Re: [tcpinc] Quick review of draft-rescorla-tcpinc-tls-option-04
Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> Wed, 21 October 2015 16:05 UTC
Return-Path: <mirja.kuehlewind@tik.ee.ethz.ch>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C8EA1B29DB for <tcpinc@ietfa.amsl.com>; Wed, 21 Oct 2015 09:05:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.91
X-Spam-Level:
X-Spam-Status: No, score=-3.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JKwZz9wpR3UT for <tcpinc@ietfa.amsl.com>; Wed, 21 Oct 2015 09:05:44 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACACA1B29D4 for <tcpinc@ietf.org>; Wed, 21 Oct 2015 09:05:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id 77E0AD930D; Wed, 21 Oct 2015 18:05:43 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ms3djmMaxVtO; Wed, 21 Oct 2015 18:05:43 +0200 (MEST)
Received: from [82.130.103.143] (nb-10510.ethz.ch [82.130.103.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mirjak) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 467CDD9304; Wed, 21 Oct 2015 18:05:43 +0200 (MEST)
To: Eric Rescorla <ekr@rtfm.com>
References: <07616023-76C2-4418-BCCC-47B40391DC5D@tik.ee.ethz.ch> <CABcZeBOT0k0eAQ--+=BG9dEg-irwaQiP+d8JiaAPwmK6Mogt7w@mail.gmail.com>
From: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
Message-ID: <5627B7CF.6080505@tik.ee.ethz.ch>
Date: Wed, 21 Oct 2015 18:05:35 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBOT0k0eAQ--+=BG9dEg-irwaQiP+d8JiaAPwmK6Mogt7w@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tcpinc/Y4K6pNP97GxLqXb8uPhT8ev7TcM>
Cc: tcpinc <tcpinc@ietf.org>
Subject: Re: [tcpinc] Quick review of draft-rescorla-tcpinc-tls-option-04
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2015 16:05:47 -0000
Hi Ekr, see inline. On 18.10.2015 16:23, Eric Rescorla wrote: > > Hi Ekr, > > > > I did a quick review of draft-rescorla-tcpinc-tls-option-04, as an > individual (not as chair). > > > > Thanks for putting all the explanational text in there; at least for me > that was very helpful. I have a few comments and (potentially stupid) questions: > > > > 1) Section 2 say that if there is a decryption failure/finished > > failure, endpoint SHOULD signal a connection failure. Does it mean > > that endpoint SHOULD/MUST also send a TCP RST? And do we really, > > really need to close the connection here, or is there maybe a way to > > think about falling back to TCP only…? > > I don't know if we *really* need to, but my reasoning here is that > we now know that the middlebox messed with the data and so failing > the connection is safer. Not sure what safer in this sense actually means, but the point I was trying to make is, that this might be a case, where a connection might fail when trying to use tcpinc while a regular tcp connection might succeed. An application that does not even know that it is using tcpinc, thus might not be able to connect. > > > > 2) The current proposal has the possibility that both endpoints > > might not support the same chipper suite and therefore tcpinc will > > not be used. Should we maybe think about picking a default one (or > > set of default ones that can be ordered by preference) that must be > > supported. I know that's hard, but for tcpinc, as the intention is > > anyway ‚just‘ opportunistic encryption, that might make more > > sense. Maybe we can specify something while at the same time saying > > that the server should not expect that a specific chiper suite will > > be available such that we still have a change to deprecate this > > specification later… > > Well, there already is an MTI cipher suite (see: S. 3.5), but > someone could always be noncompliant, right? Actually I overlooked this. However, to be correct you probably have to say that one should not only implement those but also offer at least one of them with the ClientHello. > > > 5) Section 3.2. says „… MUST respond to renegotiation with fatal > > „no_renegotiation“ alert“. What does this mean for the TCP > > connection? > > You should fail the connection. Any failure post-handshake should > lead to the same result. My point is that 'fail the connection' does not mean anything for someone who want to implement this in TCP. I guess you mean send a TCP RST and close the socket connection...? > > > 8) Further the draft says in section 6, that there are two options > > for implementation. And I disagree there. tcpinc should always be > > implemented in the kernel and only if there is potentially an app > > that also implements TLS there might be a config option to allow the > > app to do the TLS handling if successfully negotiated in TCP. It is > > not an option to have a tcpinc implementation that relies on the > > possibility that the app might have TLS implemented because then we > > are end up at a the state where we already are. > > We're defining a wire protocol here, so specifying particular > implementation tactics seems out of scope. With that said, I > don't think your assessment that we're back at the same state > we always were. As I think I pointed out when I first introduced > this draft, it addresses two problems with the same wire protocol: > > 1. The basic TCPINC use case. > 2. Out-of-band negotiation of application-level TLS. > > An application-level implementation is totally consistent with #2. First of all, you have a section on implementation in the draft, I'm just commenting on what's written there. I think David, made this point as well: tcpinc is charter for case 1, that means there MUST be a kernel implementation. Case 2 might be supported but doesn't have to to fulfill our charter. Of course I agree that case 2 makes a lot of sense if we use tls. However, the point is, as long as the doc says that you can fulfill the specification of tcpinc even though you have an implementation that only uses tcpinc if TLS is supported by the app, this doc is not a tcpinc doc because it does not address our charter. Mirja
- [tcpinc] Quick review of draft-rescorla-tcpinc-tl… Mirja Kühlewind
- Re: [tcpinc] Quick review of draft-rescorla-tcpin… Eric Rescorla
- Re: [tcpinc] Quick review of draft-rescorla-tcpin… Mirja Kühlewind
- Re: [tcpinc] Quick review of draft-rescorla-tcpin… Eric Rescorla
- Re: [tcpinc] Quick review of draft-rescorla-tcpin… Mirja Kühlewind
- Re: [tcpinc] Quick review of draft-rescorla-tcpin… David Mazieres
- Re: [tcpinc] Quick review of draft-rescorla-tcpin… Eric Rescorla
- Re: [tcpinc] Quick review of draft-rescorla-tcpin… David Mazieres