme LIFT OFF : STARTING FROM THE

316 views • 16 slides
1 Starting January 1, 2018, all associates working in the state of Washington will be provided

1 Starting January 1, 2018, all associates working in the state of Washington will be provided

Hello and welcome to an overview of the Washington Paid Sick Leave Law. We know youre busy and we appreciate you taking the time to learn about this new law going into effect for your associate. 1 Starting January 1, 2018, all associates

500 views • 19 slides

More recommend