Re: [TLS] draft-ietf-tls-tls-13-17 posted

Eric Rescorla <ekr@rtfm.com> Fri, 21 October 2016 11:40 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6592D129430 for <tls@ietfa.amsl.com>; Fri, 21 Oct 2016 04:40:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4O3TfpEyf78T for <tls@ietfa.amsl.com>; Fri, 21 Oct 2016 04:40:41 -0700 (PDT)
Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com [IPv6:2607:f8b0:4002:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1216D129422 for <tls@ietf.org>; Fri, 21 Oct 2016 04:40:41 -0700 (PDT)
Received: by mail-yw0-x22a.google.com with SMTP id t192so90533694ywf.0 for <tls@ietf.org>; Fri, 21 Oct 2016 04:40:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=L7Biqnoqh/YKbIA4kKY0vIJ9B2UKCHvG+DFXQQWufqo=; b=pNoZ82LOoYuQFNmjo8lO1xEHCMEDjRJ1KNGGdbngN+S1+8iqVNLt5Ywd2uZOYskkUN ujXCjgkgcTEVH+2oEZTRlx+1hDZaAWKK5V+D7o++GPP8Csmv4yefOsiuz8ENCNSGcxl8 nY9kG21N0HLs0MYG32Hxa1Q7TnQ50BWMS9FToR65yhDDSs+zm2LoYncb22m0cVVtleaq fZpbxDe9VBlFM4wykPf9E7+7YJ6Qn6vFxYLLE0lxOpTe5Vdivh1uEsHh8R5HAFfa+50v ZeW5VZEwunr65glMAiuDPWo+wrqja5mGUtGKQQNkadmEbnf3/LIjx5LTClA2D4gc0ok+ H6Dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=L7Biqnoqh/YKbIA4kKY0vIJ9B2UKCHvG+DFXQQWufqo=; b=jE/goA+apwMHKenn6AsrIdOnoLWkwxgP15xMNc87SfuWPv2uqwyy9r/yPoGxWh0fu8 R42NTcdVz7uuUEmguP5R9Fu8Vd69T4k4UdfcbSMTD6UiCm+OZdhPuzl5RNL2oM4zHuTl 0hhQVzqLtmNxtXqu8X4W2bVJ5qWDaUk/8kE+XMqd9NAI0VhIIUWsumSURiKP46Gad6Yl iN3nTyVf/+dHQjZt8vq1UyHfzeaWN9rqNJrBcet0PtRSsHLdUNxWazXBUNVlhe564N+9 pn4EXkeq89ZVQCJ0YX9dRJGhy9y6sKT7hfRl3XtPbL+w+ZOe/3J2re3vxpBLfSSIdjUy rebg==
X-Gm-Message-State: ABUngvfu+xZB51x4YnoVv7IDI24pevW7hYCQzyVJKG5BQUBdtSZorZJumvQEmGInXxm2kQ9yaKpJEfWfjf71Qg==
X-Received: by 10.129.81.21 with SMTP id f21mr434467ywb.149.1477050040350; Fri, 21 Oct 2016 04:40:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.82.210 with HTTP; Fri, 21 Oct 2016 04:39:59 -0700 (PDT)
In-Reply-To: <20161021093350.GA8070@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CABcZeBP6pzqtcT3rmmpjr_4R+fb6ZyiAduxQiJ87B9hnRzVBXA@mail.gmail.com> <20161021093350.GA8070@LK-Perkele-V2.elisa-laajakaista.fi>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 21 Oct 2016 04:39:59 -0700
Message-ID: <CABcZeBPd25PQhFDW+pbGCCRQM8CVWdnK3NDizYEdgcsV7gR8fg@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary="001a11461104f8a845053f5e8248"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0T-MrAhkLU7NGenpUqPxjGODV2c>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-tls-13-17 posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 11:40:42 -0000

On Fri, Oct 21, 2016 at 2:33 AM, Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> On Thu, Oct 20, 2016 at 09:32:36AM -0700, Eric Rescorla wrote:
> > Folks,
> >
> > I have just uploaded draft-ietf-tls-tls13-17.
>
> Updated my own implementation from -16 to -17 (TODO: Add to
> implementations page, it isn't any of the ones listed).
>

Please do.

We're working on ours so interop testing would be great.


And since that implementation supports RFC7250 (for the server
> certificate), here is my interpretation of it:
>
> The certificate type is sent in extensions of EE certificate,
> via the usual server_certificate_type extension (using the server-side
> syntax from RFC7250).
>

I think this probably should go in Encrypted Extensions.


> ... Interop tests with picotls failed:
>
> - Picotls sends extension 13 (signature_algorithms) in ServerHello,
>   which my implementation does not like[1].
>

You are correct.



> - Picotls still seems to have the resumption_context mixed into
>   hashes. I tought that got nuked when switching to "finished
>   stuffing"? This causes wrong encryption keys to be derived,
>   causing the handshake to blow up.
>

It did.



> [1] Wasn't this ripped out in -17? The -17 draft seems to list that
> extension as "clear", shouldn't it be "client" as the AFAIK the
> server won't send it?
>

Thanks. That got missed in the update.

-Ekr


>
>
> -Ilari
>