Re: [TLS] Fwd: Clarification on interleaving app data and handshake records
Martin Thomson <martin.thomson@gmail.com> Wed, 14 October 2015 20:42 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96D421A882B for <tls@ietfa.amsl.com>; Wed, 14 Oct 2015 13:42:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ScCeQZX887Zc for <tls@ietfa.amsl.com>; Wed, 14 Oct 2015 13:42:50 -0700 (PDT)
Received: from mail-yk0-x236.google.com (mail-yk0-x236.google.com [IPv6:2607:f8b0:4002:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 350451A87F2 for <tls@ietf.org>; Wed, 14 Oct 2015 13:42:50 -0700 (PDT)
Received: by ykoo7 with SMTP id o7so59338206yko.0 for <tls@ietf.org>; Wed, 14 Oct 2015 13:42:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ccpfbyte+WyxeNtNP8hA5UBTG5wsNdjpbqbl6+xFp34=; b=tqjSfaA/vD60gmM3rgrJ+G45m28XBscaaZ1My00oADjVBRKBlQvS61k0UhX4rfnpMV Hun1KxvWekRp3rMhgSxGD22iWAjZvsA0Z3X5M3INVCncUyqV1RXf2vre2e+Vvdp6yWUC i+erc9V32HT+linL4EDOpKnF7zGDulMO7iIx52ulUOMm3YDBhRLlxs3z2TRwIF2h2s3g vx9KBOy/WMe7Jo17Bntm+JI1BQeQip1TDeu9Sp2Lz+GIoJzpWMlVD9BCaRfAzKYuwMLp 0/r01hKR8VZLJs9aOGIAViD1K/TCtU2hBKzbhOWkWm7O/CwlxjWhYxnf935vVqnD+FpP qcDw==
MIME-Version: 1.0
X-Received: by 10.13.196.196 with SMTP id g187mr4385708ywd.98.1444855369478; Wed, 14 Oct 2015 13:42:49 -0700 (PDT)
Received: by 10.13.230.78 with HTTP; Wed, 14 Oct 2015 13:42:49 -0700 (PDT)
In-Reply-To: <CAF8qwaBZZs-QF98wgJRxWdijHCkM2nj4w7AUZ4tRMaKf6_jFHQ@mail.gmail.com>
References: <20151014154401.DF1401A2E6@ld9781.wdf.sap.corp> <561EB56B.9050308@baggins.org> <CAF8qwaBZZs-QF98wgJRxWdijHCkM2nj4w7AUZ4tRMaKf6_jFHQ@mail.gmail.com>
Date: Wed, 14 Oct 2015 13:42:49 -0700
Message-ID: <CABkgnnWG6aPnwwK5KyJLG4NgsyOKT0=gj2TDPWoeEhejrH4iZw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: David Benjamin <davidben@chromium.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/450Zcz-iFGU9OF3XfkwABgW_AwY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fwd: Clarification on interleaving app data and handshake records
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2015 20:42:51 -0000
On 14 October 2015 at 13:29, David Benjamin <davidben@chromium.org> wrote: > If you really absolutely must support interleave and can't avoid it, I think > it being allowed everywhere except between CCS and Finished is probably the > closest you can get to coherent semantics. "Coherent" here is, of course, > all relative since renego is involved. I think that it needs to be more than that. I would say: 1. You should not interleave data with handshake messages from the same flight. 2. You should not report any change to handshake status until the renegotiation is complete. That means no callbacks/events about new peer certificates, or anything of that nature until you have received and validated the Finished. You would have to exercise caution here for the callbacks that are necessary during the process, like the "please choose a certificate and private key to use" callback on either side. If you can somehow manage to do all of that, then you might be able get away with not halting progress entirely. Because - as far as the application is concerned - application data is sent as though it were before the renegotiation. In essence, you are keeping the application ignorant of any changes until the whole process is over. I've heard it recommended that you add other stipulations, such as 3. The server cannot change certificate. I'm ambivalent on that because I don't believe it to materially change the security properties (assuming that we have a good handshake, i.e., at least R-I and session hash). I don't have proof of that, of course.
- [TLS] Fwd: Clarification on interleaving app data… Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Ilari Liusvaara
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Rex
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … David Benjamin
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Thomson
- Re: [TLS] Fwd: Clarification on interleaving app … David Benjamin
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Thomson
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Rex
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Clarification on interleaving app data … Short, Todd
- Re: [TLS] Fwd: Clarification on interleaving app … Kurt Roeckx
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Yoav Nir
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Kurt Roeckx
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Karthikeyan Bhargavan
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario