IETF Logo Mail Archive

Re: [TLS] close_notify and TLS 1.3

David Schinazi <dschinazi@apple.com> Sun, 12 November 2017 01:24 UTC

Return-Path: <dschinazi@apple.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDF73128B88 for <tls@ietfa.amsl.com>; Sat, 11 Nov 2017 17:24:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5vgDBUudCzo4 for <tls@ietfa.amsl.com>; Sat, 11 Nov 2017 17:24:31 -0800 (PST)
Received: from mail-in2.asia.apple.com (mail-out.asia.apple.com [17.82.254.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57AD51271FD for <tls@ietf.org>; Sat, 11 Nov 2017 17:24:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1510449868; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=1nki0P2+WRoNM4+JcahB//+mpYswXb4SFMZZKxkMJyI=; b=D1ypzUZLqVVQc1WX9NHlRrqZ4i7yoLXeowRWnaQ1nri+iYkqywq2XFYC6xP92auV S1nUo2NwXfRpapFUID6uKkwP8nfOI4FHo6NmPRnwU8v3lJRhgwobYgPOKScojhhh 01HdWsAD9LbtMLWSFRCoHI7N+elQOHHqFjEt/caVVMJWpX6Eeo0w5ZFawh2GGJ3k OgQRS1xholjoOH9M0ipQ90kreW5e48zE5Bs4dkIItTRIi7F2fS+oPjqBAGJ4jKhJ AqYyCGyBogLH1dkf2ZFbI+e2RwqnhGzRdM4cDudLXlnv5bKqqiJPBv7D2H4LRnBw s999Kz1JHFcftikd27yeQw==;
Received: from relay2.asia.apple.com ( [17.82.200.16]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail-in2.asia.apple.com (Apple Singapore Mail Gateway) with SMTP id 91.20.05091.CC2A70A5; Sun, 12 Nov 2017 09:24:28 +0800 (MYT)
X-AuditID: 1152fe06-5e5ff700000013e3-50-5a07a2cc7810
Received: from mmp3.asia.apple.com ( [17.84.76.250]) by relay2.asia.apple.com (Apple Singapore relay) with SMTP id 39.60.31851.CC2A70A5; Sun, 12 Nov 2017 09:24:28 +0800 (MYT)
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_G0vADIm6elDlz6QiWbIMQw)"
Received: from [IPv6:2001:67c:370:1998:e0f4:6d59:e5c5:47fd] (nat64-46.meeting.ietf.org [31.130.238.70]) by mmp3.asia.apple.com (Oracle Communications Messaging Server 8.0.1.3.20170825 64bit (built Aug 25 2017)) with ESMTPSA id <0OZA00EGZ6KRJE20@mmp3.asia.apple.com>; Sun, 12 Nov 2017 09:24:28 +0800 (SGT)
Sender: dschinazi@apple.com
From: David Schinazi <dschinazi@apple.com>
Message-id: <EA54B9E6-A6A2-447D-B7CF-ADF5F9D07966@apple.com>
Date: Sun, 12 Nov 2017 09:24:28 +0800
In-reply-to: <CABcZeBPHGNHBtx4c3=jPS8-PJDHF3E608KoDswJucbaiFFkYwg@mail.gmail.com>
Cc: David Benjamin <davidben@chromium.org>, "tls@ietf.org" <tls@ietf.org>
To: Eric Rescorla <ekr@rtfm.com>
References: <A6C599ED-3F3D-462F-9B39-1FEF6A0B549B@apple.com> <CABkgnnU3OuzEm2gF6BYif4c0evAfzUYH-PpxoERD9xFEosQ_oQ@mail.gmail.com> <CAF8qwaB2fXoiy8RLdg9Kc+5xAoCgU2JkoHXw8H-xSsEXMWWgXg@mail.gmail.com> <CABcZeBPHGNHBtx4c3=jPS8-PJDHF3E608KoDswJucbaiFFkYwg@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.1.6)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrNLMWRmVeSWpSXmKPExsUiGHRCQPfMIvYog0MzDC12fzW1WPH6HLvF p/NdjA7MHrMbLrJ4LFnyk8lj8uM25gDmKC6blNSczLLUIn27BK6Ms6evsxScyajo+qfbwPgm oouRk0NCwERi7/0Wpi5GLg4hgZVMEnvbD7HBJL6eucgIkdjAKPH6WxMjSIJXQFDix+R7LCA2 s0CYxKlvd6CKdjFJfP73AaxbWEBaouvCXdYuRg4ONgEtiQNrjCB6bSQ2v3vKDlGiLbG+6SUT SAmLgKrEl39g4zkFgiVW/1nBBjHeU+Lbq01MILaIgILErz8nWCBWTWSSuP5gGzPEoYoSR2bO YQZJSAisYZM4POEc6wRGoVlIbp2F5NZZQPuYBdQlpkzJhQhrSzx5d4EVwlaTWPh7EROy+AJG tlWM4rmJmTm6mXlGeonFmYl6iQUFOal6yfm5mxjBUfKPbQfjgteGhxgFOBiVeHhPTGGPEmJN LCuuzD3EKMHBrCTCWyIEFOJNSaysSi3Kjy8qzUktPsQozcGiJM7bG/kpUkggPbEkNTs1tSC1 CCbLxMEp1cC4+9J6PYGjlzg27Ak/0e9uMMOD5W3CmyO3bZ4/vPtG7uO81l8SPcm6quuSYkW8 drbduPPP7PgG0QKD1uYlXw1mKzoZnQxvb0hfnKill2svcNza06p85W/16vIv8hOL3S7fZ2ER XMKzsrEnvVyi48/6Iwd0Dz77eIdJ7mi5JlPOmRaeWU05hf5KLMUZiYZazEXFiQB26Z0LjgIA AA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrMLMWRmVeSWpSXmKPExsUiGOLzS/fMIvYog7cbNCx2fzW1WPH6HLvF p/NdjA7MHrMbLrJ4LFnyk8lj8uM25gDmKC6blNSczLLUIn27BK6Ms6evsxScyajo+qfbwPgm oouRk0NCwETi65mLjF2MXBxCAhsYJV5/a2IESfAKCEr8mHyPBcRmFgiTOPXtDlTRLiaJz/8+ sIEkhAWkJbou3GXtYuTgYBPQkjiwxgii10Zi87un7BAl2hLrm14ygZSwCKhKfPkHNp5TIFhi 9Z8VbBDjPSW+vdrEBGKLCChI/PpzggVi1UQmiesPtjFDHKoocWTmHOYJjPyzkJw3C8l5s4BW MAuoS0yZkgsR1pZ48u4CK4StJrHw9yImZPEFjGyrGEWLUnMSK430EoszE/USCwpyUvWS83M3 MYKCOuiEwA7GWYcMDjEKcDAq8fCemMIeJcSaWFZcmXuIUYKDWUmEt0QIKMSbklhZlVqUH19U mpNafIhRmoNFSZxXM+pTpJBAemJJanZqakFqEUyWiYNTqoHRe1njx7RrCwOtytRmSJ3eObNu 8om0Vkul7UWXrzaVbwvwaZQXX7X736mtSg859GeuKwxmmDtx72LmV1ML1F96Hf3M/q9C5XJU 6u+Q2Xmc1T4CBxO9IoR4wne/YDj5k1Pv5qFbmy6HKh9Q29xruzytRaG4Kv9Dz5TafadD9kWJ x5yUbrg9//ZsJZbijERDLeai4kQAgTzWqWYCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FmJUc9OzVyzqo1ZbTZ-0fxdd9go>
Subject: Re: [TLS] close_notify and TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Nov 2017 01:24:34 -0000

Thanks for checking gents!

Would you like me to send a PR?

David


> On Nov 12, 2017, at 09:13, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> Initial inspection suggests that NSS behaves the same way, so I would be fine with this change.
> 
> -Ekr
> 
> 
> On Sat, Nov 11, 2017 at 3:46 PM, David Benjamin <davidben@chromium.org <mailto:davidben@chromium.org>> wrote:
> I think this change is a good idea.
> 
> Our implementation actually does this already anyway. We are happy to continue servicing writes even when the read half has consumed a close_notify. I believe we inherited this behavior from OpenSSL, so it should be there too. Go's crypto/tls implementation appears to also already do this.
> 
> We don't have a particular need for the half-close semantics that I know of, but I don't care for the current spec text (it requires yet another undesirable read/write sync point). Aligning with TCP's semantics is also generally a good default.
> 
> On Sat, Nov 11, 2017 at 11:18 PM Martin Thomson <martin.thomson@gmail.com <mailto:martin.thomson@gmail.com>> wrote:
> This seems like it might be worth looking at.  This seems to be
> something that harks back to SSL3 or even earlier.  We aren't going to
> make it so that you can rely on this behaviour, but we might be able
> to make it possible to half-close, which for new protocols using TLS
> could be hugely useful.
> 
> On Sat, Nov 11, 2017 at 5:21 PM, David Schinazi <dschinazi@apple.com <mailto:dschinazi@apple.com>> wrote:
> > Hello all,
> >
> > Currently TLS 1.3 specifies close_notify in the same way that TLS 1.2 did.
> > I believe that has issues and this might be the right time to fix them.
> > The purpose of close_notify is to protect against data truncation attacks,
> > each side is required to send close_notify before closing the write side of
> > the transport connection so the other side knows that the data was not
> > truncated.
> > As such, close_notify only needs half-close semantics to prevent truncation.
> >
> > However, the specification contains the following text:
> > << Each party MUST send a “close_notify” alert before closing the write side
> >     of the connection, unless some other fatal alert has been transmitted.
> >     The other party MUST respond with a “close_notify” alert of its own and
> > close
> >     down the connection immediately, discarding any pending writes. >>
> >
> > This means that an application-layer client can't send a query then close
> > their
> > write transport when they know that they're done, because the server would
> > terminate the TLS session before sending the reply. On top of this, when
> > the server receives the close_notify, it may have already sent part of the
> > reply
> > (or wrote it to the socket send buffer) so the responding close_notify would
> > in effect be inflicting a truncation attack on the client.
> >
> > This doesn't make much difference for HTTP because clients already
> > don't close their write transport after sending a reply, however having the
> > option do do this could allow innovation in new protocols that can define
> > the semantics of when they use close_notify. An example is DNS PUSH:
> > https://tools.ietf.org/html/draft-ietf-dnssd-push <https://tools.ietf.org/html/draft-ietf-dnssd-push>
> >
> > A proposal to solve this problem would be to give close_notify half-close
> > semantics: we keep the requirements that a close_notify be sent before
> > closing the transport, and that any data received after a close_notify is
> > ignored, but we simply remove the requirement to immediately reply
> > with a close_notify. This has the advantage that current implementations
> > are already compliant but future ones can leverage this improvement.
> >
> > What do you think? Is this worth discussing on Thursday?
> >
> > Thanks,
> > David Schinazi
> >
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org <mailto:TLS@ietf.org>
> > https://www.ietf.org/mailman/listinfo/tls <https://www.ietf.org/mailman/listinfo/tls>
> >
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org <mailto:TLS@ietf.org>
> https://www.ietf.org/mailman/listinfo/tls <https://www.ietf.org/mailman/listinfo/tls>
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org <mailto:TLS@ietf.org>
> https://www.ietf.org/mailman/listinfo/tls <https://www.ietf.org/mailman/listinfo/tls>
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email