IETF Logo Mail Archive

Re: [TLS] Server validation of a second ClientHello

Hubert Kario <hkario@redhat.com> Wed, 13 February 2019 19:37 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4163012E036 for <tls@ietfa.amsl.com>; Wed, 13 Feb 2019 11:37:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T6D21NzmbjmQ for <tls@ietfa.amsl.com>; Wed, 13 Feb 2019 11:37:44 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF752129532 for <tls@ietf.org>; Wed, 13 Feb 2019 11:37:44 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8113789AD9; Wed, 13 Feb 2019 19:37:43 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (unknown [10.43.21.83]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5F01C5D9C6; Wed, 13 Feb 2019 19:37:42 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Martin Thomson <mt@lowentropy.net>, "<tls@ietf.org>" <tls@ietf.org>
Date: Wed, 13 Feb 2019 20:37:41 +0100
Message-ID: <3869497.s3jJ9zoz9Q@pintsize.usersys.redhat.com>
In-Reply-To: <CABcZeBOWu9_DLqRUqROjPR7MViDcdeWWuooCf=uWGKkt+TKhLQ@mail.gmail.com>
References: <1549596678.898774.1653407000.2B2ACE8E@webmail.messagingengine.com> <1676094.U5iVg0WcKh@pintsize.usersys.redhat.com> <CABcZeBOWu9_DLqRUqROjPR7MViDcdeWWuooCf=uWGKkt+TKhLQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart3141772.xzWd99NtH6"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 13 Feb 2019 19:37:43 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/G4uiD04ynIFoGWJJdd9a6yr9Fgk>
Subject: Re: [TLS] Server validation of a second ClientHello
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 19:37:47 -0000

On Wednesday, 13 February 2019 20:01:10 CET Eric Rescorla wrote:
> On Wed, Feb 13, 2019 at 10:23 AM Hubert Kario <hkario@redhat.com> wrote:
> > On Wednesday, 13 February 2019 17:31:52 CET Eric Rescorla wrote:
> > > On Wed, Feb 13, 2019 at 7:39 AM Hubert Kario <hkario@redhat.com> wrote:
> > > > On Wednesday, 13 February 2019 15:39:03 CET Eric Rescorla wrote:
> > > > > I'n not sure I understand your question, but I'll try to answer what
> > 
> > I
> > 
> > > > > think it says.
> > > > > 
> > > > > 1. I do think that whether you continue the connection or abort it
> > 
> > is an
> > 
> > > > > implementation decision and I think that the way the spec is written
> > > > > says
> > > > > that.
> > > > > 2. I think the spec leaves open whether you should use the first or
> > > > > second
> > > > > values, but I think implementations should use the second value.
> > > > > It's
> > > > > not
> > > > > clear why one would want to use the first.
> > > > 
> > > > because you have already parsed, verified and sanity-checked the first
> > > > hello,
> > > > you already decided what kind of parameters will the connection use
> > > > and
> > > > you're
> > > > expecting just the values that can change to change and ignoring
> > > > everything
> > > > else, thus not wasting cycles on verifying the extensions twice...
> > > > 
> > > > so it's not clear to me why you'd ever want to use the second one
> > > 
> > > Well, clearly views differ on this, then.
> > 
> > yes, that was my point, and the reason why I'd like to see clarification
> > or
> > agreement on expected behaviour
> > 
> > 
> > so if my understanding is correct, to do that, we would need to agree on a
> > new
> > RFC that clarifies such issues
> 
> I'm not so sure.

I said "I'd like", yes, I am aware that not everybody shares my views on those 
topics, but *if* we reach a conclusion and decide to update/clarify RFC 8446, 
it would require publishing a new RFC (depending on intrusiveness of it, it 
may be just "Informational" or it may need to be "Standards Track", with 
everything that it entails), wouldn't it?
 
> - I don't think that the specification ought to require checking and/or not
> checking.
> - I don't think it should require using the first CH, and unsure whether we
> should require use of the second CH, but it doesn't sound like there's
> consensus on that.

it all depends on your threat model, if leaking information which kind of 
implementation you are running is useful information to the attacker, then 
having multiple implementations that are indistinguishable on protocol level 
may be very desirable

and in this specific example of record_size_limit, lack of agreement over 
extension from which Client Hello takes precedence will easily lead to 
interoperability failures

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

v2.23.0 | Report a Bug | By Email