Re: [dnssd] Genart last call review of draft-ietf-dnssd-push-20

Tom Pusateri <pusateri@bangj.com> Mon, 08 July 2019 23:12 UTC

Return-Path: <pusateri@bangj.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F41E120364; Mon, 8 Jul 2019 16:12:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bKSA6dCoXKBI; Mon, 8 Jul 2019 16:12:27 -0700 (PDT)
Received: from oj.bangj.com (69-77-154-174.static.skybest.com [69.77.154.174]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C95C120316; Mon, 8 Jul 2019 16:12:27 -0700 (PDT)
Received: from [10.21.50.205] (mobile-166-170-58-254.mycingular.net [166.170.58.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by oj.bangj.com (Postfix) with ESMTPSA id 0452C342E7; Mon, 8 Jul 2019 19:12:26 -0400 (EDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-6BC29C0C-975E-4D9A-9F31-DA2C83A4473E
Mime-Version: 1.0 (1.0)
From: Tom Pusateri <pusateri@bangj.com>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <CAPDSy+6V+ooWDe7XezmWA_XKNQXRAOex8DE5CiTnZdz8zc-9CA@mail.gmail.com>
Date: Mon, 8 Jul 2019 19:12:24 -0400
Cc: Stuart Cheshire <cheshire@apple.com>, Robert Sparks <rjsparks@nostrum.com>, draft-ietf-dnssd-push.all@ietf.org, DNSSD <dnssd@ietf.org>, Eric Rescorla <ekr@rtfm.com>
Content-Transfer-Encoding: 7bit
Message-Id: <7F485F2D-C9C7-4530-98AB-2A7498EA2D4F@bangj.com>
References: <156175221593.21875.9525138908968318905@ietfa.amsl.com> <9E6DE124-9262-4870-A920-4E707A38DC08@bangj.com> <CAPDSy+7om=cBW51cyuPea9nabgJuRV3M+++gA7sy8VzfNpkn6Q@mail.gmail.com> <9F8CFF4A-ABC1-4005-AE65-6CE64940B59F@apple.com> <CAPDSy+6V+ooWDe7XezmWA_XKNQXRAOex8DE5CiTnZdz8zc-9CA@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/0LEh_UJxAEBwBBSQKIqpwCkt-lQ>
Subject: Re: [dnssd] Genart last call review of draft-ietf-dnssd-push-20
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 23:12:38 -0000

If we detect a PUSH protocol error and don’t want the client to immediately reconnect and repeat the same error, we can send a retry delay TLV with a long delay and then close gracefully with a TLS close_notify in lieu of a TCP RST. 

Tom

> On Jul 8, 2019, at 7:05 PM, David Schinazi <dschinazi.ietf@gmail.com> wrote:
> 
> In general the "TLS Alerts" error codes are specific to the operation of TLS itself, not the application running over TLS.
> 
> If you want to send a graceful close, the tool of choice is close_notify.
> If you detect an unrecoverable error and want to abort the connection, I see two options:
> (1) forcibly terminate the connection at the DNS layer by sending a DNS error message followed by a TLS close_notify
> (2) forcibly terminate the connection at the TCP layer by sending a RST
> 
> As a client sending, I don't see much value in (1) since all the server can do in either case is free the resources associated with this connection.
> As a server sending, I suspect (1) is best unless you were unable to parse anything in which case (2) makes sense.
> 
> David
> 
>> On Mon, Jul 8, 2019 at 3:53 PM Stuart Cheshire <cheshire@apple.com> wrote:
>> On 2 Jul 2019, at 12:36, David Schinazi <dschinazi.ietf@gmail.com> wrote:
>> 
>> > Hi Tom,
>> > 
>> > If the protocol is restricted to TLS over TCP, it should send a TLS close_notify, not a TCP RST.
>> > TLS close_notify is cryptographically guaranteed to originate from the peer,
>> > whereas TCP RST can be injected by an on-path entity to cause truncation attacks.
>> 
>> In TCP we use FIN for a graceful close, and RST for an abortive close. The former is normal operation; the latter means your code has a bug you need to fix.
>> 
>> Is there an appropriate equivalent in TLS? It would be good to differentiate normal operation from a fatal protocol error that causes a forcible termination.
>> 
>> I see in the TLS 1.3 spec, RFC 8446, Section 6.2. “Error Alerts” says:
>> 
>>    Whenever an implementation encounters a fatal error condition, it
>>    SHOULD send an appropriate fatal alert and MUST close the connection
>>    without sending or receiving any additional data.
>> 
>> <https://tools.ietf.org/html/rfc8446#section-6.2>
>> 
>> Are any of these error alerts appropriate to perform this abortive disconnect, like perhaps the decode_error code?
>> 
>>    decode_error:  A message could not be decoded because some field was
>>       out of the specified range or the length of the message was
>>       incorrect.  This alert is used for errors where the message does
>>       not conform to the formal protocol syntax.  This alert should
>>       never be observed in communication between proper implementations,
>>       except when messages were corrupted in the network.
>> 
>> Or are these TLS error alerts reserved for TLS-layer error conditions?
>> 
>> Stuart Cheshire
>>