Re: [TLS] I-D Action: draft-ietf-tls-snip-01.txt
David Benjamin <davidben@chromium.org> Tue, 22 February 2022 21:23 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B7073A07C1 for <tls@ietfa.amsl.com>; Tue, 22 Feb 2022 13:23:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.824
X-Spam-Level:
X-Spam-Status: No, score=-9.824 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ncGo4tVmEPmv for <tls@ietfa.amsl.com>; Tue, 22 Feb 2022 13:23:18 -0800 (PST)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA80A3A06E7 for <tls@ietf.org>; Tue, 22 Feb 2022 13:23:18 -0800 (PST)
Received: by mail-pl1-x632.google.com with SMTP id bd1so870215plb.13 for <tls@ietf.org>; Tue, 22 Feb 2022 13:23:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=x0WSbcR9VtKfaUlWdyiGo2Pxsl03cn6x2jACCk26c78=; b=ghMz+/uYTySvKEt+1bXCKp6QyThgqxW/+QB/xF+f2FyrznV8wKYauoYHsMKYCZr6NW YEzEY32R50MYDByqsMgFPYUTl5/a4ZCRiXbSSEbULxXfVKWj4wu6q1sU8Qq7sFFzVM+V VbBNMj84AGYIxoHYsn2f1oDYdhksIxBQ+S4Ck=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=x0WSbcR9VtKfaUlWdyiGo2Pxsl03cn6x2jACCk26c78=; b=4k4YjIyNBE8+S3vEDeiw9UJLxd1XlMD8yYWFrqKHZS4SUx9HBm3TL+tksk88nMTxtM FQ4+1rk6WxrJ8eNsEJ16hZBzBQk//PfozEVFnJoXERXolCMLBd7NMPKMfxenZvDB2B1f VUpY6dyeWHcQEupk9Fd8a3kc0g+a7NnXfQfFRHC125w9eRKKJsDhNy61VL/hISHNsZb6 w4WHPtInf4L0WA7Q761Id9XLhx6vWLNfvq1f4xKfg8e7jTCyIZzT9U5F/jmXb0mhm4f6 IFudtqtH+l4N/IZ18SDaCE5J4MUesEgRz345Hx6tpHqaoKFA29fyJ3b+RoS/PZPE/pYK 3X6A==
X-Gm-Message-State: AOAM531FM+NwJMBpkAasKt0oxrgplFqkIu0yI9Ey16oIL+Gtx405D/QD 2hIwqWjueJXh2h3L8Y884lJIDmFZh/98puHVDuFi
X-Google-Smtp-Source: ABdhPJyhxGNXHy4HvX+/3riv1ZAal+gbNvlsMOzQ/ivu6V4s7a8e+gKY9KnvH4LwRJltBJ6XL5jPIOwyhUC+5pPc0gw=
X-Received: by 2002:a17:902:8b86:b0:14f:cad:38f6 with SMTP id ay6-20020a1709028b8600b0014f0cad38f6mr24631156plb.3.1645564997578; Tue, 22 Feb 2022 13:23:17 -0800 (PST)
MIME-Version: 1.0
References: <164498945328.29432.3195675407975344546@ietfa.amsl.com> <3032eda1-a666-4c02-93df-7e311f5dc8e7@beta.fastmail.com> <CAHbrMsDKz7r+vP9vEiORrPGXnnjkUWZxSefOZzqDLZqwbLmBSA@mail.gmail.com>
In-Reply-To: <CAHbrMsDKz7r+vP9vEiORrPGXnnjkUWZxSefOZzqDLZqwbLmBSA@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Tue, 22 Feb 2022 16:23:00 -0500
Message-ID: <CAF8qwaAKihmgWp7arVxd0CkE+nUD5h=-vqdQrOZVqakyGgtWcQ@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
Cc: Martin Thomson <mt@lowentropy.net>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000022fda305d8a1f5d6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ADZeL3BUrHwNJ68M-YhG8hbC52c>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-snip-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2022 21:23:25 -0000
On Tue, Feb 22, 2022 at 3:58 PM Ben Schwartz <bemasc= 40google.com@dmarc.ietf.org> wrote: > I continue to support this draft. > > I am puzzled by the requirement that "A server MUST omit any compatible > protocols from this extension". Including them seems harmless, and > omitting them seems to impose an unstated requirement that (1) both parties > also include the ALPN extension and (2) the implementations of these > extensions must be intertwined. I would change this to SHOULD. > We shouldn't add variation to protocols just because they are (immediately) harmless. Unless there's a strong reason for some implementations to include them and others to omit them, we shouldn't use a SHOULD. > Appendix C assumes that SVCB records are not authenticated. That's > allowed by SVCB, but it's not required. A client with authenticated SVCB > records (e.g. via DNSSEC) is not vulnerable to these attacks, and SNIP > would arguably be redundant in that case. I don't think it's fair to claim > that DNSSEC is "impractical", as implied by this text. ("often > impractical" might be fine.) > SNIP would still not be redundant because of the deployment issues listed below. > Also, the bullets underneath have some issues: > > > it is not possible to ensure that all server instances in a deployment > have the same protocol configuration, as deployments for a single name > routinely include multiple providers that cannot coordinate closely; > > This is not a problem. The differently-configured servers would be > represented by different RRs in the RRSet. > The bullet point is correct, though the "multiple providers" explanation may not be the best one. When a change is rolled out or rolled back across a server deployment, there will unavoidable a period when the server deployment is non-uniform. > > the ability to provide a subset of valid DNS records is integral to many > strategies for managing servers > > Perhaps, but only the authoritative server is allowed to make these > judgments, and it must happen before DNSSEC signing (which signs the entire > RRSet as an indivisible unit). > > > ensuring that cached DNS records are synchronized with server state is > challenging in a number of deployments. > > SVCB contents are required to be accurate. They might be conservative > (not offering all supported protocols), but they can't be optimistic > (promising protocols that aren't actually supported everywhere). Perhaps > there is some SNIP use case where the client is excited to learn that this > server supports some as-yet-unannounced protocol, but it's not the main > SNIP use case. > DNS is too far removed from the true server state for that to be plausible. Indeed we went through quite a lot of trouble in ECH specifically to tolerate inaccurate SVCB contents. I don't think the conservative vs. optimistic classification works either. A service may need to rollback a change due to an unanticipated issue somewhere in the system. In addition to the period of non-uniformity above, the cached SVCB record will be "optimistic" post-rollback. But this is fine because we do *not* require SVCB ALPN lists to be perfectly accurate. We fixed the broken Alt-Svc ALPN rules in SVCB to effectively remove SVCB's influence on the authoritative protocol selection. That must stay in TLS, for security and deployment reasons. If SVCB says a server supports {h2, http/1.1} but it really only supports {http/1.1}, it will continue working because "h2" and "http/1.1", at this layer, effectively don't fix the exact protocol, just the set of compatible protocols. That is, they are mostly just a funny way to say "TCP + TLS + HTTP/??". > On Wed, Feb 16, 2022 at 12:36 AM Martin Thomson <mt@lowentropy.net> wrote: > >> Hey everyone, >> >> This is a keep-alive update for the most part. >> >> I spent an hour or so trying to do improve the readability of the draft. >> So it will look like a lot has changed as I rewrote large chunks, removed a >> fair bit, and moved whole sections. All of that is with a goal of making >> the content more accessible. Happy to hear how people feel that went and >> how it might be improved further. >> >> Cheers, >> Martin >> >> >> On Wed, Feb 16, 2022, at 16:30, internet-drafts@ietf.org wrote: >> > A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> > This draft is a work item of the Transport Layer Security WG of the >> IETF. >> > >> > Title : Secure Negotiation of Incompatible Protocols >> in TLS >> > Author : Martin Thomson >> > Filename : draft-ietf-tls-snip-01.txt >> > Pages : 12 >> > Date : 2022-02-15 >> > >> > Abstract: >> > An extension is defined for TLS that allows a client and server to >> > detect an attempt to force the use of less-preferred application >> > protocol even where protocol options are incompatible. This >> > supplements application-layer protocol negotiation (ALPN), which >> > allows choices between compatible protocols to be authenticated. >> > >> > >> > The IETF datatracker status page for this draft is: >> > https://datatracker.ietf.org/doc/draft-ietf-tls-snip/ >> > >> > There is also an HTML version available at: >> > https://www.ietf.org/archive/id/draft-ietf-tls-snip-01.html >> > >> > A diff from the previous version is available at: >> > https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-snip-01 >> > >> > >> > Internet-Drafts are also available by rsync at rsync.ietf.org: >> :internet-drafts >> > >> > >> > _______________________________________________ >> > TLS mailing list >> > TLS@ietf.org >> > https://www.ietf.org/mailman/listinfo/tls >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] I-D Action: draft-ietf-tls-snip-01.txt internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-snip-01.txt Martin Thomson
- Re: [TLS] I-D Action: draft-ietf-tls-snip-01.txt Ben Schwartz
- Re: [TLS] I-D Action: draft-ietf-tls-snip-01.txt David Benjamin
- Re: [TLS] I-D Action: draft-ietf-tls-snip-01.txt Ben Schwartz
- Re: [TLS] I-D Action: draft-ietf-tls-snip-01.txt Martin Thomson