Re: [TLS] Fwd: Clarification on interleaving app data and handshake records
Hubert Kario <hkario@redhat.com> Fri, 16 October 2015 09:50 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83CBD1B34C9 for <tls@ietfa.amsl.com>; Fri, 16 Oct 2015 02:50:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dwZ5EtPaZxUJ for <tls@ietfa.amsl.com>; Fri, 16 Oct 2015 02:50:43 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 133DD1B34C8 for <tls@ietf.org>; Fri, 16 Oct 2015 02:50:42 -0700 (PDT)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (Postfix) with ESMTPS id 6B5EBC0B64C1; Fri, 16 Oct 2015 09:50:42 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (ovpn-112-54.ams2.redhat.com [10.36.112.54]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t9G9obMi012919 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 16 Oct 2015 05:50:41 -0400
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Fri, 16 Oct 2015 11:50:30 +0200
Message-ID: <55580670.jzLYtZ8hkN@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.9 (Linux/4.1.10-200.fc22.x86_64; KDE/4.14.11; x86_64; ; )
In-Reply-To: <CABkgnnUZpvH4F5d42geQ4Y5h5tf5POHjTr9PpfemLtir0kavFg@mail.gmail.com>
References: <20151014154401.DF1401A2E6@ld9781.wdf.sap.corp> <561EDAAA.3050600@baggins.org> <CABkgnnUZpvH4F5d42geQ4Y5h5tf5POHjTr9PpfemLtir0kavFg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1526812.lyuG49bKPV"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/AsYtoYy_BBGFtHSQh9_gyfegKF8>
Subject: Re: [TLS] Fwd: Clarification on interleaving app data and handshake records
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2015 09:50:44 -0000
On Wednesday 14 October 2015 16:06:00 Martin Thomson wrote: > On 14 October 2015 at 15:43, Matt Caswell <frodo@baggins.org> wrote: > > "highly dangerous idea" > > Wrong Martin. I agree that there is a need for caution, but in > reality, it's not like you can use renegotiation to hand-off to > someone else entirely. The person you are talking to hasn't changed. > What is dangerous is making assertions about *new* things that the > renegotiation introduces. Also, we're talking with a peer that does implement RFC 5746, so we can be *sure* that we're talking to the same peer still. So the problem happens when application is querying the library for connection information (certificates mainly) and getting info from new connection while still actually receiving application data from the old context. The problem is, that we can verify the handshake only after we receive Finished message, until then, the server can present any certificate it wants and client has no way of verifying if it (for *DH it can even receive information sent by client after its Finished message). For server it's nicer, as the certificate can be verified much quicker (in the same flight), but the window still exists. That makes it dangerous when going from low to high security context, not so much other way round. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
- [TLS] Fwd: Clarification on interleaving app data… Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Ilari Liusvaara
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Rex
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … David Benjamin
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Thomson
- Re: [TLS] Fwd: Clarification on interleaving app … David Benjamin
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Thomson
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Martin Rex
- Re: [TLS] Fwd: Clarification on interleaving app … Matt Caswell
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Clarification on interleaving app data … Short, Todd
- Re: [TLS] Fwd: Clarification on interleaving app … Kurt Roeckx
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Peter Gutmann
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Yoav Nir
- Re: [TLS] Fwd: Clarification on interleaving app … Watson Ladd
- Re: [TLS] Fwd: Clarification on interleaving app … Kurt Roeckx
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Karthikeyan Bhargavan
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario
- Re: [TLS] Fwd: Clarification on interleaving app … Hubert Kario