IETF Logo Mail Archive

Re: [Gen-art] [TLS] Genart last call review of draft-ietf-tls-tls13-24

David Benjamin <davidben@chromium.org> Wed, 07 March 2018 17:33 UTC

Return-Path: <davidben@google.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CC9812D965 for <gen-art@ietfa.amsl.com>; Wed, 7 Mar 2018 09:33:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.459
X-Spam-Level:
X-Spam-Status: No, score=-2.459 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id inCq6HQgd8Id for <gen-art@ietfa.amsl.com>; Wed, 7 Mar 2018 09:33:19 -0800 (PST)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D378412D885 for <gen-art@ietf.org>; Wed, 7 Mar 2018 09:33:18 -0800 (PST)
Received: by mail-qk0-x22f.google.com with SMTP id v124so3577835qkh.11 for <gen-art@ietf.org>; Wed, 07 Mar 2018 09:33:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=G+qfmrovPzN+z8ApD11Zb5imejt84HHMmzzz3g9fVXA=; b=lQVK6x9l8bijdQCQwytISbfAvoJ3umCm2mUgSUWg0fChjCZ9AwxG+c4kfJXQMU6G02 H12YTbUGersbOKhAHYa7iDoxyRCCxwprdNcP4rg1zuQJ0ZPgnI2G98RSSdyTJmcFPFsx 9EuHf78fHa3eOSO+G9Ujje/vXG6Rq3jBNbBmo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=G+qfmrovPzN+z8ApD11Zb5imejt84HHMmzzz3g9fVXA=; b=HZ4VLGMoKSgALIL2u5Q5fAyNi7KWDUJrWK9nr1KwSIgISfFgJilvnl2hS6YYsLs02F KaPFxrk3L8eorqGiQGYMelLUQ/ueZv1wC71klXFOp9jz8zarU5MlrMcFjBEA8BB620yy 00GBv100zOtH28o5qpmIIaj4fo7EEcwpP/pxqAFcZQ0XbUH86q72q0pbD1oRd6Xi9GkA QXyTNPFQGeYM04PMTCDZ0dKFMsIVM7T8or3a6zeGwA9Oxo+c5B5EcOgcGW6Ws1uQFOfQ Sq/5cYFnje44lVZ81tQegpgejOWWM5sSf4LTI2GuTOYmCPeYMbAXIQomoT7QAJTveXfg Nx6Q==
X-Gm-Message-State: AElRT7G1VswkYmLxEJZ0cf2FfijOP/LqYjuiwtPOEms3RwhE5JMzdzr7 K1xHsvIrHhSLXfA1JM641jZX+eMQ5xkWU1mb6qcL
X-Google-Smtp-Source: AG47ELsj3VJfhgMwI396PtbdqAQkOKAcMOvutve6H2qhxQmTAu3Y0fGBSBGSJqIkfWumIicd4aIt9gez6MKyDxOyEzk=
X-Received: by 10.55.107.70 with SMTP id g67mr34438573qkc.105.1520443997657; Wed, 07 Mar 2018 09:33:17 -0800 (PST)
MIME-Version: 1.0
References: <152004960327.8290.4628820807186314931@ietfa.amsl.com> <CAAF6GDcBFHhe8oWJqF-LVUfYdR7HRW_Gk9c0KgxNRKoQzauvpQ@mail.gmail.com> <CABcZeBNgwHR0=bG7bY78g-71Ky3shvL+qMQUEhbejKRXzUHuYg@mail.gmail.com>
In-Reply-To: <CABcZeBNgwHR0=bG7bY78g-71Ky3shvL+qMQUEhbejKRXzUHuYg@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Wed, 07 Mar 2018 17:33:07 +0000
Message-ID: <CAF8qwaDYn64zm634vPRiW-0sgm4nRscv80J1pJtmCUL0g+UM3Q@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Colm MacCárthaigh <colm@allcosts.net>, General Area Review Team <gen-art@ietf.org>, Dale Worley <worley@ariadne.com>, IETF discussion list <ietf@ietf.org>, draft-ietf-tls-tls13.all@ietf.org, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a114873f26257de0566d5f440"
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/SV_0gnbh2IsHAPQb7TW83mFPJ1o>
Subject: Re: [Gen-art] [TLS] Genart last call review of draft-ietf-tls-tls13-24
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 17:33:21 -0000

+1. If anything, the existing "buggy implementation" alert codes should get
folded together. (But I don't think it's worth making that change at this
stage either.) E.g. decode_error vs illegal_parameter vs
unexpected_message are rather useless distinctions and trying to get them
"right" adds complexity. Even with the granularity is it is, TLS's alert
codes needlessly expose benign differences in implementation strategy.
Adding even finer granularity would make all this worse.

My experience is also that this sort of thing would not actually help much.

On Tue, Mar 6, 2018 at 11:05 PM Eric Rescorla <ekr@rtfm.com> wrote:

> Without taking a position on the security matter: this has been part of
> the TLS design for 20+ years, and therefore has had multiple LCs and WG and
> IETF consensus, so it would take a pretty strong set of arguments to change
> now. I've debugged a lot of TLS interop issues, and as a practical matter,
> I don't think this would help that much to justify making a change.
> -Ekr
>
>
> On Tue, Mar 6, 2018 at 2:35 PM, Colm MacCárthaigh <colm@allcosts.net>
> wrote:
>
>>
>>
>> On Fri, Mar 2, 2018 at 8:00 PM, Dale Worley <worley@ariadne.com> wrote:
>>
>>> - There are about 28 error codes but nearly 150 places where the text
>>>   require the connection to be aborted with an error -- and hence,
>>>   nearly 150 distinct constraints that can be violated.  There are 19
>>>   alone for "illegal_parameter".  I would like to see an "alert
>>>   extension value" which assigns a distinct "minor" code to each
>>>   statement in the text that requires an error response (with
>>>   implementations being allowed to be a bit sloppy in providing the
>>>   correct minor code).
>>>
>>
>> Your review is incredibly deep, comprehensive and I learned a lot from
>> it. I want to pick out just one small piece, but don't mean that to
>> diminish how thorough it was!
>>
>> On the specific suggestion of having more granular error codes, I think
>> this is a dangerous direction to take lightly; there's at least one
>> instance where granular TLS alert messages have directly led to security
>> issues by acting as oracles that aided the attacker.
>>
>> There's a general conjecture that the more information that is provided
>> to attackers, the more easily they can leverage into a compromise.
>> Personally I believe that conjecture, and would actually prefer to see
>> fewer signals, ideally as few as one big error code. There is a trade-off
>> against debugability, but I've only seen a handful of people have the
>> skills to debug low level TLS issues and it doesn't seem worth the risk.
>> Others disagree, which is valid, but it's at least an area of reasonable
>> contention.
>>
>> --
>> Colm
>>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email