IETF Logo Mail Archive

RE: [TLS] comments & clarifications for rfc4507bis

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Fri, 05 October 2007 22:23 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IdvZz-00033r-UP; Fri, 05 Oct 2007 18:23:31 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IdvZy-00032X-Er for tls@ietf.org; Fri, 05 Oct 2007 18:23:30 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IdvZx-00071W-20 for tls@ietf.org; Fri, 05 Oct 2007 18:23:30 -0400
X-IronPort-AV: E=Sophos;i="4.21,237,1188802800"; d="scan'208";a="231500982"
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 05 Oct 2007 15:23:28 -0700
Received: from sj-core-3.cisco.com (sj-core-3.cisco.com [171.68.223.137]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id l95MNSYY006258; Fri, 5 Oct 2007 15:23:28 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id l95MNNqD025396; Fri, 5 Oct 2007 22:23:28 GMT
Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 5 Oct 2007 15:23:24 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] comments & clarifications for rfc4507bis
Date: Fri, 05 Oct 2007 15:23:32 -0700
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE5049B9AE4@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <28425e380710041321w3eb15158o5ba9d2e2157e6766@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] comments & clarifications for rfc4507bis
Thread-Index: AcgGxTj+Q/E6W74KQdSA0b5z/Rl6wgA2AHzg
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: Nagendra Modadugu <ngm+ietf@google.com>, tls@ietf.org
X-OriginalArrivalTime: 05 Oct 2007 22:23:24.0296 (UTC) FILETIME=[58044080:01C8079E]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=4912; t=1191623008; x=1192487008; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey@cisco.com> |Subject:=20RE=3A=20[TLS]=20comments=20&=20clarifications=20for=20rfc4507 bis |Sender:=20; bh=4W2D/19LX8Q2HCE2IZUnp+uu4rld6aJ5KY6BqKvP+nI=; b=hkAExEyxPGdAO4xXCi/T3siiiwcXFn+B6JAuAY2CZ2L9/ZoG7nqo0eaSBaZPa/73dro/B0EH INIQ+MS353hUyOoZ9SmUrjzRwdzjh/BMlJfynGc+v7X/FWHxoPCdEUC7;
Authentication-Results: sj-dkim-3; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 8fbbaa16f9fd29df280814cb95ae2290
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Hi Nagendra,

Thanks for reviewing the draft and providing comments:

Comments inline below: 

> -----Original Message-----
> From: Nagendra Modadugu [mailto:ngm+ietf@google.com] 
> Sent: Thursday, October 04, 2007 1:22 PM
> To: tls@ietf.org
> Subject: [TLS] comments & clarifications for rfc4507bis
> 
> A few more comments:
> 
> S3.1: The client caches this ticket along with the master secret and
>       other parameters associated with the current session.  
> When the client
>       wishes to resume the session, it includes the ticket in the
>       SessionTicket extension within the ClientHello message.
> 
> The text is not clear what "includes the ticket" refers to.  
> It could either mean the entire NewSessionTicket message, or 
> just NewSessionTicket.ticket.  The client does not need to 
> echo back NewSessionTicket.ticket_lifetime_hint, so it is not 
> obvious which of the two meanings is implied.  The 
> description would be unabiguous if the text included a struct 
> along the lines of:
> 
>   struct {
>     opaque NewSessionTicket.ticket<1..2^16-1>
>   } SessionTicket;
> 
> 
[Joe] I would rather clarify this by saying:

 "When the client wishes to resume the session, it includes the ticket
contained within the NewSessionTicket message, in the SessionTicket
extension within the ClientHello message. "

The new struct actually reintroduces an issue with encoding that we
trying to correct with this revision.  

> S4:
>       enum {
>          anonymous(0),
>          certificate_based(1),
>          psk(2),
> +       (255)
>      } ClientAuthenticationType;
> 
[Joe] OK, thanks, more below

> On 10/3/07, Nagendra Modadugu <ngm+ietf@google.com> wrote:
> > Apologies if the points below have been previously addressed.  The 
> > comments below are in reference to the version of the draft dated 
> > August 27, 2007.
> >
> > S3.3: The server MUST NOT assume that the client actually 
> received the updated
> >       ticket until it successfully verifies the client's Finished
> >       message.
> >
> > This text seems incorrect.  The full-handshake case is 
> actually a bit 
> > awkward, since the server cannot assume that the ticket has been 
> > received (by the client) until application data is received 
> from the client.
> >
[Joe] Ah, I see your point, the client sends its finished message before
it receives the ticket. We should probably change this to

"The server MUST NOT assume that the client actually received the
updated ticket until it successfully receives application data from the
client."  

> > S3.4: If a server is planning on issuing a SessionTicket to a client
> >       that does not present one, it SHOULD include an empty 
> Session ID in the
> >       ServerHello.  If the server includes a non-empty 
> session ID, then it
> >       is indicating intent to use stateful session resume.  
> If the client
> >       receives a SessionTicket from the server, then it discards any
> >       Session ID that was sent in the ServerHello.
> >
> > Why are servers afforded the flexibility of simultaneously 
> including 
> > an extension and session ID?  Or differently put, why 
> should a server 
> > ever need to generate a session ID if it intends to do 
> stateless resumes?
> > (Session IDs generated by the server will be discarded by 
> the client 
> > in any case.)
> >
[Joe] During discussions for RFC 4507 there was a desire to allow
stateful resume during fallback to a full handshake.    

> > S3.4: In this case, the client ignores the Session ID sent in
> >       the ServerHello ...
> >
> > "the Session ID" -> "the Session ID (whether empty or non-empty)"
> >
> > S3.4: If the server accepts the ticket and the Session ID 
> is not empty,
> >       then it MUST respond with the same Session ID present in the
> >       ClientHello.  This allows the client to easily 
> differentiate when
> >       the server is resuming a session from when it is 
> falling back to a
> >       full handshake.
> >
> > What if the server rejects the ticket in this case?  It seems 
> > reasonable that the server responds with an empty session ID to 
> > indicate to the client that a full-handshake is being initiated.
> >
[Joe] If the server rejects the ticket and it is planning on issuing a
new ticket then it SHOULD include an empty session ID.  If the server
rejects the ticket and does not plan to issue a new ticket then it MUST
either include a different session ID or an empty session ID.  A
non-empty session ID allows for stateful session resume.  

> > Thanks,
> > nagendra
> >
> 
> _______________________________________________
> TLS mailing list
> TLS@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/tls
> 

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email