IETF Logo Mail Archive

Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)

Alan DeKok <aland@deployingradius.com> Sun, 31 January 2021 14:30 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80CC83A0D8A; Sun, 31 Jan 2021 06:30:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FFVCQX_e7okm; Sun, 31 Jan 2021 06:30:40 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B1173A0D87; Sun, 31 Jan 2021 06:30:40 -0800 (PST)
Received: from [192.168.46.129] (24-52-251-6.cable.teksavvy.com [24.52.251.6]) by mail.networkradius.com (Postfix) with ESMTPSA id 9315C540; Sun, 31 Jan 2021 14:30:37 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <MW2PR2101MB092355019C6248626D2CEF96D1B99@MW2PR2101MB0923.namprd21.prod.outlook.com>
Date: Sun, 31 Jan 2021 09:30:36 -0500
Cc: Joseph Salowey <joe@salowey.net>, EMU WG <emu@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>, Martin Thomson <mt@lowentropy.net>, "<tls@ietf.org>" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F0FBEFD6-E46C-4824-BBE6-33FFC93CB356@deployingradius.com>
References: <e669002f-caff-1e6e-e28b-d09157eb0c07@ericsson.com> <6241F0B6-C722-449E-AC3A-183DE330E7B5@deployingradius.com> <9ddd1593-3131-f5cc-d0db-74bf3db697bf@ericsson.com> <3CB58153-8CCA-4B1E-B530-BA67A6035310@deployingradius.com> <CAOgPGoA3U+XpZMY7J+KGovNx6MtAdEzRaGW33xVJdQNWSi4LVg@mail.gmail.com> <770e6a49-52fc-4e8b-91af-48f85e581fbb@www.fastmail.com> <CAOgPGoBGOMXH-kMhQSujWxnACdmBL845u0ouE0fUYc4rWtUrZg@mail.gmail.com> <ca4c526e-79a0-4fa7-abda-2b626795f068@www.fastmail.com> <3409F71E-4CE4-46BB-8079-BFBE9BE83C9A@deployingradius.com> <66157321-55DC-4831-8EF2-D75934D9024C@deployingradius.com> <20210129183220.GI21@kduck.mit.edu> <1A830492-3404-4BCC-844B-D7D950458BD9@deployingradius.com> <CAOgPGoAoFL0aL8-g2waWny=BCod4tN9R==jR_N3kuLPFzvNGOg@mail.gmail.com> <MW2PR2101MB092355019C6248626D2CEF96D1B99@MW2PR2101MB0923.namprd21.prod.outlook.com>
To: Jorge Vergara <jovergar@microsoft.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BHn29MKnvyECfcSI2ESN5Vwj9JM>
Subject: Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jan 2021 14:30:43 -0000

On Jan 29, 2021, at 5:35 PM, Jorge Vergara <jovergar@microsoft.com> wrote:
> 
> [Jorge] The diagrams in the draft mostly imply that the commitment message being the last thing sent, after any NewSessionTicket. As stated, this is problematic since the TLS stack may re-order these, and the NewSessionTicket may have to come in another EAP-TLS fragment entirely if the combined message ends up crossing a fragment boundary.
> 
> In my mind, it is obvious that the rest of the EAP-TLS packet should be processed so that the EAP-TLS client can correctly receive the NewSessionTicket and any other handshake data that may have been in this final message.

  OpenSSL has a feature SSL_MODE_AUTO_RETRY which makes it process TLS messages *after* the Finished message.  i.e. the Session Ticket, etc.  When an application calls SSL_Read(), all of the TLS data is processed, instead of just the "TLS finished" message.  They've made this the default, because most applications get it wrong.

  It would be good for the draft to note that TLS libraries should process all of the TLS messages before handing application data over to the application.

> However, once that complete EAP-TLS packet is processed, the next message from the server should indeed be an EAP-Success, EAP-Failure, or EAP-Request with a TLS Alert Message as draft-13 indicates.

  Section 2.1.1. says:

   After the EAP-TLS server has recieved a EAP-
   Response to the EAP-Request containing the Commitment Message, the
   EAP-TLS server sends EAP-Success.

  Which *could* be seen as mandating EAP-Success, no matter what certificate is sent by the client.  I suggest making this behaviour clearer.  i.e. the document should include something like your sentence above.

> This is currently how the Windows client implementation operates, but it is mostly by chance. If we made the full processing of the EAP-TLS packet explicit, then I think this would resolve the concerns around ordering here.

  I agree.

  I would also like clarification on just what the commitment message does, and why it's needed here, and not for TLS 1.2.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email