Re: [TLS] PR#1091: Changes to provide middlebox robustness

Yuhong Bao <yuhongbao_386@hotmail.com> Tue, 07 November 2017 23:47 UTC

Return-Path: <yuhongbao_386@hotmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F8F212957C for <tls@ietfa.amsl.com>; Tue, 7 Nov 2017 15:47:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.875
X-Spam-Level:
X-Spam-Status: No, score=-0.875 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tCRfdO58NKO9 for <tls@ietfa.amsl.com>; Tue, 7 Nov 2017 15:47:11 -0800 (PST)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-oln040092001097.outbound.protection.outlook.com [40.92.1.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8DD1129B50 for <tls@ietf.org>; Tue, 7 Nov 2017 15:47:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=JF4Lt2TMkQZU8D4h+4+RuvMKu6fO+V4x2/kdmp70zu4=; b=ffk9NYnX4uzm2VPRqfJn1+ZiQAn9rTau8Os/BVfVxw/MO+D1pKLRomNH+peBAiELdDO7mjBXd7wTU3MoUKXRs+9TG/VtViQDisKcZ8BUCBpB1v0A9IqA8sn7eB5NaCVdQvcDiZWXsFIzUU5ZdAzbgZ4rTQGezMYADD+hpA0ThpTXuPQGJyevx0Ectt/qo/NRj0SMvbevbAkaqqM234MYF+cfbJiWz1SanbyuQb1hMf8wVuPd8HHhLUHdILAEuw6wqtsD1ROimc7BvKlt6GxWULedokDDL2sHT6s17g4gHZwCN3BAtUaxMZne0dPF2fBtxzznUZKmlwFESxhW8vZY+Q==
Received: from BY2NAM01FT005.eop-nam01.prod.protection.outlook.com (10.152.68.56) by BY2NAM01HT217.eop-nam01.prod.protection.outlook.com (10.152.69.0) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.178.5; Tue, 7 Nov 2017 23:47:05 +0000
Received: from MWHPR1801MB2061.namprd18.prod.outlook.com (10.152.68.56) by BY2NAM01FT005.mail.protection.outlook.com (10.152.68.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.197.9 via Frontend Transport; Tue, 7 Nov 2017 23:47:05 +0000
Received: from MWHPR1801MB2061.namprd18.prod.outlook.com ([10.164.205.38]) by MWHPR1801MB2061.namprd18.prod.outlook.com ([10.164.205.38]) with mapi id 15.20.0197.020; Tue, 7 Nov 2017 23:47:05 +0000
From: Yuhong Bao <yuhongbao_386@hotmail.com>
To: Martin Thomson <martin.thomson@gmail.com>, "Salz, Rich" <rsalz@akamai.com>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] PR#1091: Changes to provide middlebox robustness
Thread-Index: AQHTVyvb2MH+ZKktR0KvrQ+TnVw5FaMJDtaAgAAba4CAAA8DgIAAJQeAgAAbmgCAABztDw==
Date: Tue, 7 Nov 2017 23:47:05 +0000
Message-ID: <MWHPR1801MB2061CAE1B7F5565433A7BE13C3510@MWHPR1801MB2061.namprd18.prod.outlook.com>
References: <CABcZeBNm4bEMx0L6Kx-v7R+Tog9WLXxQLwTwjutapRWWW_x9+w@mail.gmail.com> <4406543.RZChgRkkf9@pintsize.usersys.redhat.com> <CABcZeBOxEAVUAq6+cSD9P+e0VHvgJHvrgj6uENbvf9aWnZooKg@mail.gmail.com> <6818962.9GzJR6rN5C@pintsize.usersys.redhat.com> <965B995B-A5B3-4322-B13A-A2D82AFD2743@akamai.com>, <CABkgnnWt4NYuGKOoCfH3x6oSHXbC90ubJM64ArYiNG+9qhXQWw@mail.gmail.com>
In-Reply-To: <CABkgnnWt4NYuGKOoCfH3x6oSHXbC90ubJM64ArYiNG+9qhXQWw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=hotmail.com;
x-incomingtopheadermarker: OriginalChecksum:A7E63628819D8043403D7AAC580FC49EAEAC5433C4BD66FC05CDC614C23815B3; UpperCasedChecksum:942F4CFA0F87F41C33930479EB8FD94F53AB13333130AB12DD12ACF40387A283; SizeAsReceived:7594; Count:47
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [ZQeuIBud6cmZQAjhPlM1ZXgQWsP7jN30sy8i8mRzz7eJaVee4irWTJ0bHX/edsFs]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BY2NAM01HT217; 6:5qYqNd2k6rnd5RowGf4v6A+Qiq5FyHMDQ327quolNWAmBB6HSCjsuTE5GeMBDM0jOKC/8urCV3iSI5Z+j1spzWhJK/2/Xkuhq8ggR1KdzAZI9aBo7ufIZWj6UCKOeETFWDnF7ZetJENmmxmYeSJjuEZskiLYE1A0ELFq9AZY+Z+ndFQJLugtslUbbzljqaQuHgQ3NuFJvDgBsjDici8qr6i6AsoGDgZXaxSlw4jwu9p6RKqJO6df5xG2eQKFuJ1/8+2iX5RhuEuJ0AswOGSb0O96peVr/XrzM9BgJBMnWAQwuvWRE0vqVWBcBoya0YXzcV4tYLFMhYWMk5hLVHB/xE3/5VmC6hqGAcfY9Qq9rUM=; 5:gq8jrYy4AZTMQ2Wvyhchb7GJ5Itmv9OVDcE71F36yjHRmt9AtMaBCsrp4244T4cpzFPXTParAA98Y6l6xlPYL/sV2/CdcT6f7fm0HkpIgWRDdysTREbQz4pGXHHDfM+tepCYW41jZqsIzzeYZhJyCJEvx+ZYW0Vye5T1IqVPf2g=; 24:45RYTEG/E2AO2RKHN8HZsS74vzXLdmNz8lHSs1bqz4kYh0oTQjAC9aLlc3M3LtxxAsRi6Hk3RckTnR3aRQsryMIaHTULHP8Qm3kfgXRuzBk=; 7:hnlsrA/yK8dApQe229md2vZMC5muHImlZm9/pglQuiIRVV9yWPqPii4zLA8ij9iY9b9qXaA9e17bQ7HtWKOiE5MU/JHze4lWjT9Mio6F2lvlXdufDpWTOMWQb0MLddBOCKYw380WrHuIGSyjWwk+TGsiU7x1y1n2QLigfay6/wZ0S7pcXu0zchkI20C350aE3ZawlRAK+DWU4kdETnQWj8Ni9VFKbukDqoyrWHpJBPTkrClGcJqzbEs7E9+jod+e
x-incomingheadercount: 47
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: 6bc5a5ec-6c21-4f71-7977-08d52639da23
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101448)(1601125374)(1701031045); SRVR:BY2NAM01HT217;
x-ms-traffictypediagnostic: BY2NAM01HT217:
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031); SRVR:BY2NAM01HT217; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BY2NAM01HT217;
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:BY2NAM01HT217; H:MWHPR1801MB2061.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6bc5a5ec-6c21-4f71-7977-08d52639da23
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2017 23:47:05.7073 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2NAM01HT217
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0JfRTUAg5VW8pU-gIjE8oBSxAeI>
Subject: Re: [TLS] PR#1091: Changes to provide middlebox robustness
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 23:47:13 -0000

My favorite of course is introducing another version field in the ServerHello.
The same problem may repeat with future middleboxes.

________________________________________
From: TLS <tls-bounces@ietf.org>; on behalf of Martin Thomson <martin.thomson@gmail.com>;
Sent: Tuesday, November 7, 2017 2:02:36 PM
To: Salz, Rich
Cc: tls@ietf.org
Subject: Re: [TLS] PR#1091: Changes to provide middlebox robustness

On Wed, Nov 8, 2017 at 7:23 AM, Salz, Rich <rsalz@akamai.com>; wrote:
> “We can remove it when middleboxes aren’t a problem.”  Talk about aspirational (

Given that we're almost there, and that only really browsers are
asking for these hacks, and that even some of those were almost ready
to ship without these hacks, I don't think that this is entirely
unrealistic as an aspiration.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls