IETF Logo Mail Archive

Re: [Gen-art] Genart last call review of draft-ietf-tls-tls13-24

worley@ariadne.com (Dale R. Worley) Wed, 07 March 2018 03:35 UTC

Return-Path: <worley@alum.mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 786B3126CC7 for <gen-art@ietfa.amsl.com>; Tue, 6 Mar 2018 19:35:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.684
X-Spam-Level:
X-Spam-Status: No, score=-1.684 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UklXAKrM8-Xb for <gen-art@ietfa.amsl.com>; Tue, 6 Mar 2018 19:35:16 -0800 (PST)
Received: from resqmta-ch2-04v.sys.comcast.net (resqmta-ch2-04v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C09F126DD9 for <gen-art@ietf.org>; Tue, 6 Mar 2018 19:35:15 -0800 (PST)
Received: from resomta-ch2-12v.sys.comcast.net ([69.252.207.108]) by resqmta-ch2-04v.sys.comcast.net with ESMTP id tPqIe4HqoHKkKtPrGeXk1B; Wed, 07 Mar 2018 03:35:14 +0000
Received: from hobgoblin.ariadne.com ([IPv6:2601:192:4603:9471:222:fbff:fe91:d396]) by resomta-ch2-12v.sys.comcast.net with SMTP id tPrEeNgKNXncbtPrFe6x99; Wed, 07 Mar 2018 03:35:14 +0000
Received: from hobgoblin.ariadne.com (hobgoblin.ariadne.com [127.0.0.1]) by hobgoblin.ariadne.com (8.14.7/8.14.7) with ESMTP id w273ZCFX022707; Tue, 6 Mar 2018 22:35:12 -0500
Received: (from worley@localhost) by hobgoblin.ariadne.com (8.14.7/8.14.7/Submit) id w273ZBxU022704; Tue, 6 Mar 2018 22:35:11 -0500
X-Authentication-Warning: hobgoblin.ariadne.com: worley set sender to worley@alum.mit.edu using -f
From: worley@ariadne.com
To: Colm MacCárthaigh <colm@allcosts.net>
Cc: gen-art@ietf.org, ietf@ietf.org, draft-ietf-tls-tls13.all@ietf.org, tls@ietf.org
In-Reply-To: <CAAF6GDcBFHhe8oWJqF-LVUfYdR7HRW_Gk9c0KgxNRKoQzauvpQ@mail.gmail.com> (colm@allcosts.net)
Sender: worley@ariadne.com
Date: Tue, 06 Mar 2018 22:35:10 -0500
Message-ID: <871sgw4ky9.fsf@hobgoblin.ariadne.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-CMAE-Envelope: MS4wfDEZTIVWEo/DMQZOky/u0+sqoVRZshXFiRTV3kaOrMU+sOefn2Yo5x7bQTbqX4RDNHLRUK7+nUpdsm2mga3TZymH5lduyV9+XZsuvIyZ/HFQXi5cklKx t9SrJvLPyXDy0isjl7hUkRCtUfiEIxBJMRWoKl5f7n7vtGtF620Q9iR5TDcIB10oehP55PoX+duX2v7A+ws9yX+RL1WjNHdQ8lqXze6WLGtOIaXZT/uCm9pQ w4AXE8qfeLxgum3ozLz4B7LUCiWeTh9npuro+2q7uDk=
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/Rdy25TCDcJKsTOjBnDq6j9LYdak>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-tls-tls13-24
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 03:35:17 -0000

Colm MacCárthaigh <colm@allcosts.net> writes:
> On the specific suggestion of having more granular error codes, I think
> this is a dangerous direction to take lightly; there's at least one
> instance where granular TLS alert messages have directly led to security
> issues by acting as oracles that aided the attacker.
>
> There's a general conjecture that the more information that is provided to
> attackers, the more easily they can leverage into a compromise. Personally
> I believe that conjecture, and would actually prefer to see fewer signals,
> ideally as few as one big error code. There is a trade-off against
> debugability, but I've only seen a handful of people have the skills to
> debug low level TLS issues and it doesn't seem worth the risk. Others
> disagree, which is valid, but it's at least an area of reasonable
> contention.

I believe I've heard that position stated before, and I give it
credibility.  I retreat to the statement I made at the top of my review,
that I'm not experienced in security.  OTOH, I've spent a lot of the
previous couple of decades debugging SIP call flows, so I've learned to
appreciate any aid to debuggability that exists.

I'm tempted to consider this a classic case of conflicting requirements,
and ask if our cryptographic experience can help us square this circle.

Dale

v2.23.0 | Report a Bug | By Email