Re: [TLS] Proposed text for removing renegotiation
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 17 June 2014 20:56 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEF5F1A0168 for <tls@ietfa.amsl.com>; Tue, 17 Jun 2014 13:56:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QikXsDfsDgAV for <tls@ietfa.amsl.com>; Tue, 17 Jun 2014 13:56:49 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 78E221A0154 for <tls@ietf.org>; Tue, 17 Jun 2014 13:56:49 -0700 (PDT)
Received: from [10.70.10.68] (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id E6FDDF984; Tue, 17 Jun 2014 16:56:43 -0400 (EDT)
Message-ID: <53A0AB7E.4050706@fifthhorseman.net>
Date: Tue, 17 Jun 2014 16:56:30 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Icedove/30.0
MIME-Version: 1.0
To: Nikos Mavrogiannopoulos <nmav@redhat.com>, Watson Ladd <watsonbladd@gmail.com>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <1402388399.2369.5.camel@dhcp-2-127.brq.redhat.com> <CACsn0cm5OzzjOh5nSXcu-cx+ZYFeJiJ5eGvgwjsWPUeX4ozz2g@mail.gmail.com> <1402476304.2305.8.camel@dhcp-2-127.brq.redhat.com> <CACsn0cmM4KpMgwXo0iTygsQ+En6N3J46jPY-Q3hfwzqG431M1w@mail.gmail.com> <1402648977.6191.36.camel@dhcp-2-127.brq.redhat.com> <CACsn0ck6OxPm8BwuNeAn+wpayaefkAzZtiyjkaQ1sB_4hp0C_Q@mail.gmail.com> <1402990596.2335.18.camel@dhcp-2-127.brq.redhat.com>
In-Reply-To: <1402990596.2335.18.camel@dhcp-2-127.brq.redhat.com>
X-Enigmail-Version: 1.6+git0.20140323
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="76GctuBcn9eD0q0UO5LDmT2f6SSjmiaF7"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/6FeNZB8MtUt5noo686zfweDIPZE
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 20:56:52 -0000
On 06/17/2014 03:36 AM, Nikos Mavrogiannopoulos wrote: > On Fri, 2014-06-13 at 08:34 -0300, Watson Ladd wrote: > >> The issue is the following: most applications do something like this >> parse_request(conn) >> check_if_request_authorized(conn) >> >> This assumes that the authentication state doesn't change in between >> the two lines, or midway through the parse. >> With renegotiation it can. > > Indeed, but this is an easily unsolvable issue. Do you mean "easily solvable" here? > That can be easily > avoided on the implementation side (and gnutls is does not allow that). > I have numerous times asked to clarify and better specify this part on > the past. Do you have a suggestion for how we could clarify and better specify this part? Maybe it's worth crafting that into a counterproposal that could be weighed against the current "remove renegotiation" proposal. I realize that we frequently claim we "don't do API" here, and the issue of how well application developers actually deal with connection property changes comes close to the API of any given TLS implementation. But I suspect most application developers who use TLS don't understand that the authentication state or cryptographic protections of the connection may change mid-stream. Of the minority that does understand that this state may change, i suspect that many of them don't actually handle the situation well (if at all). if we want to avoid this on the implementation side, do we need more guidance to implementers of TLS stacks? or guidance for application-layer users of those stacks? or both? --dkg
- [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andy Lutomirski
- Re: [TLS] Proposed text for removing renegotiation Martin Rex
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Daniel Kahn Gillmor
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andy Lutomirski
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Brian Smith
- Re: [TLS] Proposed text for removing renegotiation Geoffrey Keating
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation Brian Sniffen
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation James Cloos
- Re: [TLS] Proposed text for removing renegotiation Hubert Kario
- Re: [TLS] Proposed text for removing renegotiation James Cloos
- Re: [TLS] Proposed text for removing renegotiation Martin Rex
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Andrei Popov
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Eric Rescorla
- Re: [TLS] Proposed text for removing renegotiation Paul Hoffman
- Re: [TLS] Proposed text for removing renegotiation Yoav Nir
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation David Holmes
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Watson Ladd
- Re: [TLS] Proposed text for removing renegotiation Steve Checkoway
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Salz, Rich
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Daniel Kahn Gillmor
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Kemp, David P.
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation Nikos Mavrogiannopoulos
- Re: [TLS] Proposed text for removing renegotiation Martin Thomson
- Re: [TLS] Proposed text for removing renegotiation henry.story@bblfish.net
- Re: [TLS] Proposed text for removing renegotiation henry.story@bblfish.net