IETF Logo Mail Archive

Re: [TLS] Extensions "supported_groups" and "key_share" in TLS 1.3

Eric Rescorla <ekr@rtfm.com> Fri, 27 November 2015 01:13 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E8861B3008 for <tls@ietfa.amsl.com>; Thu, 26 Nov 2015 17:13:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grpZV5lxo5DR for <tls@ietfa.amsl.com>; Thu, 26 Nov 2015 17:13:04 -0800 (PST)
Received: from mail-yk0-x22d.google.com (mail-yk0-x22d.google.com [IPv6:2607:f8b0:4002:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3F461B3004 for <tls@ietf.org>; Thu, 26 Nov 2015 17:13:03 -0800 (PST)
Received: by ykdv3 with SMTP id v3so104145388ykd.0 for <tls@ietf.org>; Thu, 26 Nov 2015 17:13:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=YE+E/UOBYaYKHTfWVjC3zPnGE799qjvhhrfwmC8UTig=; b=nZuAutBZI98txikOJJUEYvx6DIpHljOQVtHRuJkKFeGXNDTMQfepoBoKcAAPJKXyzW iQa1M7eIrUkLaT1UQ1oq1NMlKrYrf1Yk79oiAI4EzoOxGOxtN59n6k+ESvt7A+PDw4qh RSN4++1GmThoyx09FWpPneDJfsL4NRqMZB7HMw+yBBSuDsTPI7IvgaArxD3LBGpXs+Qs LHxtWED9Jb1UpYuitkHHyrTvQbQ/+lPB2f8l14znESPXHcmzEFxYD2d4qNsP68dP19v9 jWrxbfmLKCCChibscITqD+S2hkKVnoOUR3AkORbflRD5TVqOSJNLOu9GjccemNJjDyja wUAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=YE+E/UOBYaYKHTfWVjC3zPnGE799qjvhhrfwmC8UTig=; b=TsnDRaVKuCEVvlyq4gWlN8ZelCvomoPl/t9EHUiBSBpVVethyz8QeQUGeBNlWs8s7r +oyWWgHaBrpBZ4y9TlHUrv24WJqGgpI/SouPti0cncvps4pReYbYPRlPuhd7sJ9iiKYe B63To+h5Jz2+6e+9ZH+XPH4gKY8buLkGVxBszyN6JnvamkSZpNajT8h2SLOGBBuPMUqc bOlGA/IMp7X92cn9vk5O7Ex2bqDNi1Ug/2XDucwnVg6fji63A8ib0+hv/fk5Xt5RAO6V EBKbXlAH93s2g9UaVDmMib8Q+sjkGR7tUzORaRtlBeCQsDv4D65MCywTsCtw+tcKuS0J VmYg==
X-Gm-Message-State: ALoCoQn1IMSfzPplbITqdd23V5l+RfVQxDcyjhE5rnf9iJ3PdvizUBWU40jMFFZZ5dsyKTNL+Jkn
X-Received: by 10.13.212.211 with SMTP id w202mr9206714ywd.192.1448586782969; Thu, 26 Nov 2015 17:13:02 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.249.197 with HTTP; Thu, 26 Nov 2015 17:12:23 -0800 (PST)
In-Reply-To: <CAAgBOhuYWSi7Xt-PJXU4=b_oDiw0O4t44BYeBNeGEdTtJUA6hQ@mail.gmail.com>
References: <CAAgBOhuOPB=jxO=WWHmy_y7ARY5qfdK2x4xC9t-Z-vn0UU5Paw@mail.gmail.com> <201511261750.11459.davemgarrett@gmail.com> <CABcZeBM6Yw0KujF6sPZzYn20JX4LvMF4Mb=D5H2JZapDuBNYrw@mail.gmail.com> <201511261836.54580.davemgarrett@gmail.com> <CABcZeBPZmdYo7Fks8w9tWOA84QpzEeTdnN42DYqJF+g=btZ5ug@mail.gmail.com> <CAAgBOhuYWSi7Xt-PJXU4=b_oDiw0O4t44BYeBNeGEdTtJUA6hQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 26 Nov 2015 17:12:23 -0800
Message-ID: <CABcZeBP8XEZXO3YOQTdzFSiPGyDC0kc2BEEeWAVarBS502W-yQ@mail.gmail.com>
To: Xuelei Fan <xuelei.fan@vimino.com>
Content-Type: multipart/alternative; boundary="001a114fbe98a0488305257b643f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/8X1AdoktwC1jdQLV47G3tTwP4EE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Extensions "supported_groups" and "key_share" in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Nov 2015 01:13:05 -0000

On Thu, Nov 26, 2015 at 4:59 PM, Xuelei Fan <xuelei.fan@vimino.com> wrote:

> If empty key_share vector is used to indicate to request a server choice,
>

That's not what it means. It means "I have no idea what your preferences
are, so tell
me which of the groups I support you prefer". Thus, you still need
supported_groups
to indicate the groups you support.

-Ekr



I think it is not necessary to have  "supported_groups" extension as
> mandatory any more.  key_share extension can be used for the supported
> named groups.   "supported_groups" extension can be used for backward
> compatibility (if TLS 1.2 fade out in the future, need no "supported_groups"
> extension any more).
>
> Or, if both are needed as mandatory, may be better to separate functions
> that "supported_groups" extension defines the supported named groups and
> preference, and key_share defines the shares only (no supported groups, no
> preference, the groups must be defined in  "supported_groups" extension).
>



> Xuelei
>
> On Fri, Nov 27, 2015 at 7:47 AM, Eric Rescorla <ekr@rtfm.com> wrote:
>
>>
>>
>> On Thu, Nov 26, 2015 at 3:36 PM, Dave Garrett <davemgarrett@gmail.com>
>> wrote:
>>
>>> On Thursday, November 26, 2015 06:02:09 pm Eric Rescorla wrote:
>>> > On Thu, Nov 26, 2015 at 2:50 PM, Dave Garrett <davemgarrett@gmail.com>
>>> > wrote:
>>> > > On Thursday, November 26, 2015 02:15:25 pm Ilari Liusvaara wrote:
>>> > > > I actually looked at the Editors's Copy. The description is a
>>> mess: It
>>> > > > seemingly first requires key_share extension, even for the first
>>> > > > ClientHello... Now, that extension can't be empty... And then
>>> proceeds
>>> > > > to say to omit it if client has no shares to send... Which looks
>>> like
>>> > > > it is mutually contradictionary.
>>> > >
>>> > > We went back and forth on whether to omit or require an empty
>>> extension.
>>> > > It looks like we have a mix of the two left in there that need
>>> fixing. (I
>>> > > think something got merged weird) Thanks for pointing this out.
>>> > >
>>> > > I think it might be easier if we just required the extension for all
>>> cases
>>> > > where (EC)DHE suites are offered, and have it empty to request a
>>> server
>>> > > choice, instead of an omitted extension.
>>> >
>>> > Yes, we should either have that or have empty be forbidden. It's a
>>> matter of taste
>>> > but on balance, let's go with "empty". If you want to submit a PR that
>>> cleans
>>> > this up, I'll merge that.
>>>
>>> ->  https://github.com/tlswg/tls13-spec/pull/349
>>>
>>> There's one last decision, though: does "empty" mean empty client_shares
>>> vector or empty "extension_data" to save 2 bytes? I think it's cleaner to
>>> just keep the same extension structure for all cases and have an empty
>>> shares vector, which is what I have in the current PR.
>>
>>
>> Empty vector seems dominant.
>>
>> -Ekr
>>
>>
>>>
>>> Dave
>>>
>>
>>
>

v2.23.0 | Report a Bug | By Email