Re: [TLS] Sending fatal alerts over TCP

Marsh Ray <marsh@extendedsubset.com> Tue, 20 December 2011 18:12 UTC

Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0F7721F85EF for <tls@ietfa.amsl.com>; Tue, 20 Dec 2011 10:12:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5hjcOgY+4zg for <tls@ietfa.amsl.com>; Tue, 20 Dec 2011 10:12:38 -0800 (PST)
Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) by ietfa.amsl.com (Postfix) with ESMTP id 4473A21F85A7 for <tls@ietf.org>; Tue, 20 Dec 2011 10:12:38 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.72) (envelope-from <marsh@extendedsubset.com>) id 1Rd4B3-000INY-Qv; Tue, 20 Dec 2011 18:12:37 +0000
Received: from [192.168.1.15] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id D4DC76067; Tue, 20 Dec 2011 18:12:35 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX19+BhcOsy0iIAzwodCDFC3h0e53P7jF34Y=
Message-ID: <4EF0D014.1050907@extendedsubset.com>
Date: Tue, 20 Dec 2011 12:12:36 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.23) Gecko/20110921 Thunderbird/3.1.15
MIME-Version: 1.0
To: Florian Weimer <fweimer@bfk.de>
References: <82ehvzidu4.fsf@mid.bfk.de>
In-Reply-To: <82ehvzidu4.fsf@mid.bfk.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Sending fatal alerts over TCP
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Dec 2011 18:12:38 -0000

On 12/20/2011 07:15 AM, Florian Weimer wrote:
> TCP has the property that connection shutdowns can overtake application
> data if connections are used in full-duplex mode.
>
> Here's an example:
>
>    X sends a fatal TLS alert to Y
>    X shuts down the connection
>    Y sends data to X
>    X receives from Y, sends RST to signal data loss to Y

This would seem to be against the spirit of
http://tools.ietf.org/html/rfc793 (section 3.5. Closing a Connection) 
which says "Users must keep reading connections they close for sending 
until the TCP says no more data."

>    Y receives RST
>
> At this point, when Y tries to send further data, it will receive EPIPE
> from the sockets API.  When it tries to read data, it will receive
> ECONNRESET.  According to the socket API sepcification, there is no way
> to access the initial TLS alert.

My interpretation is that RSTs are generally to be avoided by 
properly-coded applications and a fatal TLS alert should not prevent the 
graceful close of the TCP socket.

I have heard of client apps that crash badly upon receiving an RST. 
(Alternatively this could be used to argue that they should be sent much 
more frequently, but that's another discussion :-)

- Marsh