Re: [TLS] TLS 1.3 Problem?

Martin Thomson <mt@lowentropy.net> Tue, 29 September 2020 02:02 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9123E3A1485 for <tls@ietfa.amsl.com>; Mon, 28 Sep 2020 19:02:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=YciGjcNf; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=twRT9PoT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZBv4HfA3eCRz for <tls@ietfa.amsl.com>; Mon, 28 Sep 2020 19:02:19 -0700 (PDT)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E8A13A1483 for <tls@ietf.org>; Mon, 28 Sep 2020 19:02:19 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id B583B9F3 for <tls@ietf.org>; Mon, 28 Sep 2020 22:02:18 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Mon, 28 Sep 2020 22:02:18 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=Udv4j8DzlI3GKw337i+d2KhVRAwqcTz 3YX3geskCXVs=; b=YciGjcNfetLzbuE+Uwm4ecle+MOcP6ljCODDaD+JTXUwIU0 B2CFbYWKzNvPZ25h76yJoOq8jrUECzz7k32ax0u2wTAQC9y3OG7Et2J0ghoNBOkp iD/FqjNkrZrUrZdRYh62R4TfyT3JbQH09ieyekrGPIayo4LcbIBoxgVpETjzeZFI 6DU4V7CDSG6hmPFMl6WHUuAiiAOYalEWpnKvHvEQqnrklGc+rtwRId1kEZUF9e5/ O4+4CteJls9NKTkTPVYCIpSoO2WfKtPQL06VaILUNpsY01r0bC9D7JFeczNLjaWe F2Qy79togUBpqvbj/7lVnot779VFTY8jV5hxRgQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=Udv4j8 DzlI3GKw337i+d2KhVRAwqcTz3YX3geskCXVs=; b=twRT9PoTrN8fhxn7XN+5dO ac6Rs3MqNgz0c1v7wqSAkpvVhRG+vUbS3XWmfr76LtFrSEWEPztgdP4AuPACnoG6 ukQv/Qg6uIrKSv0Vd1QH7/Hyou15rHE7NSA5b03CCDnGCsCbBEUjE0IpdW70E/WH MPuq6Xoq2jTLVv9Okr8nw/Htu9mUqqxS/MMA4OXwzynaz7fqL/isAtHUMpFlHCJf tvIUyGYGKG7y0uaA8W1S/OVe59nI+sOytiGO+cY2Wr+gEQdqohY9wgIXDnAjQa+t nQ7XruC7q1JXYYU02MF6NKV9dFrQbi5YHq4JFpiUJJlWNKSXtOi7pRDeJquDH+pQ ==
X-ME-Sender: <xms:qZVyX1lW0x3dZfTVLzxp7fLc48gCsmXizGtrfYrG7S25o_8TgtCIaQ> <xme:qZVyXw3WkaJYHcT5v5Tj7Q_fBqkfJSb7_aMVDmT9qpD4ShjWJidvzP-gNEB9j7bmE sFLqEDrfoEyIQyxNpw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdejgdehhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepkeetueeikedtkeelfeekve fhkeffvedvvefgkefgleeugfdvjeejgeffieegtdejnecuvehluhhsthgvrhfuihiivgep tdenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:qZVyX7opxM_ci3zE0FndCwu2TAZnEdMq3Q85CvtRz2SB3zipZm7z7w> <xmx:qZVyX1lMXryeFlsGHVSlyYPjvUCl5_fpZgUYm-eTIABcwlbS-_Lkcg> <xmx:qZVyXz08DrlTRiQewVsEucrVF4euRHhiRrGqOziX5gPpYSNJAaQqoQ> <xmx:qpVyX0DTDGnRSPDqG3b-LcKE7sOCuYX7ZmV0csXUI_8Y2Hmsu-x_eg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 994C02006D; Mon, 28 Sep 2020 22:02:17 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-355-g3ece53b-fm-20200922.004-g3ece53b9
Mime-Version: 1.0
Message-Id: <96777977-7707-4311-9876-ca3d53f57f3e@www.fastmail.com>
In-Reply-To: <CACsn0cmbDz3ML8o5moAacqfXqYQo-Hqi53XQL6UoGYcZBwy-Mg@mail.gmail.com>
References: <0c31f2d6-5f8e-2fd6-9a1a-08b7902dd135@pobox.com> <AM0PR08MB37164F2D0E0CE5FB6D62D461FA350@AM0PR08MB3716.eurprd08.prod.outlook.com> <1c7e2f31-8a9e-4bd8-9e80-ab18ebeb609f@www.fastmail.com> <CACsn0cmbDz3ML8o5moAacqfXqYQo-Hqi53XQL6UoGYcZBwy-Mg@mail.gmail.com>
Date: Tue, 29 Sep 2020 12:01:57 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BINJby4TgZnU-I3RMjBxkTlnTEM>
Subject: Re: [TLS] TLS 1.3 Problem?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 02:02:21 -0000

On Tue, Sep 29, 2020, at 10:38, Watson Ladd wrote:
> > Is stateless HelloRetryRequest even being used?  If so, how?

NSS implements HRR this way always.  We pack the necessary state for the connection to continue into the cookie (which is protected with an AEAD).  We can also retain server state, in which case the retained state is compared against the state from the cookie as an extra sanity check.  We chose to do this for a few reasons, but one thing is that it encourages us to use the second ClientHello for negotiating everything.
 
> QUIC depends on it iiuc.

It did, but it doesn't any more.