IETF Logo Mail Archive

Re: [TLS] A flags extension

"Martin Thomson" <mt@lowentropy.net> Fri, 29 March 2019 19:30 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B08261202CB for <tls@ietfa.amsl.com>; Fri, 29 Mar 2019 12:30:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=osS9unUE; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Fm4EbS7J
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJj1pvRBkGsb for <tls@ietfa.amsl.com>; Fri, 29 Mar 2019 12:30:43 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C68DC120297 for <tls@ietf.org>; Fri, 29 Mar 2019 12:30:43 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id D5A6521F2A for <tls@ietf.org>; Fri, 29 Mar 2019 15:30:42 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Fri, 29 Mar 2019 15:30:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=BSbm/vuxcm5SRYpehiQ/iettvZN6a3p ylc3cHd9K73w=; b=osS9unUE/qn6C78kz1VX2dx85DosUkMDdTxfHp0WF5IrUj5 athql+YXxMezlPX4D8NzWTs5kCliKnJTrv6JYITWpIz/NLuiiORVKPxV27RnudF2 x/+ccAHjOBhCJ09c6OBbMuhZk6NEn6ihGjpk8fmK1aY3YMMGxQttZ21r6zgp6E7q g03Q5tZJ6T6ATNRborHd1z3ya1/XZ31kLpnW3FzmtPPj6y6uX3V01t4DWYy8Xjpw UwXIdlSasjnOqVXLGt6MgHIgHPjCH2tJUYnFCe0uUsQeoM26EcRhauRy+MBKJkMO dHsKZmJo+Y7G5Krou6/ByTyJS+sKq8LglpLSgyQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=BSbm/v uxcm5SRYpehiQ/iettvZN6a3pylc3cHd9K73w=; b=Fm4EbS7JuvGwvlY/5ZDOlm eRzGEE4AaoDeiWdYk7UZoHgM/BrdAcA4h/6byaOxrCx+Rl6q5w7mvHiQUmLEeeiS fS/YQuwY61jfjIyvza2r9sAfrlM8x5FeUJ0ggRADBS6u5/p2v4ckB76Je5gHXvzX kA69iSauWU57uSSgNeiSOxpACan45XYC/ZdLTtfiIdhZSUJDaboBuX2ep8GIn3as 4HHzY/LCVQAtoR1lwoQ3M5rylU9xbZ+bZ/Y++V70bPZMjzOoa6JyAxgWIDHn0UXU 1C72JtzB123Y1lyGf3ygZaKhj8qqqeyvilYIc9FlOKfPyR2pRSGEDyLHJjY8I3qg ==
X-ME-Sender: <xms:YnKeXJfWHpelU51afgoDtr2n-ZXzNP5XiPhN56EkTXhOCLAxOp3cBQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrkeejgdellecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuffhomhgrihhnpehivghtfhdrohhrghenucfrrghrrg hmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvthenucevlhhushht vghrufhiiigvpedt
X-ME-Proxy: <xmx:YnKeXBivzmSMi1IGi9KQRC_Gthc_fHD_kh3aT7M_3Bqvc5iUPYC-RA> <xmx:YnKeXKANAxoF2sJ8Xzusvn6jcQddZtGLX4zW8q5JdyEdaMirX_ULEQ> <xmx:YnKeXBvCuvTbrmXdCqskS6JbaGMatrkCQG0hlrvSJqQ7m-pICETl9g> <xmx:YnKeXP9b_gkSegCVbTfICq0lKmBeLtuedpkIHOefT8w363XlEX7dHQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 6BA3C7C539; Fri, 29 Mar 2019 15:30:42 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-329-gf4aae99-fmstable-20190329v1
Mime-Version: 1.0
X-Me-Personality: 92534000
Message-Id: <6b114845-b819-4eec-94cd-17c1dd88d092@www.fastmail.com>
In-Reply-To: <FA7952BB-8BB9-498E-9C7B-E4CF7DB2DB25@ericsson.com>
References: <FA7952BB-8BB9-498E-9C7B-E4CF7DB2DB25@ericsson.com>
Date: Fri, 29 Mar 2019 15:30:40 -0400
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9wxZU1MQ0H7zX8vpACKx33Rs8zI>
Subject: Re: [TLS] A flags extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2019 19:30:46 -0000

In addition to this, the document would seem to allow a server to set bit k if the client did not set that bit. (Or more generally, the responder can set bits the initiator did not set. )

In fitting with the TLS model, I would recommend allowing a responder to set only bits that the initiator sets. Other bits being set would be an error. 

On Fri, Mar 29, 2019, at 19:59, John Mattsson wrote:
> Hi,
> 
> The document only talks about use in ClientHello, ServerHello, and 
> EncryptedExtensions. I think it should also discuss usage in 
> CertificateRequest, Certificate from the server, and Certificate from 
> the client. It should likely be left to the document that specifies a 
> specific feature to determine where it can be used. 
> draft-thomson-tls-sic-00 uses the tls_flags extension in 
> CertificateRequest.
> 
> Cheers,
> John
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email