Re: [TLS] PR#28: Converting cTLS to QUIC-style varints
Michael D'Errico <mike-list@pobox.com> Tue, 06 October 2020 18:37 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FC293A14D9 for <tls@ietfa.amsl.com>; Tue, 6 Oct 2020 11:37:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Level:
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.213, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pobox.com; domainkeys=pass (1024-bit key) header.from=mike-list@pobox.com header.d=pobox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a9w4Bx4J95xt for <tls@ietfa.amsl.com>; Tue, 6 Oct 2020 11:37:06 -0700 (PDT)
Received: from pb-smtp2.pobox.com (pb-smtp2.pobox.com [64.147.108.71]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 545043A14D8 for <tls@ietf.org>; Tue, 6 Oct 2020 11:37:05 -0700 (PDT)
Received: from pb-smtp2.pobox.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 8407183B94; Tue, 6 Oct 2020 14:37:04 -0400 (EDT) (envelope-from mike-list@pobox.com)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=3q4LD/NagGwp laQWvylwTUrwlLQ=; b=ltzYrYrQmktsIJSrxI3YRmh7cqHhhkWg1AOgfZZxItU1 JnkKdPx1VD89plzXyIwSEs8M74fSXDd+s/6SLxuq2OojsPAvM1RiSjMZUUiwFICG szMALOoHEVZMqXMPEKXnuWT2XLf32NenbirZqWeYK2uX0h4ZM4eO2XgiPi6U39w=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=frXlKT ddrNSiFuYyANY8o9gfSECceAwBffE3jRhEsbh9iN8q+WzK3Adhn7+r2FlQCl3f7p XZq5SJ/T/Levvwps3lsGO9AB4OpwxgPJXF7pFGrEk0uk7ORi/2VMW7s8egDVo26I RRZmy7sHZAwlLAdrdvLTxt/EBmjOGnPqwNbRc=
Received: from pb-smtp2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-smtp2.pobox.com (Postfix) with ESMTP id 7BC5283B93; Tue, 6 Oct 2020 14:37:04 -0400 (EDT) (envelope-from mike-list@pobox.com)
Received: from MacBookPro.local (unknown [72.227.128.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pb-smtp2.pobox.com (Postfix) with ESMTPSA id A60E383B92; Tue, 6 Oct 2020 14:37:02 -0400 (EDT) (envelope-from mike-list@pobox.com)
To: Christian Huitema <huitema@huitema.net>, TLS List <tls@ietf.org>
References: <CABcZeBPNFhGoLhgqeR9ObwyU68BYq=hXG1PhXcqNsNDNFGGyaw@mail.gmail.com> <CAOYVs2rEDtgJFVpiQkcaaYG2LAyW1hB5Cou4kUoG2_dkxMFTww@mail.gmail.com> <CABcZeBP3BUDEeiV2T-kxYTmC841XE_BrXhPHSoRqfdH0hHd-6w@mail.gmail.com> <BBA456AB-EC42-47DD-A3E3-5FC0E9E7A534@akamai.com> <53DD7D0D-D325-4246-86F2-C409875134FB@ll.mit.edu> <8e8ca76e-37ce-ce10-ae42-ea26d87c35fc@pobox.com> <9CED80DA-FAE7-4C7F-9687-3B61B63587E9@akamai.com> <a49d4b8c-cf49-51df-0c6b-332a4459f318@pobox.com> <b8f4597c-37de-0092-6179-c6bf275c20f9@huitema.net>
From: Michael D'Errico <mike-list@pobox.com>
Message-ID: <96616ddd-263c-badb-64ee-20c03a8c1dda@pobox.com>
Date: Tue, 06 Oct 2020 14:37:01 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <b8f4597c-37de-0092-6179-c6bf275c20f9@huitema.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
X-Pobox-Relay-ID: ED323ACC-0802-11EB-A509-74DE23BA3BAF-38729857!pb-smtp2.pobox.com
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4OosCfX05doxALv1WIjNZM_pjTA>
Subject: Re: [TLS] PR#28: Converting cTLS to QUIC-style varints
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2020 18:37:08 -0000
I think we are in agreement. On 10/6/20 13:12, Christian Huitema wrote: > * Receiver side: receive the message, parser with generic ASN.1 decoder, > process the message using the "parsed" representation, re-encode with > DER, check the signature. I recall that at least one root certificate had a SEQUENCE encoded using BER-but-not-DER (?) Yeah if your software re-encoded that, it would no longer be the same sequence of bytes. > Experience showed that this workflow is very problematic, because the > parse/reencode process may introduce subtle changes and the signature > will fail. One may argue that these changes are due to implementation > bugs, but fact it that this is a rich environment for growing bugs. > Based on experience, the receiver side is better done as: > > * Receiver side: receive the message, save it, parse and process, and > when it is time to verify the signature go back to the original message > and check the signature. This is how I did X.509 verification, though I was late to the game and the advice was already there to accept a BER-encoded certificate. Not sure if I would have done the DER re-encoding bit if that was the current advice at the time since it seems like the wrong thing to do, but maybe I would have. > If we do that, then there is no reason to mandate minimal length > encoding. And TLS already does that. For example, we do not reorder > extensions according to some canonical rules before placing them in the > transcript. I was disappointed to see that the TLS 1.3 spec now has a requirement to put one of the ClientHello extensions in a specific place (last in the list). We discussed this at length during the development of either TLS 1.2 or one of the extensions (maybe renegotiation-info?) and we ultimately came to what I believe was the correct decision never to require any ordering of the extensions. Sad to see the group capitulated to whomever said it would make their software easier to write (which I doubt). Mike
- [TLS] PR#28: Converting cTLS to QUIC-style varints Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Marten Seemann
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Martin Thomson
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Salz, Rich
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Marten Seemann
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Christian Huitema
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Rob Sayre
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Hannes Tschofenig
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Martin Thomson
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Salz, Rich
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Salz, Rich
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Salz, Rich
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Christian Huitema
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Nick Harper
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Martin Thomson
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Nick Harper
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Christian Huitema
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Peter Gutmann
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Watson Ladd
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Mohit Sethi M
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Anders Rundgren
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Mohit Sethi M
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Salz, Rich
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Hannes Tschofenig
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Mohit Sethi M