Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24]
Ion Larranaga Azcue <ilarra@s21sec.com> Sun, 01 April 2018 10:00 UTC
Return-Path: <ilarra@s21sec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D04AA120727; Sun, 1 Apr 2018 03:00:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level:
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tlPuCncBHsPI; Sun, 1 Apr 2018 03:00:56 -0700 (PDT)
Received: from mail.ssi.pt (mail1.ssi.pt [195.23.55.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7F2C1205D3; Sun, 1 Apr 2018 03:00:55 -0700 (PDT)
From: Ion Larranaga Azcue <ilarra@s21sec.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Eric Rescorla <ekr@rtfm.com>
CC: General Area Review Team <gen-art@ietf.org>, "Dale R. Worley" <worley@ariadne.com>, IETF discussion list <ietf@ietf.org>, "draft-ietf-tls-tls13.all@ietf.org" <draft-ietf-tls-tls13.all@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24]
Thread-Index: AQHTyPZh/Bj0e6slEEedOHrlGtKOJKPrUiUAgAA5pSD///RaAIAALNwQgAABZWY=
Date: Sun, 01 Apr 2018 10:00:53 +0000
Message-ID: <1522576853459.77882@s21sec.com>
References: <CABcZeBNB50jY1odzgVZVKqn8F7TCj1b+A_95yG6f=Nde0KVv+g@mail.gmail.com>, <1522560535687.32559@cs.auckland.ac.nz>, <1522569526813.65723@s21sec.com>, <1522570413761.44728@cs.auckland.ac.nz>,<1522576530994.95464@s21sec.com>
In-Reply-To: <1522576530994.95464@s21sec.com>
Accept-Language: es-ES, pt-PT, en-US
Content-Language: es-ES
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.228.250.16]
x-exclaimer-md-config: 006f0bbf-7968-42ed-bdf3-292cea52a85c
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FQ3Jvwgu6BcIFbgiqYPgaQ3-Xk0>
Subject: Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Apr 2018 10:00:58 -0000
Anyway, I don't mean I'm against the idea of the extended errors extensions... Only that let's not take it lightly. It can be a good debugging tool but also a risky one. ________________________________________ De: TLS <tls-bounces@ietf.org> en nombre de Ion Larranaga Azcue <ilarra@s21sec.com> Enviado: domingo, 1 de abril de 2018 11:55 Para: Peter Gutmann; Eric Rescorla Cc: General Area Review Team; Dale R. Worley; IETF discussion list; draft-ietf-tls-tls13.all@ietf.org; <tls@ietf.org> Asunto: Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24] Of course not. I mean an attacker who is specially interested in this server and knows that someone has requested a debug window on it. ________________________________________ De: Peter Gutmann <pgut001@cs.auckland.ac.nz> Enviado: domingo, 1 de abril de 2018 10:14 Para: Ion Larranaga Azcue; Eric Rescorla Cc: IETF discussion list; General Area Review Team; draft-ietf-tls-tls13.all@ietf.org; Dale R. Worley; <tls@ietf.org> Asunto: Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24] Ion Larranaga Azcue <ilarra@s21sec.com> writes: >And for the malicious user that, knowing the server is currently in debug >mode and returning extended errors, can more easily perform attacks on it... If there's someone on the Internet who can scan every TLS server on the planet once a minute to see a brief debug window open up, and then perform something like a million-message-attack using a single debug message, then they're kinda wasting their abilities in attacking TLS servers... Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] Expanded alert codes. [Was Re: Genart last … Eric Rescorla
- Re: [TLS] Expanded alert codes. [Was Re: Genart l… Peter Gutmann
- Re: [TLS] Expanded alert codes. [Was Re: Genart l… Ion Larranaga Azcue
- Re: [TLS] Expanded alert codes. [Was Re: Genart l… Peter Gutmann
- Re: [TLS] Expanded alert codes. [Was Re: Genart l… Ion Larranaga Azcue
- Re: [TLS] Expanded alert codes. [Was Re: Genart l… Ion Larranaga Azcue
- Re: [TLS] Expanded alert codes. [Was Re: Genart l… Eric Rescorla
- Re: [TLS] Expanded alert codes. [Was Re: Genart l… Dale R. Worley
- Re: [TLS] Expanded alert codes Peter Gutmann
- Re: [TLS] Expanded alert codes Ion Larranaga Azcue
- Re: [TLS] Expanded alert codes Peter Gutmann
- Re: [TLS] Expanded alert codes Hubert Kario
- Re: [TLS] Expanded alert codes Eric Rescorla