Re: [TLS] TLS 1.3 Problem?

Michael D'Errico <mike-list@pobox.com> Mon, 28 September 2020 22:32 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDC5F3A0CB7 for <tls@ietfa.amsl.com>; Mon, 28 Sep 2020 15:32:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pobox.com header.b=NK4b5QWI; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=UiXTCmiT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QL37Oenz3xTJ for <tls@ietfa.amsl.com>; Mon, 28 Sep 2020 15:32:57 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 586EC3A08C1 for <tls@ietf.org>; Mon, 28 Sep 2020 15:32:56 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 42B495C0112 for <tls@ietf.org>; Mon, 28 Sep 2020 18:32:56 -0400 (EDT)
Received: from imap21 ([10.202.2.71]) by compute2.internal (MEProxy); Mon, 28 Sep 2020 18:32:56 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pobox.com; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=9AjqyFZxHYz3NhksIQuTR/yr4IMCwAH mNz+dM/KLKWk=; b=NK4b5QWIuUMNyR0Eh040DY/3IDRN4md/jgAFwN0WUE0PEKv A1xi4JVVMlYxyi6kMGkNjUZCnvs/Kt4BEyKeug+1C0Yv7XzmGZOBexWulu23NA9d aodi80HZudxUTuaCy/BFa0sDQ0I0UHl5n+325HYB6Ro6PJy7h04ed2XyEIRddB1R Y+TrcPrFc7LRNu3QP5hpyiYZWFoQj7yVrqLmZdk2nuqLgCwP/XmWSS+my41PZfLA wkmkwwcWVwW3dGcRSF/QhFz0xdS9El8a/i3E7R0Qo8ce4NiGwmBlZRNonF94f7kM XS1wjprBZGNbvfJR602hdinQ5RgZbGTf7P8nQxg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=9AjqyF ZxHYz3NhksIQuTR/yr4IMCwAHmNz+dM/KLKWk=; b=UiXTCmiTOmxI+6JjSLXWkf QjwIGHojYA5NBasq1TPxkbwwwrryl9e0ySabC76HcAAJa2Ij36UkpNiTiq+PbnEv E/kue3F4+tY4uGBMPor2wn9DlOAZXrOAlUL0D7Q7W/OyiqVUTxk+ciVTM7cdKs+m 3/DlgQWm4R3OqaJgaytQ2/RGnYa1IcCPBZ8RMal/8pPuIfliy4CunExBWbfvVly4 5rCfseYNv6jcwF9mkJIOlMtZchavXqofFSxvYVRMpHeVXQ2rKs/yThaxFLy0qwPy S7Er8q5EqPL7VK98OA7OdnThse1XjEhdETxYwHwJ8+hvwX6aOBXkxpccVqbnOarg ==
X-ME-Sender: <xms:l2RyX_ZPYpdjleVy8sBja3ALsMCwq4sTP2WVpUYnzANqN1AtWITBKA> <xme:l2RyX-YrcRtgbP6EYjzcHDtnD-ispJ9tlVA5GlZAOPqqZfwM_mUvx-I61Eb87sCes frzlTZ8W148nJjKUQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdejgdduudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdfoihgthhgrvghlucffkdfgrhhrihgtohdfuceomhhikhgv qdhlihhsthesphhosghogidrtghomheqnecuggftrfgrthhtvghrnhepieejueegheelgf ehtddvueetteefuefgffdvkeehteeutdekffejtedtiefggfdtnecuvehluhhsthgvrhfu ihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhikhgvqdhlihhsthesphhosg hogidrtghomh
X-ME-Proxy: <xmx:l2RyXx-tCEBDKH02HK7_-2_iNjJj7u7Q4TOHaSEoHX1RdlCPW0HfdQ> <xmx:l2RyX1r8ss7J7A3bnd5iGr_O9V5tNnf27E0pqHtzGfhcT4NOBShvbA> <xmx:l2RyX6oSKrxv_RmcSsL6AT05SjDTdaqcDqL_I1DenzMRpSpG8-Ro3w> <xmx:mGRyX32DNHh2qpJ5JXVw_Hk1pLnyaZCuO5XSpvFamrc6hhV0vrVtZA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id BC60366006F; Mon, 28 Sep 2020 18:32:47 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-355-g3ece53b-fm-20200922.004-g3ece53b9
Mime-Version: 1.0
Message-Id: <1c7e2f31-8a9e-4bd8-9e80-ab18ebeb609f@www.fastmail.com>
In-Reply-To: <AM0PR08MB37164F2D0E0CE5FB6D62D461FA350@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <0c31f2d6-5f8e-2fd6-9a1a-08b7902dd135@pobox.com> <AM0PR08MB37164F2D0E0CE5FB6D62D461FA350@AM0PR08MB3716.eurprd08.prod.outlook.com>
Date: Mon, 28 Sep 2020 18:32:26 -0400
From: "Michael D'Errico" <mike-list@pobox.com>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/5VzxAZalYlXBluINkXhiYDLDk2E>
Subject: Re: [TLS] TLS 1.3 Problem?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2020 22:32:59 -0000

On Mon, Sep 28, 2020, at 11:07, Hannes Tschofenig wrote:
> 
> Luckily, we don't have any angry cryptographers in this group.

Were they all pushed away too?

Anyway, back on the topic of stateless HelloRetryRequest, I
don't see how this can work given that the client can make
several modifications to the ClientHello which will invalidate
the hash sent in the "cookie" (even if the client echos it back
as required without modification).

Is stateless HelloRetryRequest even being used?  If so, how?

Mike