Re: [TLS] Encrypt content type (#51) + Remove TLSCiphertext.version (#144)

Eric Rescorla <ekr@rtfm.com> Sun, 17 May 2015 03:26 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41D2B1A1C02 for <tls@ietfa.amsl.com>; Sat, 16 May 2015 20:26:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yewqtzlMw_D7 for <tls@ietfa.amsl.com>; Sat, 16 May 2015 20:26:56 -0700 (PDT)
Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com [209.85.212.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6493F1A1BFE for <tls@ietf.org>; Sat, 16 May 2015 20:26:56 -0700 (PDT)
Received: by wizk4 with SMTP id k4so37952608wiz.1 for <tls@ietf.org>; Sat, 16 May 2015 20:26:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ZFs7DeJrlNcqzJjo9RcJBBB5xBiVXcp9OvkHLu4LF4c=; b=bKxbK1XbMdN6af9OjqduEFgzd57N870i3z04TJSI5ilmx6lJyrWTdzUwnPgIQOVN9u ujsKmn1WW9nwkTBzGMHWeK+vcGrvU4U6ROAEygHSQYgEoZwI+mxNIHGTklc3olxZkJy0 9H+XVxTCL3HOiD2+s8Pm/3RlLkE3jQUqeUAx+LtAhKfNRqCpfrfgpszpnyMoYQMdkJhn 3x3L+eRQYUitDTPJwV5wBE95Q9IUfeWwnup/UAi5ug5ERa5xOTVIDTLV69Px4oOaRwYB R6zWd2tHGaRCK2fN83Tg3H5YnvJw5GI1ljBItIJ3j0EYAMyOYIsputvtiZ1OctEK1+9T ownw==
X-Gm-Message-State: ALoCoQkmaKAwMs9BdYT5mBljCpheuYcc6q8Mz39YL0fXgE5g7p9HAJjM/+ttYcJr3FUKxvazrinx
X-Received: by 10.194.133.73 with SMTP id pa9mr10865930wjb.148.1431833215175; Sat, 16 May 2015 20:26:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.205.87 with HTTP; Sat, 16 May 2015 20:26:14 -0700 (PDT)
In-Reply-To: <201505162104.28920.davemgarrett@gmail.com>
References: <201505161954.52817.davemgarrett@gmail.com> <CABcZeBN1n_9v4OEp51GniQY8dNkiZMS1wxc9odEKmCLUkCWx7A@mail.gmail.com> <201505162104.28920.davemgarrett@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 16 May 2015 20:26:14 -0700
Message-ID: <CABcZeBNxc1smFyoyWkyOuah1G_5Mi-shNKbBR_iAumqmeAxuMg@mail.gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: multipart/alternative; boundary=089e011771a92b216405163ea601
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/6B3vubDNti3TLjno2WGBoLANupM>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Encrypt content type (#51) + Remove TLSCiphertext.version (#144)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 May 2015 03:26:58 -0000

The issue is that there are believed to be middleboxes which depend on the
length being
in the right place.

-Ekr


On Sat, May 16, 2015 at 6:04 PM, Dave Garrett <davemgarrett@gmail.com>
wrote:

> On Saturday, May 16, 2015 08:23:19 pm Eric Rescorla wrote:
> > On Sat, May 16, 2015 at 4:54 PM, Dave Garrett <davemgarrett@gmail.com>
> > wrote:
> > > Is there enough agreement on list for consensus on:
> > > https://github.com/tlswg/tls13-spec/pull/51/files
> > > &
> > > https://github.com/tlswg/tls13-spec/issues/144
> > > ?
> > >
> > > This would get us to the point of no AD for AEAD, as noted by Martin
> > > Thomson.
> > > https://www.ietf.org/mail-archive/web/tls/current/msg15490.html
> >
> > No. I believe that the present consensus is to retain the existing
> version
> > bytes in place but just leave them fixed.
>
> To be clear, the proposal would be to drop TLSCiphertext.version, but NOT
> TLSPlaintext.version. The latter needs to stay in place for compatibility,
> but the former is after version negotiation and provides no useful info.
> Just a
> waste of 2 bytes for every record at that point. The version number is
> currently in the context string for the certificate verification
> signatures, and
> Martin suggested mixing it into the PRF/HKDF info string to make the keying
> material dependent on the version number. (see quoted mailing list URL)
>
>
> Dave
>