Re: [TLS] draft-ietf-tls-tls-13-17 posted

Kazuho Oku <kazuhooku@gmail.com> Fri, 21 October 2016 21:59 UTC

Return-Path: <kazuhooku@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD134129683 for <tls@ietfa.amsl.com>; Fri, 21 Oct 2016 14:59:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EPKcraSim5TT for <tls@ietfa.amsl.com>; Fri, 21 Oct 2016 14:59:00 -0700 (PDT)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14AAC129669 for <tls@ietf.org>; Fri, 21 Oct 2016 14:59:00 -0700 (PDT)
Received: by mail-wm0-x229.google.com with SMTP id c78so9048408wme.1 for <tls@ietf.org>; Fri, 21 Oct 2016 14:59:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GFx/IPcbmDXY1otfPy8XDqQ5+qZhJAPzw28YLlIudRc=; b=m+qAHBf2jWmkHEyA3mYrsEq7n4G5DY6SZ2ogZQj0IoSNaYFM1xoHJ1xQOV5GXhXFk4 qzKekJxBexQ+cm9yni2GHw7GMocu9iN0QPkVzfhBn1E2OAEADXkw/vWRGCzJRUb9SmsU IAG7mwDTrUfqfcDuVpBrONBYFUP3lePTAu7EzlGk3zviogjCdN+cqhr1xAYPz+cIluyf 4XQxsgCYcY3tUP1NYmG8lw7RAhCcuw+V1tH44COYv7YQmuVWfVNF6GJvhYL7SSNdHQAj UNN4gH+UEx9oTQupOD8eC0uRhUK5toS+NzzHF5NWAnAozrtkWbzr/Cxm4S32zSc7OJJl UmEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GFx/IPcbmDXY1otfPy8XDqQ5+qZhJAPzw28YLlIudRc=; b=UJSFSHBZkO7Lol+M08A36wrRFRtTzOpT1qkus3ZywEWNSEMTGfcfd+r8PTU8a+esDp huUNLZXhrWhTivdTn52mpAvwmCLOi7IZ18/jvsoYTr1T9PDcg7caDBq35P42SgEI5VKl jvQncD2mEdKyxPlbAX2XswPLMywt5QsPPDtHgJLOBSVz9XywfaqoBVq13c6fzTAs+nxn 9mSPioPc/scLqSzLjkRAOdSzacWuLlGSzZMT5yuEbfyfpXgdN7aSVj7LqrOCDg0Dz3Ml 9vAFrb9tVDFTYrscoUAq3wqhNQXE23aiTBV4t3Q9eSoU/VWfnkIFxDn+PEU9/HkiuNWB ivpA==
X-Gm-Message-State: ABUngveIIF8OphwnRDF51zjiDvZ0zIvdGk1D+I8aaS/1JoUG68MmSWVZVopQcQXA5XwLtzOclTgSEDvI0qRzpQ==
X-Received: by 10.194.97.69 with SMTP id dy5mr2251277wjb.53.1477087138581; Fri, 21 Oct 2016 14:58:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.163.69 with HTTP; Fri, 21 Oct 2016 14:58:57 -0700 (PDT)
In-Reply-To: <20161021093350.GA8070@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CABcZeBP6pzqtcT3rmmpjr_4R+fb6ZyiAduxQiJ87B9hnRzVBXA@mail.gmail.com> <20161021093350.GA8070@LK-Perkele-V2.elisa-laajakaista.fi>
From: Kazuho Oku <kazuhooku@gmail.com>
Date: Sat, 22 Oct 2016 06:58:57 +0900
Message-ID: <CANatvzywrA9OFtpncjKA6UxcxjV08Z_VPuXxQhdTja6zHrhXWA@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/4yJK952bo0VfZ9p-iLK0QRScdd8>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-tls-13-17 posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 21:59:02 -0000

2016-10-21 18:33 GMT+09:00 Ilari Liusvaara <ilariliusvaara@welho.com>;:
> On Thu, Oct 20, 2016 at 09:32:36AM -0700, Eric Rescorla wrote:
>> Folks,
>>
>> I have just uploaded draft-ietf-tls-tls13-17.
>
> Updated my own implementation from -16 to -17 (TODO: Add to
> implementations page, it isn't any of the ones listed).
>
> And since that implementation supports RFC7250 (for the server
> certificate), here is my interpretation of it:
>
> The certificate type is sent in extensions of EE certificate,
> via the usual server_certificate_type extension (using the server-side
> syntax from RFC7250).
>
>
> Okay, the extension is after the certificate it attaches to (which is
> just weird), but turns out this wasn't that bad to implement, due to
> how the code happened to be laid out (it first sliced the certificate
> message to extract the certificates and only afterwards processed
> those).
>
>
>
> ... Interop tests with picotls failed:
>
> - Picotls sends extension 13 (signature_algorithms) in ServerHello,
>   which my implementation does not like[1].
> - Picotls still seems to have the resumption_context mixed into
>   hashes. I tought that got nuked when switching to "finished
>   stuffing"? This causes wrong encryption keys to be derived,
>   causing the handshake to blow up.
>

Thank you very much for testing, and for reporting the issues you
found. Apparently I missed the changes when I made the adjustments for
draft-17.

I've pushed the fixes on to my git repository
(https://github.com/h2o/picotls) fixing the two issues. Hopefully with
them, picotls would be able to communicate with your implementation (I
think it might be better to go through my code with draft-17 in hand
to see if any other discordances exist, but that'll be in the next
week).

I am also looking forward to seeing your implementation on the Wiki.

>
>
> [1] Wasn't this ripped out in -17? The -17 draft seems to list that
> extension as "clear", shouldn't it be "client" as the AFAIK the
> server won't send it?
>
>
> -Ilari
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls



-- 
Kazuho Oku