Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24]

[Ion Larranaga Azcue <ilarra@s21sec.com>]

> Note that temporarily enabling debug on a live endpoint isn't a big issue,
> everything will continue to operate as before except for the one client that
> requests debug-level alerts, and that knows what it's up for because it
> explicitly asked for it.

And for the malicious user that, knowing the server is currently in debug mode and returning extended errors, can more easily perform attacks on it...

________________________________________
De: TLS <tls-bounces@ietf.org> en nombre de Peter Gutmann <pgut001@cs.auckland.ac.nz>
Enviado: domingo, 1 de abril de 2018 7:29
Para: Eric Rescorla
Cc: IETF discussion list; General Area Review Team; draft-ietf-tls-tls13.all@ietf.org; Dale R. Worley; <tls@ietf.org>
Asunto: Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24]

Eric Rescorla <ekr@rtfm.com> writes:

>In my experience, there are four major scenarios for diagnosing this kind of
>failure. Under the assumption that you control one end, the other end can be:
>
>1. A live endpoint.
>2. A testing endpoint someone has put up.
>3. An endpoint that someone is actively working on with you.
>4. An endpoint you control (e.g., you're running it on your own machine).
>
>If this is a debug-only feature, then it won't be available in case #1,

I have the feeling the people who have commented on this were talking from
real-world experience, and in the example I gave it was exactly case #1.  This
was a live, large-scale production environment by a major ecommerce
organisation (details fudged somewhat to avoid identifying anyone, but
everyone here would know the name), and the only way to get things working was
to spend several weeks randomly tweaking every conceivable option on the
client until things started working, because the only thing the server would
say was "Handshake failure".  The client-side organisation still has no idea
what made things work, they've narrowed it down by trial and error to about
half a dozen things they had to change, but that's it.

If they'd been able to get the server operators to turn on extended-alert for
even just a single handshake it would have avoided several weeks' effort and a
fix that even now is pure guesswork.

>For the same reason, it's not really that helpful in case #3, because you can
>just ask the person you're working with to read the logs,

Except that these people are EDI companies, not TLS experts.  They have
neither the expertise nor the inclination to help debug TLS issues.  What they
will do is enable debug on the server so the client can sort things out, but
they're not going to devote any effort to sorting out the problem at their
end.

Note that temporarily enabling debug on a live endpoint isn't a big issue,
everything will continue to operate as before except for the one client that
requests debug-level alerts, and that knows what it's up for because it
explicitly asked for it.

>so this leaves case #2,

Actually it leaves 1, 2, and 3.  4 is kinda pathological, so really the
problem is "all of the cases".

Peter.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls