Re: [TLS] coalescing of CCS messages
Eric Rescorla <ekr@rtfm.com> Mon, 12 February 2018 14:38 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F23FF129516 for <tls@ietfa.amsl.com>; Mon, 12 Feb 2018 06:38:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9rgdyhKUMLxq for <tls@ietfa.amsl.com>; Mon, 12 Feb 2018 06:38:37 -0800 (PST)
Received: from mail-yw0-x22b.google.com (mail-yw0-x22b.google.com [IPv6:2607:f8b0:4002:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FFA3126C2F for <tls@ietf.org>; Mon, 12 Feb 2018 06:38:37 -0800 (PST)
Received: by mail-yw0-x22b.google.com with SMTP id c78so9984132ywb.13 for <tls@ietf.org>; Mon, 12 Feb 2018 06:38:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=FMy6HYql1riFReO7cAblC+LIQY8LAaNAkxljYz+LHIA=; b=p7yeQw9XbRsQUyrm8EmyQCAKAwXn8Mcf6v+bo/R15y1tqljuIR2+lIx/Y+CPhb+fIF 12ZjhpctYpvyz5TlpCygQJq4UDBKvHiBPqxf0ta8NQsNyJ1f/2htZgIp/gDUi5N98PTR 0A0OCTPbUu86noMTt+P9eLJm47cD44FkfTxa5/m/C7PVRRtrtPbfzIJiKQ53kZmc7JWD u9YiMX9P7W3+JknV+5JTCZrBkILKMTaesOfkbGXNtzdLFIgmq6Qr/n931pCSObhmXOLc AmGZlGgdRr2bkeHiWtXJsxbJI9UvQFooazrb/GBPTiaz/ge4aLWvgsWiT1kFjIr7uJd8 rOUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=FMy6HYql1riFReO7cAblC+LIQY8LAaNAkxljYz+LHIA=; b=nARyj0IMOaPv/wFHk2LHCXseNna4r9qaIb9U00g67+erbh5G2kRgBEVPc+iXtz3Fq+ j9/zxjhEnEF2WAFBzMdQsoScrEK/vn/BMieurUXeBu6txfXbjplOfapyuyUR6B126qPs QwcdLr/WqsZFd3Qj3Wfjd5So5jmh4Wq/v8BR+H0UDCgLB05lDPJAEv1vX2bGE7E/Ejwl GgkMRBCXJxgYMPBUZKmWlAR4+ks2tgyDTeOk20LuzLr3Wfm1AnJFTes/al34g9X4b6YY 9bype8h6dg0cKS+r6qKZ9yPC84kI9NJERXSFuvDkGqF4LF2120cChJc8Pw/eBzYLBYVN wNfg==
X-Gm-Message-State: APf1xPCwnd9p+U0NiHr51gmDjrU88a7tfpSsVB7FJei8ZOnHMwTeDO4q jxa1JfuVHxz5P8w02H1ogT+VjOQb8JlN25i3riwBIQ==
X-Google-Smtp-Source: AH8x224B1hb6gbdxFB3sgDBUXVQgNgI1dB01zbrnR0S9bVIeVeJBnLW5rJkcQBs1RNmYbqbJOkuVDFUlhnIZc0g1Nfo=
X-Received: by 10.129.201.2 with SMTP id o2mr4991664ywi.2.1518446316411; Mon, 12 Feb 2018 06:38:36 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.160.201 with HTTP; Mon, 12 Feb 2018 06:37:55 -0800 (PST)
In-Reply-To: <48986853.OUDrGe6E9e@pintsize.usersys.redhat.com>
References: <48986853.OUDrGe6E9e@pintsize.usersys.redhat.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 12 Feb 2018 06:37:55 -0800
Message-ID: <CABcZeBMeRDFdHQCXoBaAyZ6Cd5VAEmEfTnW+59ZO_iK4iMiTxg@mail.gmail.com>
To: Hubert Kario <hkario@redhat.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="089e0821ead84d23d8056504d5dd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BPY1EAjvJAIWJs9q4IDR9R45XHI>
Subject: Re: [TLS] coalescing of CCS messages
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2018 14:38:39 -0000
On Mon, Feb 12, 2018 at 6:10 AM, Hubert Kario <hkario@redhat.com> wrote: > Rules for CCS messages in record layer are missing, allowing in theory > sending > multiple CCS messages in a single record layer > > I've proposed a PR that requires the same kind of processing rules for CCS > and > Alert messages: https://github.com/tlswg/tls13-spec/pull/1146 - no > fragmentation and no coalescing. That automatically solves the empty CCS > record case. > https://tlswg.github.io/tls13-spec/draft-ietf-tls-tls13.html#record-protocol "An implementation may receive an unencrypted record of type change_cipher_spec consisting of the single byte value 0x01 at any time after the first ClientHello message has been sent or received and before the peer’s Finished message has been received and MUST simply drop it without further processing. Note that this record may appear at a point at the handshake where the implementation is expecting protected records and so it is necessary to detect this condition prior to attempting to deprotect the record. An implementation which receives any other change_cipher_spec value..." And of course Alert already has this rule: "Alert messages (Section 6 <https://tlswg.github.io/tls13-spec/draft-ietf-tls-tls13.html#alert-protocol>) MUST NOT be fragmented across records and multiple Alert messages MUST NOT be coalesced into a single TLSPlaintext record. In other words, a record with an Alert type MUST contain exactly one message." -Ekr > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
- [TLS] coalescing of CCS messages Hubert Kario
- Re: [TLS] coalescing of CCS messages Eric Rescorla