Re: [TLS] PR#1091: Changes to provide middlebox robustness

Alex C <immibis@gmail.com> Mon, 04 December 2017 09:59 UTC

Return-Path: <immibis@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AA321241F5 for <tls@ietfa.amsl.com>; Mon, 4 Dec 2017 01:59:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.71
X-Spam-Level:
X-Spam-Status: No, score=-0.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gRsbTda1BFcL for <tls@ietfa.amsl.com>; Mon, 4 Dec 2017 01:59:15 -0800 (PST)
Received: from mail-vk0-x22e.google.com (mail-vk0-x22e.google.com [IPv6:2607:f8b0:400c:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D190F124207 for <tls@ietf.org>; Mon, 4 Dec 2017 01:59:14 -0800 (PST)
Received: by mail-vk0-x22e.google.com with SMTP id h203so9133335vka.6 for <tls@ietf.org>; Mon, 04 Dec 2017 01:59:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+Iirouj5HzAL/B14no35q+kIJL80e/hyvm9TZiKi0Lo=; b=Qd3qwptYX2HdDZul4Cdjz9UBFxDwu7fW4ZClfK10qCQkeGKN9hcKcmby5v2bClz4PG 6jJpFSrdqCvmVaRfkePRoxx2WgkzzDy1AzplCFv6VrXuEZld6MQ3IBc5Bwhw5eBeE8To PmrQ6VWme/ykDzWk4Ux3KOFwh2y8McAy7WEWjZMLmUEUm8KdpU8X0PfbIzwfNtErgTj1 y2c9YMZ+Ci/bL8MOYVwTSKePVeQAepXCIqzC5YxBBd5yYXr9Tv1HPPgktwisDLjv3R5b lJUWJkg59H/RVM5w8zriT/uqqwZFvBL1+yvOfJyH9VcxbZLjH8abbjEJkn77jmII4LQa bj+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+Iirouj5HzAL/B14no35q+kIJL80e/hyvm9TZiKi0Lo=; b=Hp98h/KWS66YOaQQzOI1fG4QdLKqDXStUEj1frKN9flZvitPaIDO54W2UbadYyC7iV +KO/M1+6XygEqJTAnn/Py4NjdcoBNi2TFOezyUjtbBmCOs/7tdu5XqmMAjMGu8+EA5zj omCJ5jpHk0r9df4COKpQWK6/ZfujALH8Vnc8Nl05FebjFYrrQQe7J3Qlg+tXkVZqYEbm kHMqejRiaiyzCBzFrU/6dbV9dQNKsiodz93g+h+ATx/iMDOJ8NgdiBBPFGZzOi7jBNc4 dNZYQte9XC0bYT30u+rJRLBHHZxTf1XOD8DB9VYT3AYK/Z2KmVpwg70yzGx9GgrywW70 pUEA==
X-Gm-Message-State: AKGB3mLFppVKnBgzQBL0+x7DDEmz5RDQns112naZ8IJ9cSWR+6TRZL9V n2+2xikSiLmS912Lc8Lrb9754EFw1XuoIV3ziFg=
X-Google-Smtp-Source: AGs4zMbfnnNWSwObxFpuZ8zJyr3r8+Y/PsUCXeZ4XLFr9tEvKlzB9nbGJw8eW76QTevvY04YmDHw4MrDBVIXnvvM6Fs=
X-Received: by 10.31.93.134 with SMTP id r128mr3311266vkb.143.1512381553899; Mon, 04 Dec 2017 01:59:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.59.206 with HTTP; Mon, 4 Dec 2017 01:59:13 -0800 (PST)
In-Reply-To: <MWHPR1801MB20613FD00AC10B468BF67667C3260@MWHPR1801MB2061.namprd18.prod.outlook.com>
References: <CABcZeBNm4bEMx0L6Kx-v7R+Tog9WLXxQLwTwjutapRWWW_x9+w@mail.gmail.com> <389abe54-41d3-30e9-4cca-caa8b1469ae7@iki.fi> <CAF8qwaC8bJhKoZBraoqM9qTStQxAkouV5=qXXurX8yPMDppV3A@mail.gmail.com> <MWHPR1801MB206198CC227AB64BEBFC92E6C3200@MWHPR1801MB2061.namprd18.prod.outlook.com> <CABcZeBNbBqFddrHrnGNAqCm0M3p7=waWwSX6PJPAcw2jjfKNvA@mail.gmail.com> <MWHPR1801MB206196E1CEF6FD868F15DFADC3200@MWHPR1801MB2061.namprd18.prod.outlook.com> <f9afe56e-2ef5-4c59-f6dc-0788ed4773db@stpeter.im> <MWHPR1801MB20618683F0167A821EAA1A73C3200@MWHPR1801MB2061.namprd18.prod.outlook.com> <CY4PR21MB0120491DD143B64AAFFCF84D8C200@CY4PR21MB0120.namprd21.prod.outlook.com> <MWHPR1801MB20613FD00AC10B468BF67667C3260@MWHPR1801MB2061.namprd18.prod.outlook.com>
From: Alex C <immibis@gmail.com>
Date: Mon, 4 Dec 2017 22:59:13 +1300
Message-ID: <CAMqknA7gan83KHaR9j7784VXmoQcy-wKziB29m0FsUyqoStu8A@mail.gmail.com>
To: Yuhong Bao <yuhongbao_386@hotmail.com>
Cc: Andrei Popov <Andrei.Popov@microsoft.com>, Peter Saint-Andre <stpeter@stpeter.im>, Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>, Tapio Sokura <tapio.sokura@iki.fi>
Content-Type: multipart/alternative; boundary="94eb2c09306248fd5b055f80c51f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0MZRrVUHneY6wWmFaow6c645zfc>
Subject: Re: [TLS] PR#1091: Changes to provide middlebox robustness
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Dec 2017 09:59:17 -0000

The obvious problem with randomly adding fake versions is you have to have
a way of ensuring they won't conflict with *real* future versions - and
whatever pattern you decide upon in order to do that, middleboxes will use
that pattern to filter out fake versions, and fail as soon as you present
one with a real future version (i.e. TLS 1.4).

Can I also suggest adding a section about expected middlebox behaviour to
TLS 1.3? That way there is a reasonable chance that TLS 1.4 won't face the
same issues.
(Or can I do that myself? I'm not really familiar with the process, sorry)

On Sat, Nov 25, 2017 at 8:21 AM, Yuhong Bao <yuhongbao_386@hotmail.com>;
wrote:

> That only applies to the ClientHello.
>
> ________________________________________
> From: Andrei Popov <Andrei.Popov@microsoft.com>;
> Sent: Wednesday, November 22, 2017 11:22:23 AM
> To: Yuhong Bao; Peter Saint-Andre; Eric Rescorla
> Cc: tls@ietf.org; Tapio Sokura
> Subject: RE: [TLS] PR#1091: Changes to provide middlebox robustness
>
> The idea was for the client to randomly add non-existent TLS versions to
> supported_versions.
> Presumably, this will exercise the extensibility joint and prevent it from
> becoming unusable.
>
> I'm not convinced this new approach will help, but we know the old one
> required fallbacks every time a new protocol version was introduced.
>
> Cheers,
>
> Andrei
>
> -----Original Message-----
> From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Yuhong Bao
> Sent: Wednesday, November 22, 2017 11:04 AM
> To: Peter Saint-Andre <stpeter@stpeter.im>;; Eric Rescorla <ekr@rtfm.com>;
> Cc: tls@ietf.org; Tapio Sokura <tapio.sokura@iki.fi>;
> Subject: Re: [TLS] PR#1091: Changes to provide middlebox robustness
>
> They are basically doing a supported_versions extension with only one
> entry in the ServerHello.
> The problem with future middleboxes should be obvious.
>
> ________________________________________
> From: Peter Saint-Andre <stpeter@stpeter.im>;
> Sent: Wednesday, November 22, 2017 11:02:39 AM
> To: Yuhong Bao; Eric Rescorla
> Cc: tls@ietf.org; Tapio Sokura
> Subject: Re: [TLS] PR#1091: Changes to provide middlebox robustness
>
> On 11/22/17 11:16 AM, Yuhong Bao wrote:
> > The problem is not TLS 1.3, the problem is future versions of TLS.
>
> Would you mind explaining that in more detail?
>
> Peter
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://na01.safelinks.protection.outlook.com/?url=
> https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&
> data=02%7C01%7CAndrei.Popov%40microsoft.com%7C71d594d28d4241b8757f08d531db
> dbb2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%
> 7C636469742719473989&sdata=fCAZVB8XHK3IJQAoSf%
> 2FUwSDlHYiy2tm0WBktCGS%2BPW8%3D&reserved=0
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>