Re: [TLS] Proposed changes to draft-ietf-tls-rfc4366-bis
Martin Rex <mrex@sap.com> Mon, 17 May 2010 13:26 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 24E193A6BCF for <tls@core3.amsl.com>; Mon, 17 May 2010 06:26:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.737
X-Spam-Level:
X-Spam-Status: No, score=-7.737 tagged_above=-999 required=5 tests=[AWL=-0.088, BAYES_50=0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F6iZ+X8BYMGG for <tls@core3.amsl.com>; Mon, 17 May 2010 06:26:17 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id 630D93A6C9C for <tls@ietf.org>; Mon, 17 May 2010 06:22:00 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id o4HDLho7023914 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 May 2010 15:21:43 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201005171321.o4HDLgmX018711@fs4113.wdf.sap.corp>
To: jsalowey@cisco.com
Date: Mon, 17 May 2010 15:21:42 +0200
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE50A67C235@xmb-sjc-225.amer.cisco.com> from "Joseph Salowey" at May 16, 10 09:43:08 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal08
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] Proposed changes to draft-ietf-tls-rfc4366-bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2010 13:26:18 -0000
Joseph Salowey wrote: > > This clarification is consistent with existing text in the draft and in > RFC 4366. The way it is written appears somewhat misleading, and the resulting change to 4366 indicates that we need to come up with a better description. > > " Note also that all the extensions defined in this section are > relevant only when a session is initiated. ... > > - If, on the other hand, the older session is resumed, then the > server MUST ignore the extensions and send a server hello > containing none of the extension types. In this case, the > functionality of these extensions negotiated during the original > session initiation is applied to the resumed session." > > Michael D'Errico wrote: > > > > Add to section 3 before the last paragraph to clarify session > > resumption behavior: > > > > "When the server resumes a session, the server_name extension > > is ignored." > > > > I have not yet done it, but I plan to have my session resumption > > logic look at the SNI to see if it matches the name used for the > > cached session. If they don't match, a full handshake will be > > completed. We already have to verify that TLS version, cipher > > suite, and compression method are compatible with the hello > > parameters. I don't see why the SNI is any less important. Your intended behaviour sounds perfectly fine and sensible. > > > Does the above text suggest that my plan would be non-compliant? No. Your intention is to determine whether a suitable cached session exist for resumption. Once you have determined that, you resume without SNI affecting the characteristics of the resumed session. But your confusion suggests that this should probably be rephrased in order clarify what is meant. There are two entirely seperate issues that ought to be distinguished. (1) criteria which the server considers in his decision whether to resume a TLS session from the cache by performing an abbreviated TLS handshake for the TLS session ID proposed by the TLS client in the ClientHello handshake message. (2) effects of parameters in ClientHello (regular or through extensions) on the characteristics of the established TLS session. What Joe an the new text says is only about (2). When the server decides to resumt a TLS session from cache, then it must be resumed as-is, none of the parameters or extensions in the ClientHello is allowed to modify the characteristics of the resumed TLS session. (1) is a totally different beast. Whether or not the server resumes a TLS session proposed by the TLS client is completely at the discretion of the server. IMHO, it makes perfect sense for the server to check whether the attributes that the client requests through all those parameters in regular ClientHello plus TLS extension actually match the characteristics of proposed cached session, and to go through a full TLS handshake if they don't. A server can also expire a session from his session cache whenever it sees a need to do so. In some implementations, the TLS session cache may be shared among several processes on a host, not just a single application that tries to offer virtual hosting with TLS through the server name indication (SNI) TLS extension. That correct client implementations shouldn't be proposing to resume TLS sessions across "virtual hosts" boundaries is not relevant for the server's decision. The server should not try to make any assumptions on client desire or behaviour, but instead act deterministically based on the parameters in the supplied ClientHello handshake message. -Martin
- [TLS] Proposed changes to draft-ietf-tls-rfc4366-… Joseph Salowey (jsalowey)
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Pasi.Eronen
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Donald Eastlake
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Michael D'Errico
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Marsh Ray
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Joseph Salowey (jsalowey)
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Michael D'Errico
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Martin Rex
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Joseph Salowey (jsalowey)
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Michael D'Errico
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Joseph Salowey (jsalowey)
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Martin Rex
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Michael D'Errico
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Joseph Salowey (jsalowey)
- Re: [TLS] Proposed changes to draft-ietf-tls-rfc4… Michael D'Errico