RE: Requiring per application data in session ticket seems wrong
Mike Bishop <mbishop@evequefou.be> Thu, 26 September 2019 18:23 UTC
Return-Path: <mbishop@evequefou.be>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E20381200CE for <quic@ietfa.amsl.com>; Thu, 26 Sep 2019 11:23:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=evequefou.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2HBr2s8-R5uw for <quic@ietfa.amsl.com>; Thu, 26 Sep 2019 11:23:32 -0700 (PDT)
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-eopbgr710127.outbound.protection.outlook.com [40.107.71.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9B3E12008B for <quic@ietf.org>; Thu, 26 Sep 2019 11:23:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q53ajEW1tqArbA71NeQqjOfPNMwK8aR9484UIskx400NMlTCsGCWxTdm/wfqTxmJXBONauT7JEM1nUU2E1uR5u7FQdNzMGMOn2pQMb7Lwr5BamdLR6mDVcJIl+XcKs1LYzqlT2tj0T5Wa32sTUmwZHYeabrHv9jbEjGRNRgurGMbdw79U96z+5f5vR2+54DDi58wY93QawfYaRxUZet2ymFVnvsG+24E9a4pe/JIqHPcVWoLU+fdUAIT9+AenzM4vk22GZ8JqXHc2lmNxDbr1gK9xOmQSA0/MvBRqbIjKzGe3VwJpka4qfQCBy0v9khi8x6GkknaJnsX/QxPj7YPYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/hl96P4XYoKc3CQsPf8ffgr8bBH1TlFbjfsq3QPrZt4=; b=NmG6GJ+eJsQioLAzFMODL/lI8KigBuvGgEcfjxbk1ixpPoNITRTBuCmJ8cYjDf2qXJQu8KE4tWDPeo+GVQS/rn+bZ/DCK0udqB08xg08SwgfYqXhgAQVsEozul1zTMglRFVIK23pVnY/C/5PyC6dCzWQciM7BiK+Z8PYCgtg1anKHCzphYPbBPcwE4I3v5Grklq3dxXPBuLoCLboGEBoh56Ixfz4Yx9ELowpFED9oYrVfeRIGLCUIYR8qnQGRuY3wS15t1VqgGh4BvvBJOBHJX72Ama+9bxy3EC9BH4wgOxs2pqaT9cziWrGhTtmKTQqB/sDcMjpptLFgRXJjcM13A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=evequefou.be; dmarc=pass action=none header.from=evequefou.be; dkim=pass header.d=evequefou.be; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=evequefou.onmicrosoft.com; s=selector2-evequefou-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/hl96P4XYoKc3CQsPf8ffgr8bBH1TlFbjfsq3QPrZt4=; b=J5OfupxCSybalMscMw2On9WNs05BXH400298adkw+PMnKPFaijwm8D9/Rx+vbWCMBh7BXxQ7fTqE++GOJo78mCUoFGV+dCcXW5wka1e9c8uXZ7HBq9sBhJxDghNu8qho+dVinRi0ogWXroHCwSVSPK8ydhQmNME6bDAdqwebyKo=
Received: from BN6PR2201MB1202.namprd22.prod.outlook.com (10.174.80.146) by BN6PR2201MB1251.namprd22.prod.outlook.com (10.174.81.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.25; Thu, 26 Sep 2019 18:23:31 +0000
Received: from BN6PR2201MB1202.namprd22.prod.outlook.com ([fe80::288b:d6ec:1e00:c3c]) by BN6PR2201MB1202.namprd22.prod.outlook.com ([fe80::288b:d6ec:1e00:c3c%12]) with mapi id 15.20.2284.028; Thu, 26 Sep 2019 18:23:31 +0000
From: Mike Bishop <mbishop@evequefou.be>
To: Benjamin Kaduk <bkaduk@akamai.com>, Christian Huitema <huitema@huitema.net>
CC: IETF QUIC WG <quic@ietf.org>
Subject: RE: Requiring per application data in session ticket seems wrong
Thread-Topic: Requiring per application data in session ticket seems wrong
Thread-Index: AQHVae8L1AyEzzkcwUixLpixqBWrLKcp0JsAgBSJg8A=
Date: Thu, 26 Sep 2019 18:23:31 +0000
Message-ID: <BN6PR2201MB1202AA8CEAFC23FDB5B741C5DA860@BN6PR2201MB1202.namprd22.prod.outlook.com>
References: <a3d65ce8-6075-5f39-9532-d24fad6da572@huitema.net> <20190913164232.GN3806@akamai.com>
In-Reply-To: <20190913164232.GN3806@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mbishop@evequefou.be;
x-originating-ip: [2600:2b00:931f:a301:ad10:cc00:8cc7:f6a6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b30216d3-9fd4-474d-92a3-08d742aea29e
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BN6PR2201MB1251;
x-ms-traffictypediagnostic: BN6PR2201MB1251:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <BN6PR2201MB1251FB146EC667B2FA492811DA860@BN6PR2201MB1251.namprd22.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0172F0EF77
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(396003)(366004)(39830400003)(346002)(376002)(136003)(13464003)(199004)(189003)(6116002)(6436002)(102836004)(81166006)(8676002)(81156014)(8936002)(52536014)(76116006)(66476007)(66946007)(33656002)(64756008)(66556008)(66446008)(5660300002)(53546011)(4326008)(74316002)(7736002)(305945005)(71190400001)(486006)(476003)(11346002)(9686003)(446003)(316002)(110136005)(256004)(7696005)(2906002)(76176011)(99286004)(14444005)(229853002)(46003)(71200400001)(6246003)(6506007)(186003)(25786009)(14454004)(55016002)(86362001)(966005)(6306002)(508600001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR2201MB1251; H:BN6PR2201MB1202.namprd22.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: evequefou.be does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: RH4HzS+YdCALNkzz0h8S9aLw4UVKE6MWQWHcF06SQ5tKXMIwVcSPyg7NDiR8qnqZtkVipzCGM9HMPC999iWJJK1jMvEbs2FMDfNVIl96yDC+edzJwoKe7KS1c7maslDNjzhF3Zj1PvTYVPU5XpHmjWhYjTk8e4gK7QUqO0krjppaViwJLTqbNyDv60YdpxZDR51V2X7lk9sP2kB3PY6O+fykcwi68jE206V/2NohlU6pL09y4hAg98ZUzUgRvFOHcIXKquFEkPrGCgKLLeGemUFgO5V+kzUWTwvHvGoMQfnRSXDLkXUNfbNeMUj27qAhVvnZd4cV94EOyGmmdPh9lvSGOnr6ZMB4bKmgXwBWOvHqc5VkcjUJ6eKgIRi4z3S5hGhKCQxlZToqKAjBg2r3p+ryMoCtCWJv3ply5rT7ySHHAQ6W8zNy0qCCZI0jv0sFNy3ZeVaZEYP2WrwPEIWSow==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: evequefou.be
X-MS-Exchange-CrossTenant-Network-Message-Id: b30216d3-9fd4-474d-92a3-08d742aea29e
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2019 18:23:31.5208 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 41eaf50b-882d-47eb-8c4c-0b5b76a9da8f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wIxhvcnykENMHICujIvs+oXnVBqNWliOuocsQ3UQQerVXlWxuUgAdKwkneKF0ELUtt0n0ZH3PuHH9Jdt0blH0A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR2201MB1251
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/9BkLuyxUEf3FZk5Ejcf2QDd1xJo>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2019 18:23:35 -0000
As noted on the issue, it's worth remembering that RFC 8446 specifically talks about this: In order to accept early data, the server MUST have accepted a PSK cipher suite and selected the first key offered in the client's "pre_shared_key" extension. In addition, it MUST verify that the following values are the same as those associated with the selected PSK: - The TLS version number - The selected cipher suite - The selected ALPN [RFC7301] protocol, if any These requirements are a superset of those needed to perform a 1-RTT handshake using the PSK in question. For externally established PSKs, the associated values are those provisioned along with the key. For PSKs established via a NewSessionTicket message, the associated values are those negotiated in the connection during which the ticket was established. ALPN matching is a requirement for early data with TLS 1.3. Embedded application data is a requirement for Early Data with QUIC, and it relies on this existing requirement. If some future version of TLS doesn't have this requirement, QUIC will need to decide how to cope with that. -----Original Message----- From: QUIC <quic-bounces@ietf.org> On Behalf Of Benjamin Kaduk Sent: Friday, September 13, 2019 12:43 PM To: Christian Huitema <huitema@huitema.net> Cc: IETF QUIC WG <quic@ietf.org> Subject: Re: Requiring per application data in session ticket seems wrong On Thu, Sep 12, 2019 at 09:52:01PM -0700, Christian Huitema wrote: > I am busy implementing draft-23 in picoquic, and I found out the new > section 5.4. of the transport draft, "Required Operations on > Connections". It is fine, except for the requirements that servers > are able to encode application specific settings in the session resume > tickets. This makes the ticket specific to the combination of SNI + > ALPN, instead of just SNI as implied by RFC 8446. Seems like a bad idea. > More discussion in https://github.com/quicwg/base-drafts/issues/3028. It's not clear to me that this specifically makes the ticket tied to the ALPN, but rather that a given ticket (still tied to SNI) may or may not have some additional information that allows for additional functionality when used with a specific ALPN. A ticket with that additional information could well be used with a different ALPN and the same SNI (though the logistics of getting additional information in place that would allow a single ticket to get enhanced functionality with more than one ALPN could be challenging. In this case, if you don't have that additional information, you can't use early data, for example. -Ben
- Requiring per application data in session ticket … Christian Huitema
- Re: Requiring per application data in session tic… Benjamin Kaduk
- RE: Requiring per application data in session tic… Mike Bishop