IETF Logo Mail Archive

Re: [TLS] dispatching DTLS 1.2 errata

Achim Kraus <achimkraus@gmx.net> Wed, 20 March 2024 06:42 UTC

Return-Path: <achimkraus@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6937BC14F6B2 for <tls@ietfa.amsl.com>; Tue, 19 Mar 2024 23:42:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GvzPsuGgtGJm for <tls@ietfa.amsl.com>; Tue, 19 Mar 2024 23:42:25 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C864C14F6A4 for <tls@ietf.org>; Tue, 19 Mar 2024 23:42:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.net; s=s31663417; t=1710916942; x=1711521742; i=achimkraus@gmx.net; bh=5doV5RmtJuLJZI3k/a+7Qat/8bDsItJE31gm5p4uGO0=; h=X-UI-Sender-Class:Date:Subject:To:Cc:References:From: In-Reply-To; b=rofFrfGfAcMkXaAN+DwEZChKQBKJ6okgIHEdP5iHwki81mMJ7gquIM4YhlMZYumY 99LiH/XUzVHg4u9qU0Dw6WWbVgO7/LGwtm5HqhlDLPXJ3VbH4/IO1ny37affD5mtk GgLV9Wiz8z19Zd+Rrews+jS0vQ1dy3YsALrBHl/MQpJl2jNsEtNmtjEWgrdF2e5Vp 6aeVFkNEMXlaWnvC+e3oDsRtGlHjK5wha5TO7IOxvZ0P89Pzwx5Sw7i9cgYw/jEa3 /+rCsFKfzEi9NLv1neM1NVAig8sVvd2bbE+VWM4PBl20Csfs0QPsWMCFS/IKURvNz i/OWlIeCQvzuV7JsPw==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [192.168.178.10] ([88.152.184.64]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MgvvT-1r8IEt0HUL-00hONG; Wed, 20 Mar 2024 07:42:22 +0100
Message-ID: <e4bb684c-7852-4225-9ea5-fb640893c26e@gmx.net>
Date: Wed, 20 Mar 2024 07:42:21 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Sean Turner <sean@sn3rd.com>, TLS List <tls@ietf.org>
Cc: Paul Wouters <paul.wouters@aiven.io>
References: <6E3019FA-222C-4D26-9D18-AF5769935695@sn3rd.com>
Content-Language: de-AT-frami, en-US
From: Achim Kraus <achimkraus@gmx.net>
In-Reply-To: <6E3019FA-222C-4D26-9D18-AF5769935695@sn3rd.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:4dsFKAwwK/2JZ/VnQb9b4DpN0XEbl3glF9TVHqt27IqQX1jeWRG 8MR+Vl6Cnl37HpZlCXUEbddwfY1im4ro5mg0nUX8NbYg/kMiAWXxpFGe74wwj2qCAYBrS29 x6OxlxX0vH2sY6MGtyisJOBWDg0NMMbvq5U9Idb7eTdJd25GY03oUNRpKDqN7imGtYNsXVU 30kt5Ri1QwUGeX8GdgJrw==
UI-OutboundReport: notjunk:1;M01:P0:FJZYR0UzCW0=;qHVtVXlft0Sw1PcuoJjl9YJ5EaS ss8KFeGP4wTfYeN6g39JcfPoOXmERhdz8r5wG211i7gnme4MRyGDUNIArZhHwX4fJl6yARkjx 7cb1Gs8gPHElSOI+j8/Zf8zsaXiUM5p/GSo0XONC6zlUIDtqCOhxbwdsFdYDZrhB5hDhpVvWP 87AU+mUS/OBBRjJsDcy6fhl8/6WZ1H0AmDsBKpeAShHnNJH3CIVih6Wo/MQLwhxW0PE/o9IAU 4rgF1CiKvqLDEqr3pkVGXcjhWiUpWjQ03ibku68ipwxZEs2XbF9lKTjcu9oV/ACV18hiyhvMn pYmBaZsHFt2MmtURs7/KI/KmaX0YFP5A92NFDnKffslxaUS7ty6zvFgCYB+BSra3CrDMnuuBe vihC82XwuLoTCH7WZ1v3U09u1couXFFt+Q3bUCKhyEfcB+76r2DEX8Dl68TlaHT1x9J7KCUjo tbc/yAD1NFcM0sPV8mRX6sdFq4nEEifvr0w6kjzpyIabEeaa4ICw/P9PUulK6gfcKAmOOXx/C pSZPPv2a477PGxN7c3CFyUpwj56wN1Ak9X11IEQHQ5R5aA6h8OsuwNhRMuYKXFssdOskbl9QS dJdFzWL+RnmZtzG0H1/H49KmbjR9t7ZfseN7nCtDYSmZtDxrhvYr3cjqha91Q6KRKjouRd1ac evWsmvtecvhrcIoYJm84NL35ht8jiRAXZCq8zkTfQyhdamEO6kN+RkrjW23zkSDt9dA/yCKom I5kU3Iykk7kM8DNoFFENjJ5NSawP4W1U2yTxbkrARCvsZ+4bIH3V/J8dWRNcYPU2JKZAPtYfp Tb0/hPs7KRaFhzZk9R4lsiMZ/1yt4Rc7NniC+FbMBoqms=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7yyvvcfJeGi49kWLAmbdlN5waBs>
Subject: Re: [TLS] dispatching DTLS 1.2 errata
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 06:42:30 -0000

Hi Sean,
Hi List,

 > Errata on obsolete RFCs should be considered according to whether the
error persists in the obsoleting RFC. ... If it does not, it should be
Rejected with an explanation that the error is corrected in the
obsoleting RFC (cited by number).

I'm not sure, but I guess, that assumes the error either persists or
is corrected in an obsoleting RFC. But of the obsoleting RFC doesn't
address it because of more fundamental changes, we need first to
decide, if such "stale" errors should be corrected or not.

If such stale errors should be corrected, then the most rejects
are wrong.

About EID 5186:

(p17 is 4.2.1 not 4.2.4)

AFAIK, for stateless implementations of 4.2.1 requires that
the HelloVerifyRequest takes both, the record sequence number
and the (handshake) message_seq from the ClientHello. The same
applies to the ServerHello

best regards
Achim






Am 20.03.24 um 05:11 schrieb Sean Turner:
> Hi! We’ve got 8 reported errata on DTLS 1.2 (RFC 6347):
> https://www.rfc-editor.org/errata_search.php?rfc=6347&rec_status=15&presentation=records
> that we, the royal we where we is the WG, need to dispatch.  By way of background, the
> IESG has the following statement about processing errata on the IETF stream:
> https://datatracker.ietf.org/doc/statement-iesg-iesg-processing-of-rfc-errata-for-the-ietf-stream-20210507/
> Based on the IESG statement, please let me know by 3 April if you disagree with the following proposed
> resolutions:
>
> 1. https://www.rfc-editor.org/errata/eid3917
>
> Proposed dispatch: reject
> Rationale: RFC 9147 obsoletes RFC 6347 and extensions is added to the ClientHello struct (see s5.3).
>
> 2. https://www.rfc-editor.org/errata/eid4103
>
> Proposed dispatch: reject
> Rationale: RFC 9147 obsoletes RFC 6347 and HelloVerifyRequest is no longer applicable to DTLS 1.3.
>
> 3. https://www.rfc-editor.org/errata/eid5186
>
> Proposed dispatch: reject
> Rationale: RFC 9147 obsoletes RFC 6347 and the section in question was extensively revised; the offending text is removed or no longer applies.
>
> 4. https://www.rfc-editor.org/errata/eid4104
>
> Proposed dispatch: reject
> Rationale: RFC 9147 obsoletes RFC 6347and the paragraph in questions was extensively revised; the offending text is removed.
>
> 5. https://www.rfc-editor.org/errata/eid4105
>
> Proposed dispatch: reject
> Rationale: RFC 9147 obsoletes RFC 6347 and the two sections were merged into one.
>
> 6. https://www.rfc-editor.org/errata/eid4642
>
> Proposed dispatch: reject
> Rationale: RFC 9147 obsoletes RFC 6347, the field has been renamed, and the field’s explanation updated.
>
> 7. https://www.rfc-editor.org/errata/eid5903
>
> Proposed dispatch: reject
> Rationale: RFC 9147 obsoletes RFC 6347 and the paragraph in questions was extensively revised; the offending text is reworded.
>
> 8. https://www.rfc-editor.org/errata/eid5026
>
> Proposed dispatch: reject
> Rationale: RFC 9147 obsoletes RFC 6347 and the 2119-language for the length is no longer in RFC 9147.
>
> Cheers,
> spt
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email