IETF Logo Mail Archive

Re: [Gen-art] [TLS] Genart last call review of draft-ietf-tls-tls13-24

Steve Fenter <steven.fenter58@gmail.com> Fri, 30 March 2018 00:14 UTC

Return-Path: <steven.fenter58@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E158A127775; Thu, 29 Mar 2018 17:14:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M1htAQOiGDsf; Thu, 29 Mar 2018 17:14:27 -0700 (PDT)
Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AB451271FD; Thu, 29 Mar 2018 17:14:27 -0700 (PDT)
Received: by mail-it0-x236.google.com with SMTP id h143-v6so10177965ita.4; Thu, 29 Mar 2018 17:14:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:in-reply-to:mime-version:content-transfer-encoding :message-id:cc:from:subject:date:to; bh=Y7TDwysCgbNoN7DUbMALS9WYIXfd1EXieWJirCCLH9Q=; b=CONjCl41zn8h/cex4Gzdtdh3MJ3PeNWcP8IBS432KT6iew8AbBF+Fcj4e0HMDUK1zR xsw/8zwJYCrwOJWxyLUfIYNvfz7Z6KTwQ8kientXF6w9EqcEC2CDJR+pGDt3E0ZqWSd6 8GKCtONECrhX4yT7NcCg+3gU3rE8sF49yNkECUSSv8xQYwlHiyDY9owuID4GjFM4Umkx WDq7GGvF+Tn1YKF8ZhXdUkyHNh78KvUHeDf5PIXxO+vN2d0HUxsfHBKeor4uTEU3Hovi ELFGz0PI/vQgD5bwrBZ5E9pkX0vW9EKtboT16GKBod/EbPhYHeuTpGWnNgTMVGj8JGkd b5IA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:in-reply-to:mime-version :content-transfer-encoding:message-id:cc:from:subject:date:to; bh=Y7TDwysCgbNoN7DUbMALS9WYIXfd1EXieWJirCCLH9Q=; b=RojPaHn7gswFJT8z1Ll9eoF4tGeMPMi6dxFxG9WjCdYQhd/d4VZdPcVNMq+PVuLsM6 WUu24gJDb+tiMSdPlJYZIzj/K2TVliUB3Nz6b77MD3QdN9ywxLqu9uV3JCwErsSUOmfE o4IdCqIUMJN8tKjHuY6OWOAkYcXCZLG3lt12lH+5ss2flgstowhDH60zWgEtz/9VKqyW 9f4KPkKDCJ5/eYTBpAS00SyOgtoVrc7Mu+Nz1whNhyZ3gvmx3Nq5yd5O4asDZzKH1SeE Bxaj6alxXybvCUSNCtOnXQ6/x/u/Z5p3Ki4+pwdPoDHzl4296t1QxjYXrWYjLg7Vk6Jc l2vw==
X-Gm-Message-State: AElRT7HaI7FzciB+BFB6Git8/vAOfAmrCqbUPg0n/KLX7Z6A/spDRw2i pRxhAqI3ve3h9YhIiR/uxr8=
X-Google-Smtp-Source: AIpwx4/90iCsnuirhYy1LIiXUTlgG1ufpbtj+mSegs+h4lz4L9UcK0Lx0jMnBF8z+Y0g79s+ht0HKA==
X-Received: by 2002:a24:7385:: with SMTP id y127-v6mr1163728itb.10.1522368866408; Thu, 29 Mar 2018 17:14:26 -0700 (PDT)
Received: from [100.107.25.180] (146.sub-174-219-135.myvzw.com. [174.219.135.146]) by smtp.gmail.com with ESMTPSA id l18-v6sm1796190itl.1.2018.03.29.17.14.25 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 29 Mar 2018 17:14:25 -0700 (PDT)
References: <871sgw4ky9.fsf@hobgoblin.ariadne.com>
In-Reply-To: <871sgw4ky9.fsf@hobgoblin.ariadne.com>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
Message-Id: <27EB41EC-2C80-4C5A-BD6C-9063B520F0C8@gmail.com>
Cc: Colm MacCárthaigh <colm@allcosts.net>, "gen-art@ietf.org" <gen-art@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-tls-tls13.all@ietf.org" <draft-ietf-tls-tls13.all@ietf.org>, "tls@ietf.org" <tls@ietf.org>
X-Mailer: iPad Mail (11D201)
From: Steve Fenter <steven.fenter58@gmail.com>
Date: Thu, 29 Mar 2018 19:14:23 -0500
To: "Dale R. Worley" <worley@ariadne.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/TLknwDO2_LwdCWtzJCKLdH5PN6g>
Subject: Re: [Gen-art] [TLS] Genart last call review of draft-ietf-tls-tls13-24
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Mar 2018 00:14:30 -0000

I'd like to echo Dale's sentiments on the error codes.  I've done a fair amount of TLS handshake troubleshooting, and it's usually long and painful because the error codes are so vague. Another factor in debugging is that people troubleshooting TLS in the enterprise are typically not the same level of experts as those who are writing TLS code.  The TLS working group folks seem to have their fingers in TLS every day and know it backwards and forwards, so debugging a problem is not so difficult for them. They can also read code to figure out what is going on. In contrast, I see a TLS handshake problem once every few months.  The rest of the time I'm looking at HTTP, SQL, SMB, or whatever. So enterprise troubleshooters are not going to be as deep in their understanding of TLS by the nature of their jobs, and they need all the help they can get (like from descriptive error messages).  The vague error messages are leading directly to more downtime, and this should be balanced with the other security needs. I'm not saying this needs to be fixed immediately, but it should be considered somewhere down the road.

> On Mar 6, 2018, at 9:35 PM, worley@ariadne.com (Dale R. Worley) wrote:
> 
> Colm MacCárthaigh <colm@allcosts.net> writes:
>> On the specific suggestion of having more granular error codes, I think
>> this is a dangerous direction to take lightly; there's at least one
>> instance where granular TLS alert messages have directly led to security
>> issues by acting as oracles that aided the attacker.
>> 
>> There's a general conjecture that the more information that is provided to
>> attackers, the more easily they can leverage into a compromise. Personally
>> I believe that conjecture, and would actually prefer to see fewer signals,
>> ideally as few as one big error code. There is a trade-off against
>> debugability, but I've only seen a handful of people have the skills to
>> debug low level TLS issues and it doesn't seem worth the risk. Others
>> disagree, which is valid, but it's at least an area of reasonable
>> contention.
> 
> I believe I've heard that position stated before, and I give it
> credibility.  I retreat to the statement I made at the top of my review,
> that I'm not experienced in security.  OTOH, I've spent a lot of the
> previous couple of decades debugging SIP call flows, so I've learned to
> appreciate any aid to debuggability that exists.
> 
> I'm tempted to consider this a classic case of conflicting requirements,
> and ask if our cryptographic experience can help us square this circle.
> 
> Dale
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email