[TLS] TLS Flags Open Question

Yoav Nir <ynir.ietf@gmail.com> Sat, 05 December 2020 15:05 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0373B3A0CF2 for <tls@ietfa.amsl.com>; Sat, 5 Dec 2020 07:05:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vtVgJuZN5t1y for <tls@ietfa.amsl.com>; Sat, 5 Dec 2020 07:05:07 -0800 (PST)
Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3824A3A0CEF for <tls@ietf.org>; Sat, 5 Dec 2020 07:05:07 -0800 (PST)
Received: by mail-ej1-x633.google.com with SMTP id b9so2701140ejy.0 for <tls@ietf.org>; Sat, 05 Dec 2020 07:05:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:date:to; bh=RcRQ7EQL+5kR8KxGo9rxtJf5X4XOFRftFQAXKUUjt0s=; b=O+GAyApADuhinQ6Agt4x3nxgwoXg4khC9GhNBSHFD6DnIzCUJqK9542khP++R4EKGq 0cwX2d8PIgNNHya3+HAJNUR436sS7pQ0Uv0UV6Y0eyzsWwA7WhGQuDSBz8BoPDKXwarH 0ippb7O6Yadd+eyr0CEfWziWJXP7/yr/6qEiG27PQgfIyCyYuRxWYxoGl0TUl54amoIf WZgRO36G4gwgDuEMwKSzqa1GldBcHAfP1Hcmyah/39ot/J70eiJmFLG1bBUKc3Zl9nnh w9lBZ+/FY0AnHVQpL63u0MFAcpwy79C6711q01eYZES8pEg5qgTt8QbOCC5SxCdf81Hu t4wg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=RcRQ7EQL+5kR8KxGo9rxtJf5X4XOFRftFQAXKUUjt0s=; b=fdQHAYRYSy+T4TLHvftUgQ7S4KvNz5wuwXVDIk320P3SfTuJJ92CNYDNvLYh4J+8i6 yE3nrV38EHSFn+/cHwbMtZMS/jkMiZC4UwQhawqHTr42jregQEOAw1KmBMo7+QMSJXrJ ABJzFILO86lmlzuoR6u7MdVyJUSZKvsXYyfxb+rRvZhlW9//AMlnatwFZiWkCo+oX9kO 4JEGHcaz1dKH7Xi9dWoF2vWUC6blfzNrB+lP7zU1jZTFCaKbiuDXzf5XqRfs2LD44f8N 240C1AI8k+M24uIiZho6WpQQWcS6Wj383yShBtddBNQ4MGp3JNephWFVyjPTwMbbiAaU g+5A==
X-Gm-Message-State: AOAM530fu4dPH0sXYUXQ+yQaNQsR7D61vzaDk02V7Bs4Ue068izv5hd/ QXlMLSZKNiyY6sIxpj1F9u9JF8LjDQOHeQ==
X-Google-Smtp-Source: ABdhPJyknOU0VSOwcRLkzyG8C4jxTLSA4nFWm9gqJcjDPG4/jNYsukwI+GAjW0AHhNipZu0LC862Cg==
X-Received: by 2002:a17:906:aacd:: with SMTP id kt13mr11500005ejb.527.1607180704961; Sat, 05 Dec 2020 07:05:04 -0800 (PST)
Received: from [192.168.1.15] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id u26sm5696377edo.37.2020.12.05.07.05.02 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 05 Dec 2020 07:05:03 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_8F57BAEE-0309-4950-B1CA-655190096898"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.20.0.2.21\))
Message-Id: <D83A814D-F420-47A2-8F80-BD68988F97F8@gmail.com>
Date: Sat, 5 Dec 2020 17:04:58 +0200
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3654.20.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/C_bPE4BtdpIV3FzacXj1aRKRVcI>
Subject: [TLS] TLS Flags Open Question
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2020 15:05:09 -0000

Hi.

At IETF 108 a question was raised about The TLS Flags extension.  What  payloads on the server side can include this extension?

The “candidates” are ServerHello, EncryptedExtensions, Certificate, and NewSessionTicket.

The only one that is controversial here (I think) is ServerHello, because it is not encrypted.  Looking at the current list of extensions, I see that only 6 can go in ServerHello:
password_salt
tls_cert_with_extern_psk
supported_ekt_ciphers
pre_shared_key
supported_versions
key_share

Of those, only one would be (if it hadn’t already been standardized) a candidate for the TLS-Flags extension: tls_cert_with_extern_psk.  The RFC describes it with “The “tls_cert_with_extern_psk" extension is essentially a flag to use the external PSK in the key schedule”.  I don’t think it’s unreasonable to think that at some point there’s going to be another flag-like extension that will need to be signalled in ServerHello.

So the question for the group is, do we allow the flags extension (and the flags themselves) to be in ServerHello, or do we prohibit them for now, and if ever an extension does need to signal in ServerHello, it can update the TLS-Flags RFC at that time?

My vote would be to allow it in all places, and trust the process not to place flags that should be encrypted in payloads that aren’t, but either way, we need working group consensus.

Thanks

Yoav