Re: [dnssd] Genart last call review of draft-ietf-dnssd-push-20

Stuart Cheshire <cheshire@apple.com> Mon, 08 July 2019 22:53 UTC

Return-Path: <cheshire@apple.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C853712037D; Mon, 8 Jul 2019 15:53:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V3vUZYTt_Uyx; Mon, 8 Jul 2019 15:53:53 -0700 (PDT)
Received: from nwk-aaemail-lapp03.apple.com (nwk-aaemail-lapp03.apple.com [17.151.62.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B400120320; Mon, 8 Jul 2019 15:53:53 -0700 (PDT)
Received: from pps.filterd (nwk-aaemail-lapp03.apple.com [127.0.0.1]) by nwk-aaemail-lapp03.apple.com (8.16.0.27/8.16.0.27) with SMTP id x68Mptwq005298; Mon, 8 Jul 2019 15:53:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=sender : content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=20180706; bh=d40JHvGkWL2LZ/CdN2qMzMbPSMWWWzfhLUc8IUmo/X0=; b=Zi9MpvElnsTmMXmEpg+DQSj+7qfUZG4wWaxAD9mYcrDYWv9RLz5ieS7/EAlrI3zvcQ7r inajYdUEWxshgM3wJfYdCKenUdHTZ6zH0mLXP/rjVuipIW9iyjZlLfCj0mQuHvwlqUI/ kT0eVb7CP9CSr7WGCvrRJAdtxCW7jE+tFS1s3WCstVG79EA1zS0MZi+f4F5knXRnwkzb +sBdhR1qTYfrPxxMHsatJlqqY38MI71MSOvIShC4c/s+eKeQYrg/qiaikexLLq096k6Z oNiVc7hScsNJwPCRwZXgPUauCCkYBh4C7nKWLwqDfsECxB4vcpA3mfsm8nMvx98Ij53A Xw==
Received: from mr2-mtap-s03.rno.apple.com (mr2-mtap-s03.rno.apple.com [17.179.226.135]) by nwk-aaemail-lapp03.apple.com with ESMTP id 2tkbvk4pfv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 08 Jul 2019 15:53:50 -0700
Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) by mr2-mtap-s03.rno.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPS id <0PUC00KSFI9P8J80@mr2-mtap-s03.rno.apple.com>; Mon, 08 Jul 2019 15:53:50 -0700 (PDT)
Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) id <0PUC00D00HEDE100@nwk-mmpp-sz09.apple.com>; Mon, 08 Jul 2019 15:53:50 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 10a534a1686abdccb129dd18c18ba03f
X-Va-E-CD: 3c579badc8061719d024feec5a8178fb
X-Va-R-CD: dac62b87d893430a0308504ef8763cad
X-Va-CD: 0
X-Va-ID: ff7f07e5-ca13-400e-94d9-ecf5596c31e7
X-V-A:
X-V-T-CD: 10a534a1686abdccb129dd18c18ba03f
X-V-E-CD: 3c579badc8061719d024feec5a8178fb
X-V-R-CD: dac62b87d893430a0308504ef8763cad
X-V-CD: 0
X-V-ID: 97fc82e5-31cc-416e-85fb-ec65b8ce3980
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-07-08_09:,, signatures=0
Received: from [17.192.139.245] (unknown [17.192.139.245]) by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPSA id <0PUC00HF5I996T50@nwk-mmpp-sz09.apple.com>; Mon, 08 Jul 2019 15:53:33 -0700 (PDT)
Sender: cheshire@apple.com
Content-type: text/plain; charset=utf-8
MIME-version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Stuart Cheshire <cheshire@apple.com>
In-reply-to: <CAPDSy+7om=cBW51cyuPea9nabgJuRV3M+++gA7sy8VzfNpkn6Q@mail.gmail.com>
Date: Mon, 08 Jul 2019 15:53:32 -0700
Cc: Tom Pusateri <pusateri@bangj.com>, Robert Sparks <rjsparks@nostrum.com>, draft-ietf-dnssd-push.all@ietf.org, DNSSD <dnssd@ietf.org>, Eric Rescorla <ekr@rtfm.com>
Content-transfer-encoding: quoted-printable
Message-id: <9F8CFF4A-ABC1-4005-AE65-6CE64940B59F@apple.com>
References: <156175221593.21875.9525138908968318905@ietfa.amsl.com> <9E6DE124-9262-4870-A920-4E707A38DC08@bangj.com> <CAPDSy+7om=cBW51cyuPea9nabgJuRV3M+++gA7sy8VzfNpkn6Q@mail.gmail.com>
To: David Schinazi <dschinazi.ietf@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-08_09:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/f_oau_XXAOZLsxp6oBy5108oe_4>
Subject: Re: [dnssd] Genart last call review of draft-ietf-dnssd-push-20
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 22:54:04 -0000

On 2 Jul 2019, at 12:36, David Schinazi <dschinazi.ietf@gmail.com> wrote:

> Hi Tom,
> 
> If the protocol is restricted to TLS over TCP, it should send a TLS close_notify, not a TCP RST.
> TLS close_notify is cryptographically guaranteed to originate from the peer,
> whereas TCP RST can be injected by an on-path entity to cause truncation attacks.

In TCP we use FIN for a graceful close, and RST for an abortive close. The former is normal operation; the latter means your code has a bug you need to fix.

Is there an appropriate equivalent in TLS? It would be good to differentiate normal operation from a fatal protocol error that causes a forcible termination.

I see in the TLS 1.3 spec, RFC 8446, Section 6.2. “Error Alerts” says:

   Whenever an implementation encounters a fatal error condition, it
   SHOULD send an appropriate fatal alert and MUST close the connection
   without sending or receiving any additional data.

<https://tools.ietf.org/html/rfc8446#section-6.2>

Are any of these error alerts appropriate to perform this abortive disconnect, like perhaps the decode_error code?

   decode_error:  A message could not be decoded because some field was
      out of the specified range or the length of the message was
      incorrect.  This alert is used for errors where the message does
      not conform to the formal protocol syntax.  This alert should
      never be observed in communication between proper implementations,
      except when messages were corrupted in the network.

Or are these TLS error alerts reserved for TLS-layer error conditions?

Stuart Cheshire