[TLS] ServerHello layout in TLS 1.3
Hannes Mehnert <hannes@mehnert.org> Sat, 12 December 2015 12:08 UTC
Return-Path: <hannes@mehnert.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA5651A7030 for <tls@ietfa.amsl.com>; Sat, 12 Dec 2015 04:08:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FV6JNlevDlUF for <tls@ietfa.amsl.com>; Sat, 12 Dec 2015 04:08:25 -0800 (PST)
Received: from mail.mehnert.org (mail.mehnert.org [213.73.89.200]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4563C1A7034 for <tls@ietf.org>; Sat, 12 Dec 2015 04:08:25 -0800 (PST)
Received: from [192.168.0.11] (cpc30-cmbg15-2-0-cust247.5-4.cable.virginm.net [86.4.51.248]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "hannes@mehnert.org", Issuer "mehnert root CA" (not verified)) by mail.mehnert.org (Postfix) with ESMTPS id A294E19F6 for <tls@ietf.org>; Sat, 12 Dec 2015 13:08:22 +0100 (CET)
To: "tls@ietf.org" <tls@ietf.org>
From: Hannes Mehnert <hannes@mehnert.org>
Openpgp: id=11B5464249B5BD858FFF6328BC896588DF7C28EE
X-Enigmail-Draft-Status: N1110
Message-ID: <566C0E25.5080703@mehnert.org>
Date: Sat, 12 Dec 2015 12:08:05 +0000
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha384"; protocol="application/pgp-signature"; boundary="wGrkF2RVko0XO0xVpar5qXRuG5vNCECmR"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/DbYk_PuKk_aWmRG2HlJT1WrUnL8>
Subject: [TLS] ServerHello layout in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Dec 2015 12:08:27 -0000
Hi, while implementing the TLS 1.3 draft, I came across the modified ServerHello message - it does neither contain a SessionID nor a CompressionMethod field. This makes code which supports both TLS 1.3 and earlier versions more complicated*: a client sending out a ClientHello does not know which protocol version the server is willing to talk. Thus, depending on the protocol version inside of the server hello, the remainder of the packet needs to be parsed. I'm not sure whether it is worth to safe two bytes (empty SessionID and NULL CompressionMethod) to introduce such an intrinsic dependency. Is there a reason behind this change, apart from cleanup? Thanks, Hannes *: It is not hard to implement a conditional here, but it makes the control flow of the code unnecessary complex imho, especially since up to TLS-1.2 client and server hello can be parsed by the same function (modulo the list vs single ciphersuite and compression method, see https://github.com/mirleft/ocaml-tls/blob/99384104e09b21a736872854e0a69615a4545780/lib/reader.ml#L295-L327).
- [TLS] ServerHello layout in TLS 1.3 Hannes Mehnert
- Re: [TLS] ServerHello layout in TLS 1.3 Eric Rescorla
- Re: [TLS] ServerHello layout in TLS 1.3 Dave Garrett