IETF Logo Mail Archive

Re: [quicwg/base-drafts] Prohibit reading 1-RTT before handshake complete (#3868)

Martin Thomson <notifications@github.com> Thu, 16 July 2020 01:26 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DFBA3A084C for <quic-issues@ietfa.amsl.com>; Wed, 15 Jul 2020 18:26:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.483
X-Spam-Level:
X-Spam-Status: No, score=-1.483 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yeeq4gMqLKAL for <quic-issues@ietfa.amsl.com>; Wed, 15 Jul 2020 18:26:06 -0700 (PDT)
Received: from out-23.smtp.github.com (out-23.smtp.github.com [192.30.252.206]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DAC43A0847 for <quic-issues@ietf.org>; Wed, 15 Jul 2020 18:26:05 -0700 (PDT)
Received: from github-lowworker-c5134a3.ac4-iad.github.net (github-lowworker-c5134a3.ac4-iad.github.net [10.52.23.55]) by smtp.github.com (Postfix) with ESMTP id 265D9660346 for <quic-issues@ietf.org>; Wed, 15 Jul 2020 18:26:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1594862765; bh=b5pGJIY1uZCVky/eV4vJ8udH/7KlP/6PGrBiuMsRXwM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Ah8JzSaTwzruseQzb8zDX2sZ97GqITgcLVYXy/uWWsm6FaI6JVZ1kCEVcwBhS0UMl R7GTW5PDxCKm6/0vcv/JQvfiPyI3yEGuR3liXoKUpK3u2gjF7TKtkF32jFMhTIY0NQ SrPnuhGi0ClMfcGf4mOV1+bM32xSAbcbgfLcHO9I=
Date: Wed, 15 Jul 2020 18:26:05 -0700
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+AFTOJK4QUJ74IFPEWNJYEQF5DOG23EVBNHHCN3BEFQ@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/pull/3868/review/449446252@github.com>
In-Reply-To: <quicwg/base-drafts/pull/3868@github.com>
References: <quicwg/base-drafts/pull/3868@github.com>
Subject: Re: [quicwg/base-drafts] Prohibit reading 1-RTT before handshake complete (#3868)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5f0facad1789f_35f83f8943ccd95c997dd"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/TVqP7p-Gj5FPMLNET2oZYfkYRCw>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2020 01:26:08 -0000

@martinthomson commented on this pull request.



> @@ -1280,6 +1280,10 @@ A server could receive packets protected with 0-RTT keys prior to receiving a
 TLS ClientHello.  The server MAY retain these packets for later decryption in
 anticipation of receiving a ClientHello.
 
+A client generally receives 1-RTT keys at the same time as the handshake
+completes.  However, a client also MUST NOT process incoming 1-RTT protected
+packets before the TLS handshake is complete.

Note the "generally".  It is - in theory - possible for a client to receive keys for TLS before it has completed the handshake.  The simplest example is that the client has all the messages necessary, but the server certificate hasn't been authenticated yet (which is a condition for handshake completion).  As certificate authentication can take time, there is potentially a time where the client could generate keys and use them without being sure of what the server identity is.  Most TLS stacks don't allow that to happen, but it isn't a guarantee that is made anywhere.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/pull/3868#discussion_r455455526

v2.30.2 | Report a Bug | By Email | System Status