IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-grease-02.txt

Hubert Kario <hkario@redhat.com> Fri, 25 January 2019 18:45 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A7BB130EA3 for <tls@ietfa.amsl.com>; Fri, 25 Jan 2019 10:45:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rTFOa-zevu1A for <tls@ietfa.amsl.com>; Fri, 25 Jan 2019 10:45:52 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51C82131022 for <tls@ietf.org>; Fri, 25 Jan 2019 10:45:51 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BAB6B87628; Fri, 25 Jan 2019 18:45:50 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (unknown [10.43.21.83]) by smtp.corp.redhat.com (Postfix) with ESMTP id C69A23DAA; Fri, 25 Jan 2019 18:45:49 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Fri, 25 Jan 2019 19:45:43 +0100
Message-ID: <6035047.RC8yvgZ2HI@pintsize.usersys.redhat.com>
In-Reply-To: <CAF8qwaCxk=8QjFyFXn0agbKTUcMhOA5A_G3paR3P9O9e-wH8rg@mail.gmail.com>
References: <154767032661.29586.10643059734542111710@ietfa.amsl.com> <1548371005.3487947.1642965368.3A897C7A@webmail.messagingengine.com> <CAF8qwaCxk=8QjFyFXn0agbKTUcMhOA5A_G3paR3P9O9e-wH8rg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart2726546.2iyKYnOi7W"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Fri, 25 Jan 2019 18:45:50 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1TOXYtFeRHfKJuCvK0ic9IkY4Yk>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-grease-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jan 2019 18:45:54 -0000

On Friday, 25 January 2019 17:23:22 CET David Benjamin wrote:
> On Thu, Jan 24, 2019 at 5:03 PM Martin Thomson <mt@lowentropy.net> wrote:
> > On Fri, Jan 18, 2019, at 07:23, David Benjamin wrote:
> > > > while record_size_limit extension sends just one value, it does
> > > > specifically
> > > > allow the client to advertise higher values than the protocol versions
> > 
> > or
> > 
> > > > extensions would indicate
> > > > 
> > > > I wonder if sending such values shouldn't be part of GREASE behaviour,
> > > > even if
> > > > it wouldn't use GREASE values...
> > > 
> > > I think that should be sorted out in a separate document. This one's
> > > been
> > > sitting around for a while as it is, and record_size_limit doesn't have
> > 
> > an
> > 
> > > RFC to cite yet. :-)
> > 
> > I'm in two minds about this.  On the one hand, we don't need any actual
> > machinery here, so why do anything?  On the other hand, it's just a note
> > that this is possible, and adding that sort of note is easy.
> > 
> > > The record_size_limit extension {{!RFC8449}} includes a value that can
> > 
> > be greased by endpoints that don't place constraints on their record size.
> > Advertising values larger than the protocol supports is permitted and has
> > no effect on the behavior of a compliant peer.
> 
> I don't feel very strongly either way, though it is odd that it basically
> contradicts the sender's rules in RFC 8449.
> 
>    Higher values are currently reserved for future
>    versions of the protocol that may allow larger records; an endpoint
>    MUST NOT send a value higher than the protocol-defined maximum record
>    size unless explicitly allowed by such a future version or extension.
>    A server MUST NOT enforce this restriction; a client might advertise
>    a higher limit that is enabled by an extension or version the server
> 
> It does say "unless explicitly allowed by such a future version or
> extension", so this is basically blanket overruling that sentence a few
> months after publication. (But overruling it isn't entirely wrong, given
> the current text imposes a future-proofing receiver rule that the sender is
> forbidden from checking.)

we can claim that GREASE cipher suites are signalling cipher suite value for 
this purpose ("unless explicitly allowed by (...) extension")...

but my point was that to ensure future-proofing that "MUST NOT enforce" is 
much more important to keep flexible that to be strict ("MUST NOT send")

*unless* the idea was to later create an RFC that just increases the maximum 
record sizes without introducing any additional extension to signal support 
for it – which I don't think would be safe to do
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

v2.23.0 | Report a Bug | By Email