Re: [TLS] WGLC for draft-ietf-tls-ticketrequests

Hubert Kario <hkario@redhat.com> Fri, 15 November 2019 13:43 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FD6112086C for <tls@ietfa.amsl.com>; Fri, 15 Nov 2019 05:43:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ySnbl20O3U4j for <tls@ietfa.amsl.com>; Fri, 15 Nov 2019 05:43:26 -0800 (PST)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3851812086E for <tls@ietf.org>; Fri, 15 Nov 2019 05:43:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1573825404; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aSa3CudAgbCS7b/1B2QEEXuT94PwbHWmJj80i4CJmzU=; b=SXPJKyfLnx1WFFhWiB4PR3yJgAqQ/uM/KS/SQSRY+qdXzIVrc/3dncSMIBATr1cXa3VH6L 3s9Fpq9lgCJyzbXkliEeHSzpEC6xR+YChIzMnNP+0LY33ezj3EBwDMekkNhZyhzhTAV8+9 rt+TRl8f/OgmhJ6XQIEqkQZiSOAefF4=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-431-MqFMVz9mNHeMpGtpMWfVaA-1; Fri, 15 Nov 2019 08:43:21 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6021C1852E22; Fri, 15 Nov 2019 13:43:20 +0000 (UTC)
Received: from localhost (ovpn-200-40.brq.redhat.com [10.40.200.40]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9FBA69302; Fri, 15 Nov 2019 13:43:17 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: Daniel Migault <daniel.migault@ericsson.com>
Cc: tls <tls@ietf.org>
Date: Fri, 15 Nov 2019 14:43:15 +0100
MIME-Version: 1.0
Message-ID: <825db7ba-7b2c-4a4e-ab93-c7792b446463@redhat.com>
In-Reply-To: <CADZyTkmRP-xq5NjH1p914HFX3wpiYRkz3rr5yO99x87Q-N+-hg@mail.gmail.com>
References: <2FB1D8AD-2C22-4A09-B7AF-0EFD6F0DBACA@sn3rd.com> <0469b84c-3009-427a-99ca-e7f6817f0b6c@www.fastmail.com> <CADZyTknhZDi2JD5WRbKEOGDafHjhTkUm6QhOhv1kkA9BT1nekw@mail.gmail.com> <37ff9a64-2749-4558-a675-5b251f06eb3a@www.fastmail.com> <CADZyTkkS-CipB00+JMRrjNZqXhyCTdBhV11oydCNCCeG_M6ORg@mail.gmail.com> <6fc786f3-9fbe-4f8e-92d3-cd9ceb7f3703@redhat.com> <CADZyTkny6jpk=0gg-=yT3C3zY6N88a6t1RKjfKN+bNU6YbLshw@mail.gmail.com> <07d49b6f-e79d-4058-878f-7a57d5b6f241@redhat.com> <CADZyTkmRP-xq5NjH1p914HFX3wpiYRkz3rr5yO99x87Q-N+-hg@mail.gmail.com>
Organization: Red Hat
User-Agent: Trojita/0.7; Qt/5.12.5; xcb; Linux; Fedora release 30 (Thirty)
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-MC-Unique: MqFMVz9mNHeMpGtpMWfVaA-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6IuZWe142uy3yoyZuF5YqK0vdkY>
Subject: Re: [TLS] WGLC for draft-ietf-tls-ticketrequests
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Nov 2019 13:43:30 -0000

On Friday, 15 November 2019 13:00:14 CET, Daniel Migault wrote:
> Hi  Hubert,
>
> On Thu, Nov 14, 2019 at 12:33 PM Hubert Kario <hkario@redhat.com> wrote:
>
>> On Thursday, 14 November 2019 18:18:52 CET, Daniel Migault wrote:
>>> Hi Hubert,

>>> I understand the reasons for SHOULD. At least this should be documented.
>>> To
>>> address your first point, of course the specification applies to the
>>> server
>>> that support the extension.
>> 
>>> Your second concern is solved by limiting the
>>> NTS of KEX.
>> 
>> by "KEX" you mean handshake? but New Session Ticket messages are not sent
>> during handshake, they are sent after handshake is finished
>
> yes. I would consider the NST as part of the handshake even for those sent
> after the post-handshake authentication.

that would make tickets useless for sessions that use PHA

> I agree better terms may be used.
> The rekey aspect seems to me out of the handshake.

rekey also don't impact the keys used for derivation of session ticket
secrets...

>> so how exactly you want to decide when server stopped sending NSTs after
>> handshake finished?
>> 
>
> That the spec does not mention it does not mean this will not be defined.
> Instead it means each implementer will have its own logic, definitions and
> outputs. The same reasoning occurs to the complexity argument,not
> specifying it does not reduce the complexity but let it to the
> implementation with all unexpected corner cases.

my point is that there is no good way to define it, if you want the count 
to be
limited, you need provide a good way to do that

I say that there isn't one, so defining it is futile

>>> The third point is addressed by the minimum of the (count,
>>> server_nbr). Note that I see count as a maximum. Overall I do not think
>>> this would add much complexity.  The only complexity I see is when a
>> server
>>> sends NTS at different time in the KEX.
>> 
>> again, and what if the server misbehaves?
>> 
>
> Again, it would be a bug but the current spec is very permissive, at least
> in my opinion. I do not believe that not specifying the expected behaviors
> will prevent misbehaviors to happen, it, instead simply legitimates them.

a MUST requires strict definition, which we can't provide, a SHOULD is 
already
in the draft

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic