Re: [TLS] PR#28: Converting cTLS to QUIC-style varints
Mohit Sethi M <mohit.m.sethi@ericsson.com> Wed, 07 October 2020 17:47 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9CFC3A0CB3 for <tls@ietfa.amsl.com>; Wed, 7 Oct 2020 10:47:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.514
X-Spam-Level:
X-Spam-Status: No, score=-3.514 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.213, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0B-5tYBhLws for <tls@ietfa.amsl.com>; Wed, 7 Oct 2020 10:47:20 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20059.outbound.protection.outlook.com [40.107.2.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 667FD3A0C9A for <tls@ietf.org>; Wed, 7 Oct 2020 10:47:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mhclr3345Rg/1DOxjm0bFwVPolajPuYVFu7qGwTdZ6GnmBJKthw9fZ8xq1O/osOnwKBR+NjxZQROfri6ijG7a+CKjLeYgRkUX300zjDVN0NBZyswS04GqjOTzUCvg2/VOmUKz+lHIU8VAukvlvUlB1g48nCN89YKv20WkU9YtlQs94CbPz/A2CAhzVIUdtSyhKI+15RL8KxXnbOeSnMtdrvqClx+fzY60t7zhWPKvoY0AtXMKU0jFVeo2FQ2w7QsvgGJ0D7vvb7YSI47IOcTv6+VUFLEJW2tZOyLlkMaUpW1uip/9Qsb1UcbXUaUo59EV8S3d9bQQyFIeF0TWzWaIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fcHi8ji/flSBWad9uvfgE0X1sqsyBko58/xfO1TY8L4=; b=I/PrWNM1lN6FgitJQB8Abn/Bek1H9vwNtARl94FvvCM0Lf//cOvMMeL+ZnRQ08c7lFZg4aLWxlpuXYs2Al6XicZIoSEpeteD3jZuRAK7js5nDHxa9wuknbIVXYba4ZsBHdnfg699FRYeIcGuV1/lipA8h+Od6wJ+sv5yXlUKA67WzFzzHZbwwVVI6/Oiwgrqx1zCm2j11f9b5jDqbOJihGvy/nt1SLkobkmPqU+Ndbh6JY2aqE80/zGyzHL7kh6hWjXQ8FJPVGZqvWC0/A7kLUUT89E9hXYx8tAaMcjYB3MhLBg5tzc9Sc+SBmsLvRAIQV8QaCJAYXm73g+lZ7TDig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fcHi8ji/flSBWad9uvfgE0X1sqsyBko58/xfO1TY8L4=; b=s1CCO2l9rDRUNBo4vrEHkPs3H8tdJEppEz40dx+LsfUCIWFlWNtrs2ssRrHq4X/kJUvEQAy36PXHoMkh6Y4gZRvT7ehAh6XiORLFiO12eGjbC/mvSfFzGcFwN66ESWRWGYmOAU8Snn55X3GSWPsfMXeV4m3KwIctFR2Ud6CT7Ag=
Received: from HE1PR07MB3209.eurprd07.prod.outlook.com (2603:10a6:7:32::14) by HE1PR0702MB3547.eurprd07.prod.outlook.com (2603:10a6:7:85::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.13; Wed, 7 Oct 2020 17:47:12 +0000
Received: from HE1PR07MB3209.eurprd07.prod.outlook.com ([fe80::1550:2d88:a5be:95ca]) by HE1PR07MB3209.eurprd07.prod.outlook.com ([fe80::1550:2d88:a5be:95ca%6]) with mapi id 15.20.3455.023; Wed, 7 Oct 2020 17:47:12 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: Watson Ladd <watsonbladd@gmail.com>, Christian Huitema <huitema@huitema.net>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] PR#28: Converting cTLS to QUIC-style varints
Thread-Index: AQHWnNHiaVI1NS22a0OA6GEJUmjn9A==
Date: Wed, 07 Oct 2020 17:47:12 +0000
Message-ID: <0fbf5f36-9480-ceb6-dc20-5e27e41061a8@ericsson.com>
References: <CABcZeBPNFhGoLhgqeR9ObwyU68BYq=hXG1PhXcqNsNDNFGGyaw@mail.gmail.com> <CAOYVs2rEDtgJFVpiQkcaaYG2LAyW1hB5Cou4kUoG2_dkxMFTww@mail.gmail.com> <CABcZeBP3BUDEeiV2T-kxYTmC841XE_BrXhPHSoRqfdH0hHd-6w@mail.gmail.com> <BBA456AB-EC42-47DD-A3E3-5FC0E9E7A534@akamai.com> <53DD7D0D-D325-4246-86F2-C409875134FB@ll.mit.edu> <8e8ca76e-37ce-ce10-ae42-ea26d87c35fc@pobox.com> <9CED80DA-FAE7-4C7F-9687-3B61B63587E9@akamai.com> <a49d4b8c-cf49-51df-0c6b-332a4459f318@pobox.com> <b8f4597c-37de-0092-6179-c6bf275c20f9@huitema.net> <CACsn0c=V035wmmhwTzJoREHwmGJmVujcdm0LQKQqLCCBRzv4oQ@mail.gmail.com>
In-Reply-To: <CACsn0c=V035wmmhwTzJoREHwmGJmVujcdm0LQKQqLCCBRzv4oQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [2001:14bb:140:34a4:43da:bde5:a265:cf55]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ef4be92f-702b-4c8d-f398-08d86ae9057c
x-ms-traffictypediagnostic: HE1PR0702MB3547:
x-microsoft-antispam-prvs: <HE1PR0702MB35476645B3DB4C1E241F2A48D00A0@HE1PR0702MB3547.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JB61VTOMNjo1E94sMOv9rfMNBtPeM3MLhLv5bLRhZilMuOtRMwE59eoFNe1JwSQn5iIL9K+PdUn0uM7FCIbDXRf5NGGORyl2AJg1AcPXyMqwzjTvhPZ2R3VOBkjWLmCUFgQtcvofmDsLbtAwoFIdy8YEmoZ7Ra1ZRgaXRkyAaxxI8x4f9IZglLwQJyh78rs0pSeeTUul7dVeq4aVm+oeib/asNsRnqPamWuajV6XKyZ1CtQCNiTKMnkkn9C6GLvwfouG6i207xUQuvxDL6wYNBK6s8JzKYRmu8nlp5Cmf9HxzWEDGjvjh2JJbYQWu/4iJeJq78dKgYij40iUCYMdR8ew+G1LI/4WuBBV6lPq7B4Kxw7+IROKM5P77IJZdhbcS4HcSSC4rHHSApHUDghMM3aX1K207wstc5iB65JBEmPZPDEdHAXpErQrQ/p0dh9cUCqwK8uK9CsK36/y6n+dGQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB3209.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(376002)(396003)(39860400002)(346002)(6486002)(4326008)(83080400001)(186003)(86362001)(6512007)(36756003)(8936002)(8676002)(6506007)(53546011)(71200400001)(5660300002)(2616005)(478600001)(110136005)(966005)(316002)(31686004)(76116006)(66446008)(64756008)(66556008)(66476007)(66946007)(83380400001)(31696002)(2906002)(43740500002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: ubHcvUOfB21MoO/ys+0bbYOAwD2q87/Srj5EHXGbHUFn6vKcyu1nOHMMfhYedRASaYmRtEiLsAt75iDo6qPtpFwRzZZIUzpQMz8J1SZcVEWt1s2nYfaF9jSwIJF0jqZQmPSQIC+kQwvHGYoEyDrTtIm4SamPp88cJ02y87WSeGWHFdDuiNbsuDbV62zdoT7I5aBABslohO0bPl1zmCsnYJqKe6cN5nBthAHHh3hH56yBWOhOq+6YoBNoRUSH8ufKHNW3nq9Uiesro++G3axRt95XtW6XkjpHIyIRVAvn2fsdz6ySrWr91gG/I/Xh3vjeI5OXPGhgYdqw0NmQvmAEG1Uycpq3tJnAOab4h+FVg9ieW/3h2wiiOlp2PCbFFIiVZUXmWTOxVrL6Gd5EeU2eSyWXBNqi7UmJJ3AxahvscoD7u2SgdxgM5fehAfaEB942S/zwqT4vUqxzB5IvBl3iFJyFcpvafPNcQxkR5yxcOdNsuDo5U4u1zpw7DX1S7pBYcIAlBXHmYyKSI66TMDYk5oSyAlHkj/pVqne+ifrZ2kRY8XabhdyYAR+vFf71chcDnmn/lMF5xicgc1fnMpjysuXioYmcPxKWVrUdtTsfDJCtPvh4HYAv/qLfSSMXSAlNf1EHerO1kk7qlXHa83CYRZBVFLMSh6v1yiEi929HhZXT5Yg2ZXsAjYCE5iDcafZ1h1yamm5jqYULIceXcHlewg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <E88EEB7BC479C0449872A2BBB79E9AB7@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB3209.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ef4be92f-702b-4c8d-f398-08d86ae9057c
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2020 17:47:12.3315 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /ekH3nKQxY5QyFzwe70O8O4PifTssmTVf1DJ+0p9uYgTQr4Jah2hFxbhOFfeRtYcszrZ8dXun/98WORcCn2Q1Nx/ROqqS1axRJAWkDr/QtA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3547
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/B_sALeopWJ9swA90YN9Ai6tQljU>
Subject: Re: [TLS] PR#28: Converting cTLS to QUIC-style varints
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 17:47:23 -0000
A strong +1 on the security issues of decode -> extract -> re-encode -> verify signature flow. The lack of canonical encoding can also mean that the resulting bytes can be different in different encoder/decoder implementations. It would have been nice to have canonical JSON. Some implementations support it with flags such as "JSON_PRESERVE_ORDER" (https://jansson.readthedocs.io/en/2.8/apiref.html) Some specs try to specify things like keys should be in alphabetical order but fail to realize the complication with nested structures. CBOR has thankfully specified canonical representation (called as deterministic encoding in 7049bis). Some CBOR libraries have added support: https://github.com/agronholm/cbor2/issues/6. --Mohit On 10/7/20 7:30 AM, Watson Ladd wrote: > On Tue, Oct 6, 2020 at 10:13 AM Christian Huitema <huitema@huitema.net> wrote: >> On 10/6/2020 10:00 AM, Michael D'Errico wrote: >> >>> It matters in X.509 certificates because the basic >>> encoding rules (BER) allow you to specify the same >>> thing in different ways. With DER, there is only >>> one way to encode every element, so everybody will >>> come up with the same string of bytes and hashes of >>> those strings will be the same, signatures will >>> verify, etc. >> >> Well, we have learned a few things since 1994. The DER rules are defined >> to allow a "re-encoding" workflow: >> >> * Sender side: prepare the message, encode with DER, sign the result >> >> * Receiver side: receive the message, parser with generic ASN.1 decoder, >> process the message using the "parsed" representation, re-encode with >> DER, check the signature. >> >> Experience showed that this workflow is very problematic, because the >> parse/reencode process may introduce subtle changes and the signature >> will fail. One may argue that these changes are due to implementation >> bugs, but fact it that this is a rich environment for growing bugs. >> Based on experience, the receiver side is better done as: >> >> * Receiver side: receive the message, save it, parse and process, and >> when it is time to verify the signature go back to the original message >> and check the signature. > Examining signed data ahead of verification, particularly to determine > what should have signed it, is fraught with issues. In particular > parser errors that would only be exploitable by trusted parties become > exploitable by anyone. Furthermore, you should know the expected > signer ahead of time. That this isn't possible in X509 due to > inordinate flexibility is one of many pitfalls for implementors. This > sort of issue periodically leads to authentication bypasses and other > such fun. A strong +1 to this. > > Sincerely, > Watson Ladd > > > > -- > Astra mortemque praestare gradatim > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] PR#28: Converting cTLS to QUIC-style varints Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Marten Seemann
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Martin Thomson
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Salz, Rich
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Marten Seemann
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Christian Huitema
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Rob Sayre
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Hannes Tschofenig
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Martin Thomson
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Salz, Rich
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Salz, Rich
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Salz, Rich
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Christian Huitema
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Nick Harper
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Martin Thomson
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Nick Harper
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Christian Huitema
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Peter Gutmann
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Watson Ladd
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Mohit Sethi M
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Anders Rundgren
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Mohit Sethi M
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Michael D'Errico
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Salz, Rich
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Hannes Tschofenig
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Eric Rescorla
- Re: [TLS] PR#28: Converting cTLS to QUIC-style va… Mohit Sethi M