[TLS] SNI with early data
Matt Caswell <frodo@baggins.org> Thu, 20 July 2017 09:51 UTC
Return-Path: <frodo@baggins.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D7A413170E for <tls@ietfa.amsl.com>; Thu, 20 Jul 2017 02:51:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vh-ubrNcOKZw for <tls@ietfa.amsl.com>; Thu, 20 Jul 2017 02:51:18 -0700 (PDT)
Received: from mx496502.smtp-engine.com (mx496502.smtp-engine.com [212.227.20.70]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 227C7131BFA for <tls@ietf.org>; Thu, 20 Jul 2017 02:51:17 -0700 (PDT)
Received: from mail-io0-f177.google.com (mail-io0-f177.google.com [209.85.223.177]) by mx496502.smtp-engine.com (Postfix) with ESMTPSA id 7F8615A7 for <tls@ietf.org>; Thu, 20 Jul 2017 10:51:12 +0100 (BST)
Received: by mail-io0-f177.google.com with SMTP id g13so9664634ioj.5 for <tls@ietf.org>; Thu, 20 Jul 2017 02:51:12 -0700 (PDT)
X-Gm-Message-State: AIVw110qPx0KsigSc7jTlFp+pOEIAsRVfxl5tYZAlowHq8U3/+glQcDq oJ5BqIac7CfWHjy0dCuKG3EP7Y9SbA==
X-Received: by 10.107.145.194 with SMTP id t185mr831851iod.16.1500544267308; Thu, 20 Jul 2017 02:51:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.37.2 with HTTP; Thu, 20 Jul 2017 02:51:06 -0700 (PDT)
From: Matt Caswell <frodo@baggins.org>
Date: Thu, 20 Jul 2017 10:51:06 +0100
X-Gmail-Original-Message-ID: <CAMoSCWatQZDT8qUv7EqmTH_FJ4OjrSTXVY+he6qw6MmfJ_w8vg@mail.gmail.com>
Message-ID: <CAMoSCWatQZDT8qUv7EqmTH_FJ4OjrSTXVY+he6qw6MmfJ_w8vg@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0NHN7LDogV_ZfITQ0oDS9-k_nQ8>
Subject: [TLS] SNI with early data
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 09:51:20 -0000
I note in draft-21 the following text:
When clients use a PSK obtained externally to send early data, then
the following additional information MUST be provisioned to both
parties:
- The TLS version number for use with this PSK
- The cipher suite for use with this PSK
- The Application-Layer Protocol Negotiation (ALPN) protocol
[RFC7301], if any is to be used
- The Server Name Indication (SNI), if any is to be used
Later it says this:
In order to accept early data, the server MUST have accepted a PSK
cipher suite and selected the first key offered in the client's
"pre_shared_key" extension. In addition, it MUST verify that the
following values are consistent with those negotiated in the
connection during which the ticket was established.
- The TLS version number and cipher suite.
- The selected ALPN [RFC7301] protocol, if any.
The language about "during which the ticket was established" seems to
suggest that the following checks do not apply to an external PSK -
which I don't think is intended. Additionally there does not seem to
be a requirement on the server to check that the SNI is consistent.
So, there is a mandatory requirement for an external PSK to specify
the SNI, but no requirement on the server to check that it is actually
correct. Is this discrepancy intentional?
Matt
- [TLS] SNI with early data Matt Caswell
- Re: [TLS] SNI with early data Kazu Yamamoto ( 山本和彦 )
- Re: [TLS] SNI with early data Benjamin Kaduk
- Re: [TLS] SNI with early data Matt Caswell
- Re: [TLS] SNI with early data Benjamin Kaduk