Re: [quicwg/base-drafts] TLS application data isn't possible (#3043)
Marten Seemann <notifications@github.com> Tue, 17 September 2019 08:05 UTC
Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 252D2120120 for <quic-issues@ietfa.amsl.com>; Tue, 17 Sep 2019 01:05:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.596
X-Spam-Level:
X-Spam-Status: No, score=-6.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_28=1.404, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5jqzRCW5FyPF for <quic-issues@ietfa.amsl.com>; Tue, 17 Sep 2019 01:05:12 -0700 (PDT)
Received: from out-19.smtp.github.com (out-19.smtp.github.com [192.30.252.202]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5333B120104 for <quic-issues@ietf.org>; Tue, 17 Sep 2019 01:05:12 -0700 (PDT)
Date: Tue, 17 Sep 2019 01:05:11 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1568707511; bh=Cw6VH+qHPMVeuxnC9Oz49rKMSJiUh7egeRRBUnxrzxY=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=sv5NPeszvKHT711OH5M8glZmIsAg+3FEGK0XItrXJn0A3JPL1OjTGvUGZSMNawsjm 7E06Zrl1AaxKlzV+XFZvbOOpxUpjiqniI0wPa/zIQ11v2hSOcUwmeRX9QKWybVrysB ekhLOk4oIcmWdsqWKiwc6Xpt+IwHBUbGsw5wagHs=
From: Marten Seemann <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJKZI4CHMU4H4LGBWCA53RXDDPEVBNHHB257M5U@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3043/review/289084111@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3043@github.com>
References: <quicwg/base-drafts/pull/3043@github.com>
Subject: Re: [quicwg/base-drafts] TLS application data isn't possible (#3043)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5d8093b759e48_23233fba43ecd96020639d"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: marten-seemann
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/T1Rs_9MRtRwQ1BKoG8e_xWdU0nk>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2019 08:05:14 -0000
marten-seemann commented on this pull request.
>
QUIC takes the unprotected content of TLS handshake records as the content of
CRYPTO frames. TLS record protection is not used by QUIC. QUIC assembles
CRYPTO frames into QUIC packets, which are protected using QUIC packet
protection.
+QUIC is only capable of conveying TLS handshake records in CRYPTO frames. TLS
+alerts are turned into QUIC CONNECTION_CLOSE error codes; see {{tls-errors}}.
+TLS application data and other message types cannot be carried by QUIC at any
+encryption level and can be treated as an error if they are received.
Still not sure how this could happen (I don't think it could in quic-go), but I guess that depends very much on the details of the coupling between your QUIC implementation and your TLS stack.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3043#discussion_r325031574
- [quicwg/base-drafts] TLS application data isn't p… Martin Thomson
- Re: [quicwg/base-drafts] TLS application data isn… Marten Seemann
- Re: [quicwg/base-drafts] TLS application data isn… Martin Thomson
- Re: [quicwg/base-drafts] TLS application data isn… Martin Thomson
- Re: [quicwg/base-drafts] TLS application data isn… Marten Seemann
- Re: [quicwg/base-drafts] TLS application data isn… Kazuho Oku
- Re: [quicwg/base-drafts] TLS application data isn… martinduke
- Re: [quicwg/base-drafts] TLS application data isn… Jana Iyengar
- Re: [quicwg/base-drafts] TLS application data isn… Kazuho Oku
- Re: [quicwg/base-drafts] TLS application data isn… Jana Iyengar
- Re: [quicwg/base-drafts] TLS application data isn… Martin Thomson
- Re: [quicwg/base-drafts] TLS application data isn… Martin Thomson
- Re: [quicwg/base-drafts] TLS application data isn… Martin Thomson