Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?

Eric Rescorla <ekr@rtfm.com> Wed, 02 December 2015 14:13 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C47EE1A905B for <tls@ietfa.amsl.com>; Wed, 2 Dec 2015 06:13:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GqOFZw8L3QO1 for <tls@ietfa.amsl.com>; Wed, 2 Dec 2015 06:13:24 -0800 (PST)
Received: from mail-yk0-x235.google.com (mail-yk0-x235.google.com [IPv6:2607:f8b0:4002:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D78421A906B for <tls@ietf.org>; Wed, 2 Dec 2015 06:13:23 -0800 (PST)
Received: by ykdv3 with SMTP id v3so47451896ykd.0 for <tls@ietf.org>; Wed, 02 Dec 2015 06:13:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=TIOIEk5M8Q1TCymIapJgWhEnPKqFdVHLTINvAj6jAv4=; b=vexBdqKuop4b4tV7E9o4iLHriUt4jsY63hfkHdMbI6Pn8f0q14h9DyaWez6IcvasPb Tky8bNMWlWJTHqz0ZFXkT8ZzkYQTICMjw/CLoMq+pTvfVKdtriRQ1k66EENRQ1RtwNff apy2+QH0/zaSB/L9TVvwBTKkmZu2RruAY2rGOA9ZKBB6TiuTEPKwf5NcJXQnpxZLagcb rL46PtuOSH623g+GnhY7uFaKzIfTbhT0gwq5RP6KInQz33LMb5Eek5nHa3ED49aYO4fF eaCR1fp3gkZpRRZrCWeDVz6fxoAMdgAGBFVXg73YQSPjDTKm+txcJ4VEEIUGHx+eetH1 V0ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=TIOIEk5M8Q1TCymIapJgWhEnPKqFdVHLTINvAj6jAv4=; b=TOVwE1F9pr5HvVlY9rBWsNvxMU7CvR37GHU/DzuoHVclqdsMPnFkBRyys7eQfxQqRu 2t6E8+gE0oi41/Gd3qlHI+ceyzqsPm8hj2saEStQxB1MYvJxCeWIQZsC/rMZ+zIDwZkk s2T60NP/9NSVsOr66y0/6g5iAs4U1IixCaAGHcN4P+krV7qa4LrRJq/tIgSgz3GGlJNt xQEXucmaKuM1YbRcjiqdtJQgYwOU8dLAdBE6ah0GXEPEV3ZTaJHuBjudJj/8bFMaEkqX yybExW6N2s2GK863L4STinaKdwHrUoQkwvqRkkS5JyNwN/+1ht8WCpP1wAO+Bw3XHV3B CNjQ==
X-Gm-Message-State: ALoCoQnDfE+xlMxmOCWErtu3Q6HcBsRU7vTTYjseg4LvzQzFaKZycyNOlQW3/JAZA4/NZkKHUmtX
X-Received: by 10.13.218.198 with SMTP id c189mr2482864ywe.165.1449065603097; Wed, 02 Dec 2015 06:13:23 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.249.197 with HTTP; Wed, 2 Dec 2015 06:12:43 -0800 (PST)
In-Reply-To: <FC4B4A5A-3D42-411B-AFF9-2381DE61E63E@gmail.com>
References: <56586A2F.1070703@gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B8DA2A@uxcn10-5.UoA.auckland.ac.nz> <565AC278.2010904@gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B92E74@uxcn10-5.UoA.auckland.ac.nz> <565C0F25.7000507@gmail.com> <9A043F3CF02CD34C8E74AC1594475C73F4B9331B@uxcn10-5.UoA.auckland.ac.nz> <20151201005609.GD18315@mournblade.imrryr.org> <CAFggDF03fzyAw95Ka8NHtBGEcebAe3RCt5pRd3r8_nhBbR7oNw@mail.gmail.com> <3B906BDF-CA30-4EDF-ADA9-ABFC2A25014D@gmail.com> <CAFggDF2sWLr-2yXPDrznymO_E1Zx_UCm1zn92J8O84WZh2gMrA@mail.gmail.com> <A4341585-0020-4F8B-84CC-BBC0EE7F57CB@gmail.com> <CAFggDF2Mvmqc7RifSYf7Q=tJdK7oWipUQjwK=GmhgB-rvZCqdA@mail.gmail.com> <FC4B4A5A-3D42-411B-AFF9-2381DE61E63E@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 02 Dec 2015 06:12:43 -0800
Message-ID: <CABcZeBPSygpOZpkj2a+UM1CL+VY3ygg4jP1Aoy9owo1+QS7=1Q@mail.gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c08192a8799190525eae0ed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/1PenQoeyKDGLylFyn4u222Eidq0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 14:13:28 -0000

On Wed, Dec 2, 2015 at 5:38 AM, Yoav Nir <ynir.ietf@gmail.com> wrote:
>
> I don’t think Bryan’s proposal will hurt the capabilities of a Check Point
> firewall, and it will make life difficult for me as a developer no more
> than it will make life difficult for developers of OpenSSL, NSS, SChannel,
> or any of a dozen other TLS implementations. I don’t know about the other
> IDS/IPS/Firewall devices.
>

The people who will be inconvenienced (if any) by changing the record
framing in an
externally visible way are not largely developers of middleboxes or stacks
but
rather (1) users and (2) client vendors and (3) server operators, who have
to
deal with connections being arbitrarily broken and/or damaged by inspection
devices which expect to be able to observe packet framing.

In Seattle, when the topic of stripping off the fixed three bytes of the
record
header came up (which would have had a similar impact), we agreed to defer
it until we had measurements for the level of breakage that it would cause
(an experiment which we at Mozilla are on the hook for). It seems to me that
this question should be handled similarly.

-Ekr