IETF Logo Mail Archive

Re: [TLS] A new consensus call on ALPN vs NPN (was ALPN concerns)

Yoav Nir <ynir@checkpoint.com> Wed, 11 December 2013 15:16 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C7281AD75F for <tls@ietfa.amsl.com>; Wed, 11 Dec 2013 07:16:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.902
X-Spam-Level:
X-Spam-Status: No, score=-6.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5PjrBeHYXiQ6 for <tls@ietfa.amsl.com>; Wed, 11 Dec 2013 07:16:40 -0800 (PST)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 9F1B31AC421 for <tls@ietf.org>; Wed, 11 Dec 2013 07:16:39 -0800 (PST)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id rBBFGU9D012429; Wed, 11 Dec 2013 17:16:30 +0200
X-CheckPoint: {52A87E43-3-1B221DC2-1FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.146]) by DAG-EX10.ad.checkpoint.com ([169.254.3.213]) with mapi id 14.03.0123.003; Wed, 11 Dec 2013 17:16:30 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF TLS Working Group <tls@ietf.org>
Thread-Topic: [TLS] A new consensus call on ALPN vs NPN (was ALPN concerns)
Thread-Index: AQHO9PKwvFEdHESyEEm0ZUd+bMkQKppNxnIAgAAZ0wCAABfOAIABARgAgAAiFBA=
Date: Wed, 11 Dec 2013 15:16:29 +0000
Message-ID: <4613980CFC78314ABFD7F85CC302772121B21CE3@IL-EX10.ad.checkpoint.com>
References: <CAFewVt7SS9ud8J=6VtR-Zv-9bhaTHEnjT8XD+ULaRSVUkYftaQ@mail.gmail.com> <52A77DB4.7020501@gmx.net> <52A7935E.5020906@cs.tcd.ie> <87ob4o1dbd.fsf@alice.fifthhorseman.net> <52A87F00.7000304@cs.tcd.ie>
In-Reply-To: <52A87F00.7000304@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [91.90.139.27]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] A new consensus call on ALPN vs NPN (was ALPN concerns)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2013 15:16:41 -0000

I think it's possible to get all the extension hiding we want in TLS 1.3, even while keeping BC with TLS 1.0 servers:

1. Client sends ClientHello without the problem extensions (ALPN, SNI). The record version is 3.1 (TLS 1.0), while the supported version is 3.4 (TLS 1.3). 

2a. The server replies with TLS 1.3, and everything works as planned. The end.

2b. The server replies with TLS 1.0, and some certificate. The certificate may or may not fit the site. Makes no difference for now.
3b. The client completes the exchange, and immediately begins a renegotiation
4b. In this renegotiation, the versions offered are just TLS 1.0 to TLS 1.2, and all extensions are present (though encrypted).
5b. The renegotiation completes at TLS 1.0 with all extensions.

This solves the issue of hiding extension. If TLS 1.3 is not supported by the server, it means an extra handshake with all associated costs. It may be possible, if the server presented the correct certificate to have session resumption with the renegotiation, although that is usually not recommended.

Yoav

v2.23.0 | Report a Bug | By Email