IETF Logo Mail Archive

Re: [TLS] Fwd: Clarification on interleaving app data and handshake records

Matt Caswell <frodo@baggins.org> Wed, 14 October 2015 22:44 UTC

Return-Path: <frodo@baggins.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 732191AD0B1 for <tls@ietfa.amsl.com>; Wed, 14 Oct 2015 15:44:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vax9pgGRX-tf for <tls@ietfa.amsl.com>; Wed, 14 Oct 2015 15:44:10 -0700 (PDT)
Received: from ns3.dns-engine.com (ns3.dns-engine.com [87.106.189.53]) by ietfa.amsl.com (Postfix) with ESMTP id A58F21ACEE5 for <tls@ietf.org>; Wed, 14 Oct 2015 15:44:10 -0700 (PDT)
Received: from [10.100.1.6] (unknown [104.238.169.148]) by ns3.dns-engine.com (Postfix) with ESMTPSA id 95374180040A; Wed, 14 Oct 2015 23:43:57 +0100 (BST)
To: Martin Thomson <martin.thomson@gmail.com>, David Benjamin <davidben@chromium.org>
References: <20151014154401.DF1401A2E6@ld9781.wdf.sap.corp> <561EB56B.9050308@baggins.org> <CAF8qwaBZZs-QF98wgJRxWdijHCkM2nj4w7AUZ4tRMaKf6_jFHQ@mail.gmail.com> <CABkgnnWG6aPnwwK5KyJLG4NgsyOKT0=gj2TDPWoeEhejrH4iZw@mail.gmail.com>
From: Matt Caswell <frodo@baggins.org>
X-Enigmail-Draft-Status: N1110
Message-ID: <561EDAAA.3050600@baggins.org>
Date: Wed, 14 Oct 2015 23:43:54 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <CABkgnnWG6aPnwwK5KyJLG4NgsyOKT0=gj2TDPWoeEhejrH4iZw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/9LTvkYVUK3ROx0awYKn8VqRWgyU>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Fwd: Clarification on interleaving app data and handshake records
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2015 22:44:12 -0000


On 14/10/15 21:42, Martin Thomson wrote:
> On 14 October 2015 at 13:29, David Benjamin <davidben@chromium.org> wrote:
>> If you really absolutely must support interleave and can't avoid it, I think
>> it being allowed everywhere except between CCS and Finished is probably the
>> closest you can get to coherent semantics. "Coherent" here is, of course,
>> all relative since renego is involved.
> 
> I think that it needs to be more than that.  I would say:
> 
> 1. You should not interleave data with handshake messages from the same flight.
> 2. You should not report any change to handshake status until the
> renegotiation is complete.  That means no callbacks/events about new
> peer certificates, or anything of that nature until you have received
> and validated the Finished.  You would have to exercise caution here
> for the callbacks that are necessary during the process, like the
> "please choose a certificate and private key to use" callback on
> either side.
> 
> If you can somehow manage to do all of that, then you might be able
> get away with not halting progress entirely.  Because - as far as the
> application is concerned - application data is sent as though it were
> before the renegotiation.  In essence, you are keeping the application
> ignorant of any changes until the whole process is over.
> 
> I've heard it recommended that you add other stipulations, such as

That would be very challenging to implement. Almost certainly not
possible for the stable released versions. I would hesitate to do so for
the new development version too without explicit published advice in the
form of an RFC/errata...it would add significant complexity.

It seems my options in reality are:

1) Allow interleaved data everywhere except between CCS and Finished, as
per the (hopelessly unclear) RFC. This would leave us conformant, would
solve our interoperability problems, but is a "highly dangerous idea"
according to your advice.

or

2) Leave things as they are now where we abort on interleaved
application data. This would leave us unconformant and with an
interoperability problem which is causing real issues for users (who
will point the finger at us for failing to fix it).

"Rock" meet "hard place". :-(

Matt

v2.23.0 | Report a Bug | By Email