Re: [TLS] Singular or multiple NamedGroup(s) in the "HelloRetryRequest"
"Dang, Quynh" <quynh.dang@nist.gov> Fri, 16 January 2015 20:04 UTC
Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2B2F1ACEE4 for <tls@ietfa.amsl.com>; Fri, 16 Jan 2015 12:04:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v7iiXEyI04cE for <tls@ietfa.amsl.com>; Fri, 16 Jan 2015 12:03:57 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0758.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:758]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9B7F1ACEA5 for <tls@ietf.org>; Fri, 16 Jan 2015 12:03:56 -0800 (PST)
Received: from BN1PR09MB0258.namprd09.prod.outlook.com (25.160.80.19) by BN1PR09MB0259.namprd09.prod.outlook.com (25.160.80.20) with Microsoft SMTP Server (TLS) id 15.1.59.20; Fri, 16 Jan 2015 20:03:32 +0000
Received: from BN1PR09MB0258.namprd09.prod.outlook.com ([25.160.80.19]) by BN1PR09MB0258.namprd09.prod.outlook.com ([25.160.80.19]) with mapi id 15.01.0059.007; Fri, 16 Jan 2015 20:03:32 +0000
From: "Dang, Quynh" <quynh.dang@nist.gov>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Singular or multiple NamedGroup(s) in the "HelloRetryRequest"
Thread-Index: AQHQMaN2uE7AF8cZjk6SMXFDlBGPL5zC5FIBgAAPsgCAABMO9YAAB2aAgAAYltw=
Date: Fri, 16 Jan 2015 20:03:31 +0000
Message-ID: <1421438609022.41446@nist.gov>
References: <1421422017019.67267@nist.gov> <CABcZeBNOERvqWcxj2G1FBC5UL5fH_T+dJ53N0RYEgxKepnVJ6w@mail.gmail.com> <1421423478675.87032@nist.gov> <CALuAYvbOCTErh0hb93zok3DkYynx_Z=hbH_YGuZjXV-ZEJ-+Pg@mail.gmail.com> <1421431192333.70850@nist.gov>, <CABcZeBO3XuucggQyR9EXMCGyr+2BfgqxUatntC3md3_cFiXHvw@mail.gmail.com>
In-Reply-To: <CABcZeBO3XuucggQyR9EXMCGyr+2BfgqxUatntC3md3_cFiXHvw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [132.163.219.31]
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-dmarcaction-test: None
x-microsoft-antispam: BCL:0;PCL:0;RULEID:(3005004);SRVR:BN1PR09MB0259;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB0259;
x-forefront-prvs: 04583CED1A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(377454003)(24454002)(199003)(189002)(50986999)(76176999)(92566002)(117636001)(2351001)(105586002)(19625215002)(106356001)(106116001)(2501002)(46102003)(101416001)(36756003)(93886004)(54356999)(19580405001)(64706001)(87936001)(99286002)(2656002)(86362001)(68736005)(2950100001)(19580395003)(102836002)(110136001)(2900100001)(122556002)(97736003)(40100003)(16236675004)(77156002)(19627405001)(62966003)(66066001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR09MB0259; H:BN1PR09MB0258.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; A:1; MX:3; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
Content-Type: multipart/alternative; boundary="_000_142143860902241446nistgov_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jan 2015 20:03:31.9488 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB0259
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/FDiEgU4jJc9mHdGpEiqBmo1bG44>
Subject: Re: [TLS] Singular or multiple NamedGroup(s) in the "HelloRetryRequest"
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2015 20:04:01 -0000
How about replacing the following text in Section 7.3.2
"Meaning of this message:
This message contains the client's cryptographic parameters for
zero or more key establishment methods.
Structure of this message:
struct {
NamedGroup group;
opaque key_exchange<1..2^16-1>;
} ClientKeyShareOffer;
group The named group for the key share offer. This identifies the
specific key exchange method that the ClientKeyShareOffer
describes. Finite Field Diffie-Hellman parameters are described
in Section 7.4.2.1; 7.3.2.1; Elliptic Curve Diffie-Hellman parameters are
described in Section 7.4.2.2. 7.3.2.2.
key_exchange Key exchange information. The contents of this field
are determined by the value of NamedGroup entry and its
corresponding definition.
struct {
ClientKeyShareOffer offers<0..2^16-1>;
} ClientKeyShare;
offers
A list of ClientKeyShareOffer values."
by the following text?
"
Meaning of this message: This message contains the client's cryptographic parameters for zero or more groups for key establishment it supports. The client indicates which group(s) it supports in the "supported_groups" extension (Section 7.3.2.5.2). This message contains a "ClientKeyShare" value specified below.
Structure of each client key share for a particular group:
struct {
NamedGroup group;
opaque key_exchange;
} ClientKeyShareOffer;
group The named group for the key share offer. This identifies the
specific key exchange method that the ClientKeyShareOffer
describes. Finite Field Diffie-Hellman parameters are described
in Section 7.3.2.1; Elliptic Curve Diffie-Hellman parameters are
described in Section 7.3.2.2.
key_exchange Key exchange information. The contents (and the length) of this field
are determined by the value of NamedGroup entry and its corresponding definition.
Structure of a "ClientKeyShare" message:
struct {
ClientKeyShareOffer offers<0..2^16-1>;
} ClientKeyShare;
offers A list of ClientKeyShareOffer values.?
"
If the group finds that the proposed text is clearer than the current text, I will do a pull request.
Quynh.
________________________________
From: Eric Rescorla <ekr@rtfm.com>
Sent: Friday, January 16, 2015 1:18 PM
To: Dang, Quynh
Cc: Henrik Grubbström; tls@ietf.org
Subject: Re: [TLS] Singular or multiple NamedGroup(s) in the "HelloRetryRequest"
On Fri, Jan 16, 2015 at 9:59 AM, Dang, Quynh <quynh.dang@nist.gov<mailto:quynh.dang@nist.gov>> wrote:
Hi Eric and Henrik,
That would be fine. I just read the description of the "Client Key Share Message" again, It does not reflect the intent (to me); I found the description confusing, not clear.
That's too bad. If you have some editorial improvements, a pull request would
be appreciated.
Best,
-Ekr
Quynh.
________________________________________
From: Henrik Grubbström <grubba@gmail.com<mailto:grubba@gmail.com>>
Sent: Friday, January 16, 2015 11:44 AM
To: Dang, Quynh
Cc: Eric Rescorla; tls@ietf.org<mailto:tls@ietf.org>
Subject: Re: [TLS] Singular or multiple NamedGroup(s) in the "HelloRetryRequest"
On Fri, Jan 16, 2015 at 4:51 PM, Dang, Quynh <quynh.dang@nist.gov<mailto:quynh.dang@nist.gov>> wrote:
> If a client offers all of the options it supports and a server sends back
> one group out of these options, it would guarantee a failure.
It seems you've misunderstood; the client announces all named groups
that it supports in the named_group extension, but usually only
provides a subset of these in its ClientKeyShare message. Thus the
server can ask for a named group that the client supports but hasn't
provided a key share for in its HelloRetry.
/grubba
--
Henrik Grubbström grubba@grubba.org<mailto:grubba@grubba.org>
Roxen Internet Software AB grubba@roxen.com<mailto:grubba@roxen.com>
- [TLS] Singular or multiple NamedGroup(s) in the "… Dang, Quynh
- Re: [TLS] Singular or multiple NamedGroup(s) in t… Eric Rescorla
- Re: [TLS] Singular or multiple NamedGroup(s) in t… Dang, Quynh
- Re: [TLS] Singular or multiple NamedGroup(s) in t… Paul Hoffman
- Re: [TLS] Singular or multiple NamedGroup(s) in t… Eric Rescorla
- Re: [TLS] Singular or multiple NamedGroup(s) in t… Eric Rescorla
- Re: [TLS] Singular or multiple NamedGroup(s) in t… Henrik Grubbström
- Re: [TLS] Singular or multiple NamedGroup(s) in t… Dang, Quynh
- Re: [TLS] Singular or multiple NamedGroup(s) in t… Eric Rescorla
- Re: [TLS] Singular or multiple NamedGroup(s) in t… Dang, Quynh