IETF Logo Mail Archive

Re: [TLS] Simplifying the record protocol

Tom Ritter <tom@ritter.vg> Wed, 11 June 2014 14:47 UTC

Return-Path: <tom@ritter.vg>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92CE71A0127 for <tls@ietfa.amsl.com>; Wed, 11 Jun 2014 07:47:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fCAVYqJZ6pHD for <tls@ietfa.amsl.com>; Wed, 11 Jun 2014 07:47:14 -0700 (PDT)
Received: from mail-ve0-x234.google.com (mail-ve0-x234.google.com [IPv6:2607:f8b0:400c:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B01F1A00FA for <tls@ietf.org>; Wed, 11 Jun 2014 07:47:14 -0700 (PDT)
Received: by mail-ve0-f180.google.com with SMTP id jw12so8302972veb.11 for <tls@ietf.org>; Wed, 11 Jun 2014 07:47:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=GrrPxRodnS4LOFMENzi9DLsullVjeIaAHURG2eLRZkM=; b=wBBMi60LK2vGBRGqeEMq+lOgQqu7qtQbSoNHzc3NKgJOX89Y86vNaTRnDInSO9ea/r qZwaJGTwmem+DCp/Ru6m96UZ8hblZ2sbSUmyqWjX4H+jbDz0DLkjf0GYvlTb9TRK816Z LozjDK2NpgoPwc5s2J5rExUSUz4T1qQXx8hFI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=GrrPxRodnS4LOFMENzi9DLsullVjeIaAHURG2eLRZkM=; b=FU2mcVgdFTo8Qk5gai+j1SNfT4toMjq1kMRmWXRresMp012sxMhiccX9Ec2Km9NScG 3+OSdiPjyah3WdpRAcof679uXZav3izOgLhvav9Eip0cZva4vOjzTtisGCmSrkWY9wdc 9uQupxNhG1heT6P9kWcNlNtXZ5k1YUzaWNZPzu5lB0bFbBGDnyP3eeMkYpE5tLIDkWg2 /ImkRgZaVZI0tw4QYR3sn5TeBhVnVZLiJrLEa9tOT5DM4CYRykWYZ6UMrIn6qUVcQSwF wcsSbDvaunfjT6p5BeXjmM6778rEzAElKmlPyKAto5TCAOhOgCZaoo0R6nhSZGv3Xn6r RuRA==
X-Gm-Message-State: ALoCoQn1XBWEckLQOx2ia6CAf7oWSkEoWNfGhwB3ysNos91P2z2wCYLjWDksZBl4ENLHviCul9XD
X-Received: by 10.52.5.129 with SMTP id s1mr3562369vds.31.1402498033257; Wed, 11 Jun 2014 07:47:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.58.106.39 with HTTP; Wed, 11 Jun 2014 07:46:53 -0700 (PDT)
In-Reply-To: <1402472681.2305.2.camel@dhcp-2-127.brq.redhat.com>
References: <537A5429.4030002@amacapital.net> <CAL9PXLx-wJ6-LMm9mFtr_tGA+L+5WVKU-et=qfUv=W6d-eYGKQ@mail.gmail.com> <CABkgnnU7PVoVhc_OWD7G4qazL8kpTNbuEH0nEOFtLJrobkt-OQ@mail.gmail.com> <CA+cU71mE8-Bo2A0ufn3H4S+L0ZAmNaLB-q0VwCgVr=eSGSfWpQ@mail.gmail.com> <1402472681.2305.2.camel@dhcp-2-127.brq.redhat.com>
From: Tom Ritter <tom@ritter.vg>
Date: Wed, 11 Jun 2014 10:46:53 -0400
Message-ID: <CA+cU71k9AbCR6mDNa2sq+Kz8WhHhUD90+MTPT4uBL9VoCGTGuw@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: multipart/alternative; boundary="20cf302efab01227ff04fb90851d"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/9gJT4xy1DEXrj2xlmyFtMCeU2HE
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Simplifying the record protocol
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 14:47:15 -0000

On 11 June 2014 03:44, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote:

> On Tue, 2014-06-10 at 22:56 -0400, Tom Ritter wrote:
>
> > An advantage of encrypting the content type is making it possible for
> > TLS padding to be built-in for no additional bytes.
>
> TLS padding can be built-in for no additional bytes and for no change in
> outside format of the TLS record:
> http://tools.ietf.org/html/draft-pironti-tls-length-hiding-02
>
>
I would strongly prefer padding not to require an extension and be built
in. While some extensions could be protected in an encrypted handshake (See
Type B extensions in [0]), this would require a significant change to
extensions and I'm not banking on it.  So assuming that extensions are in
the clear, I would prefer an observer be unsure if there is padding or not.

This is especially important because a large class of attacks we want to
defend against are passive attacks, where the observer has only a single
traffic stream and wants to try correlation, and is unable to induce
multiple sends or streams with which to try statistical or timing
correlation.

(Re-reading the draft and minutes[1]) I believe that the padding in this
draft, if we remove the extension, would add an additional two bytes to all
messages to be unambiguous and indicate if there is padding or not. If I'm
wrong about that, I don't think I'm the only one so I'd be happy to be
corrected.

My goal is to get padding support (for receiving, not necessarily sending)
built in to the protocol, with no additional on-wire bytes for people who
don't want to pad, and with no plaintext indicators of whether padding is
being done or not.

-tom


[0]
http://www.ietf.org/proceedings/interim/2014/05/15/tls/slides/slides-interim-2014-tls-1-4.pdf
[1]
http://www.ietf.org/proceedings/interim/2014/05/15/tls/minutes/minutes-interim-2014-tls-1
around "Padding issues "

v2.23.0 | Report a Bug | By Email