IETF Logo Mail Archive

Re: [TLS] comments on draft-ietf-tls-tls13-19

Nikos Mavrogiannopoulos <nmav@redhat.com> Sat, 22 April 2017 06:49 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25B221287A7 for <tls@ietfa.amsl.com>; Fri, 21 Apr 2017 23:49:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.874
X-Spam-Level:
X-Spam-Status: No, score=-5.874 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_12_24=1.049, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fFo7MXfayj9G for <tls@ietfa.amsl.com>; Fri, 21 Apr 2017 23:49:55 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D49C5124BFA for <tls@ietf.org>; Fri, 21 Apr 2017 23:49:55 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 89BC7C21865A; Sat, 22 Apr 2017 06:49:54 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 89BC7C21865A
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=nmav@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 89BC7C21865A
Received: from ovpn-204-17.brq.redhat.com (ovpn-204-17.brq.redhat.com [10.40.204.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C564B6031D; Sat, 22 Apr 2017 06:49:53 +0000 (UTC)
Message-ID: <1492786351.14070.2.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
In-Reply-To: <CABcZeBMCZrVKM959F3ycKN_WAky2NAZTy9OOetnC+KJAj3L+Pw@mail.gmail.com>
References: <1490797726.28079.18.camel@redhat.com> <1490797957.28079.20.camel@redhat.com> <CABcZeBMCZrVKM959F3ycKN_WAky2NAZTy9OOetnC+KJAj3L+Pw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Fri, 21 Apr 2017 16:52:31 +0200
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Sat, 22 Apr 2017 06:49:54 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EYBuwWOqKrQ24BO3Kbhyb7fCYK0>
Subject: Re: [TLS] comments on draft-ietf-tls-tls13-19
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Apr 2017 06:49:58 -0000

On Tue, 2017-04-11 at 13:47 -0700, Eric Rescorla wrote:

> > 4.1.1. HelloRetryRequest how many times can it be re-sent by the
> > server? I assume only a single one, but it maybe good to make it
> > explicit.
> 
> This is forbidden in S 4.1.4.
> https://tlswg.github.io/tls13-spec/#hello-retry-request
> 
>    If a client receives a second HelloRetryRequest in the same
>    connection (i.e., where the ClientHello was itself in response to
> a
>    HelloRetryRequest), it MUST abort the handshake with an
>    “unexpected_message” alert.
>    
> Does this seem sufficient?

I must have missed it. Yes, it seems fine.

> > 4.4.2.1.  OCSP Status and SCT Extensions
> > This is a very nice addition to TLS 1.3. Something that I miss as
> an
> > implementer is guidelines on how to determine the (time) validity
> of an
> > OCSP stapled response. Here my point is that OCSP responses have
> > several fields optional (e.g., nextUpdate), which make a validation
> to
> > be hand-wavy. It would be nice to have a profile of OCSP responses
> that
> > would be recommended for use in TLS, as well or a recommendation of
> > what constitutes a "fresh" response for use in TLS.
> 
> Do you have any thoughts on what text we should insert here? I admit
> to being not that familiar with the practical matters of OCSP
> stapling.

My issue with OCSP when used under TLS was how to determine the
validity of the response when the nextUpdate field is missing. I've
added some text for that introducing an (arbitrary) upper limit at:
https://github.com/tlswg/tls13-spec/pull/974


> > 5.1. I miss a maximum number of alerts received per session, or
> some
> > other alert limiting mechanism (having CVE-2016-8610 in mind).
> 
> All alerts now result in connection termination, so the limit
> seems to implicitly be 1.

Nice.

> 
> 
> > 7.5. There is no definition of early_exporter_secret, and it is
> unclear
> > why it is even mentioned. In short how is this supposed to be used,
> and
> > why should implementations consider adding an interface to it?
> 
> It is defined in:
> https://tlswg.github.io/tls13-spec/#key-schedule
> 
> I added some text to explain why you would want it.

Thanks. There is a typo on that description "is define for use" -> "is
defined for use".

 
regards,
Nikos

v2.23.0 | Report a Bug | By Email