IETF Logo Mail Archive

Re: [TLS] Proposed text for removing renegotiation

"Kemp, David P." <DPKemp@missi.ncsc.mil> Thu, 19 June 2014 22:06 UTC

Return-Path: <DPKemp@missi.ncsc.mil>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B5701A044F for <tls@ietfa.amsl.com>; Thu, 19 Jun 2014 15:06:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.851
X-Spam-Level:
X-Spam-Status: No, score=-4.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5OR8Z9kTL4LW for <tls@ietfa.amsl.com>; Thu, 19 Jun 2014 15:06:21 -0700 (PDT)
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3DAB1A03F4 for <tls@ietf.org>; Thu, 19 Jun 2014 15:06:20 -0700 (PDT)
Received: from Mustang.missi.ncsc.mil (mustang.missi.ncsc.mil [144.51.60.149]) by stingray.missi.ncsc.mil with ESMTP id s5JM6JpY032642 for <tls@ietf.org>; Thu, 19 Jun 2014 18:06:19 -0400 (EDT)
Received: from ODYSSEUS.missi.ncsc.mil ([fe80::a8ee:8532:895b:b420]) by Mustang.missi.ncsc.mil ([fe80::dd64:e457:4553:e1ff%14]) with mapi id 14.03.0181.006; Thu, 19 Jun 2014 18:06:18 -0400
From: "Kemp, David P." <DPKemp@missi.ncsc.mil>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Proposed text for removing renegotiation
Thread-Index: AQHPi6kHx49fY5M8bUK7yZHZkjJ7zZt40e8A///nX3A=
Date: Thu, 19 Jun 2014 22:06:17 +0000
Message-ID: <5B1D7E570380A64989D4C069F7D14BC8CB7FDC30@Odysseus.missi.ncsc.mil>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <1402388399.2369.5.camel@dhcp-2-127.brq.redhat.com> <CACsn0cm5OzzjOh5nSXcu-cx+ZYFeJiJ5eGvgwjsWPUeX4ozz2g@mail.gmail.com> <1402476304.2305.8.camel@dhcp-2-127.brq.redhat.com> <CACsn0cmM4KpMgwXo0iTygsQ+En6N3J46jPY-Q3hfwzqG431M1w@mail.gmail.com> <1402648977.6191.36.camel@dhcp-2-127.brq.redhat.com> <CACsn0ck6OxPm8BwuNeAn+wpayaefkAzZtiyjkaQ1sB_4hp0C_Q@mail.gmail.com> <1402990596.2335.18.camel@dhcp-2-127.brq.redhat.com> <53A0AB7E.4050706@fifthhorseman.net> <1403173608.5825.6.camel@dhcp-2-127.brq.redhat.com> <CABkgnnVuTauFLeto3KebbMDFysjpd7rg_dHrTQVZBeS8BktmoA@mail.gmail.com>
In-Reply-To: <CABkgnnVuTauFLeto3KebbMDFysjpd7rg_dHrTQVZBeS8BktmoA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [144.51.60.29]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/BFVHLDPEXUef9JvnDt8EDO8cxTI
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jun 2014 22:06:24 -0000

> And the main point, which is that it's not the lack of a
> notification API for renegotiation that causes the issue,
> it's the fact that it can happen at all.

If there is not general agreement on what "the issue" is, there won't be agreement on how to solve it.  If "the issue" is "we don't like renegotiation", then of course no solution other than eliminating renegotiation will solve it.

But if the issue is that applications on each side of a TLS connection don't have a common understanding of what parameters have been negotiated and when they become effective, then an API that supports data semantics identical to "Close and Open TCP" without actually negotiating a new TCP connection is a valid solution.

An application must be guaranteed that all data sent or received prior to renegotiation uses the old set of parameters and all data sent or received after uses the new set.  The TLS library should arrange for that to happen such that the data flowing in one direction (written on the initiating side) flows continuously over the wire, slowed only by the TLS handshake bytes transmitted in that direction.  Data in the other direction is delayed as necessary to sync with the transition.

Note 2 may be overly restrictive if "handshake process" is interpreted to include any round trips.  It should include only messages that trigger the use of new parameters; there is no reason to block data while sending setup messages that have not yet taken effect.

>> That would make renegotiation a strictly inband process, and 
>> applications would be able to distinguish traffic before and after a 
>> new negotiation  ---> becomes effective <---.

That is the requirement.

Dave



-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Martin Thomson
Sent: Thursday, June 19, 2014 11:28 AM
To: Nikos Mavrogiannopoulos
Cc: tls@ietf.org
Subject: Re: [TLS] Proposed text for removing renegotiation

On 19 June 2014 03:26, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote:
> My counter-proposal would be:
> 1. Removing the Note "If a rehandshake occurs while data is flowing on 
> a connection, the communicating parties may continue to send data 
> using the old CipherSpec."
>
> 2. Adding the text: "During the handshake process implementations 
> SHALL NOT allow application protocol data exchange. Implementations 
> SHALL terminate the session if application protocol data is received." 
> (in DTLS that data may arrive due to network errors so they should be 
> quietly discarded.
>
> 3. Adding the text "Since the authentication credentials may change 
> during a renegotiation the upper layers must be notified of either the 
> new negotiation process or any identity change."
>
> That would make renegotiation a strictly inband process, and 
> applications would be able to distinguish traffic before and after a 
> new negotiation.

That sounds strictly worse than what we have today.

Points 1&2 render the connection unusable, something that many applications can't have.  In many respects - other than TCP congestion window warmup perhaps - this is equivalent to Brian's proposal to remove renegotiation and replace it with nothing, forcing people to make new connections.

And the main point, which is that it's not the lack of a notification API for renegotiation that causes the issue, it's the fact that it can happen at all.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.20.1 | Report a Bug | By Email