IETF Logo Mail Archive

Re: [TLS] TLS1.2 vs TLS1.0

"Kemp, David P." <DPKemp@missi.ncsc.mil> Thu, 23 May 2013 19:57 UTC

Return-Path: <DPKemp@missi.ncsc.mil>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCE1121F95D7 for <tls@ietfa.amsl.com>; Thu, 23 May 2013 12:57:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m1fpBF-8KLm4 for <tls@ietfa.amsl.com>; Thu, 23 May 2013 12:57:22 -0700 (PDT)
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by ietfa.amsl.com (Postfix) with ESMTP id 5118421F8EE8 for <tls@ietf.org>; Thu, 23 May 2013 12:18:18 -0700 (PDT)
Received: from clavin.missi.ncsc.mil (odysseus.missi.ncsc.mil [144.51.60.172]) by stingray.missi.ncsc.mil with ESMTP id r4NJIHrD029590 for <tls@ietf.org>; Thu, 23 May 2013 15:18:17 -0400 (EDT)
Received: from SQUID.missi.ncsc.mil ([fe80::e032:d4c7:c51f:85ec]) by odysseus.missi.ncsc.mil ([144.51.60.172]) with mapi id 14.03.0123.003; Thu, 23 May 2013 15:18:17 -0400
From: "Kemp, David P." <DPKemp@missi.ncsc.mil>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] TLS1.2 vs TLS1.0
Thread-Index: AQHOVZs53iDEMC3avE2NikpA/eST2pkP618AgAADxICAAAoOAIAAh5aAgAG2dYCAAAqqgIAA2xOA
Date: Thu, 23 May 2013 19:18:16 +0000
Message-ID: <5B1D7E570380A64989D4C069F7D14BC8880645BF@SQUID.missi.ncsc.mil>
References: <CABcZeBM+BpP8USk6MNMUp3NMYB8jgOcvB8+oKpQnte7AnFJAKQ@mail.gmail.com> <20130523005145.1C3DC1A76F@ld9781.wdf.sap.corp> <CABcZeBMJDfiHKgNcVHAHwi22PwX__JS8qo+5--vTBbcTo2hWAg@mail.gmail.com>
In-Reply-To: <CABcZeBMJDfiHKgNcVHAHwi22PwX__JS8qo+5--vTBbcTo2hWAg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [144.51.56.20]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] TLS1.2 vs TLS1.0
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 May 2013 19:57:37 -0000

There is no contradiction - in both sections a record with a bad MAC MUST be discarded.

4.1.2.1 specifies two subcases of discarding: do nothing else (silently discard) or discard then alert/terminate).  Those subcases do not conflict with 4.1.2.5.

I disagree with the SHOULD in 4.1.2.1, because that says the IETF disapproves of generating fatal alerts.  Unless there is good justification for saying applications SHOULD NOT alert and terminate, the SHOULD should be MAY.

Logging is independent of processing, not a third alternative.  Silently discard (with or without logging) is one processing action, and alert and terminate (with or without logging) is the other.  "Bad MAC discard without logging" is not a separate action from "Bad MAC discard with logging".  "Bad MAC discard" is a single action with some level (debug/info/error) that may or may not result in a log record being generated.

Dave

-----Original Message-----
From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Eric Rescorla
Sent: Wednesday, May 22, 2013 9:30 PM
To: mrex@sap.com
Cc: tls@ietf.org
Subject: Re: [TLS] TLS1.2 vs TLS1.0




On Wed, May 22, 2013 at 5:51 PM, Martin Rex <mrex@sap.com> wrote:


	Eric Rescorla wrote:
	> Martin Rex <mrex@sap.com> wrote:
	> >
	> > Paterson, Kenny wrote:
	> > >
	
	> > > True. Though the spec for DTLS does allow DTLS implementations to
	> > > terminate a connection in the event of errors.
	> > >
	> > > It's just that most (all?) implementations don't.
	> >
	> > Now that you mention it, I hadn't noticed that DTLS gives actual two
	> > _different_ guidances (MAY abort on MAC error and MUST discard records
	> > with MAC error are mutually exclusive)
	> >
	> > http://tools.ietf.org/html/rfc4347#section-4.1.2.1
	> >
	> >    4.1.2.1  MAC  (last paragraph):
	> >
	> >    In general, DTLS implementations SHOULD silently discard data with
	> >    bad MACs.  If a DTLS implementation chooses to generate an alert when
	> >    it receives a message with an invalid MAC, it MUST generate
	> >    bad_record_mac alert with level fatal and terminate its connection
	> >    state.
	> >
	> > http://tools.ietf.org/html/rfc4347#section-4.1.2.5
	> >
	> >    4.1.2.5  Anti-replay  (last paragraph):
	> >
	> >    If the received record falls within the window and is new, or if the
	> >    packet is to the right of the window, then the receiver proceeds to
	> >    MAC verification.  If the MAC validation fails, the receiver MUST
	> >    discard the received record as invalid.  The receive window is
	> >    updated only if the MAC verification succeeds.
	> >
	>
	> Hmm.... I'm not sure these are contradictory.
	>
	> If you get a packet with a MAC error you MUST discard the packet (i.e.,
	> not process it.) You may either *silently* discard it (i.e.., proceed as if
	> you had not received it) or terminate the connection with an alert.
	
	
	Silently discarding it     = proceed as if you had not received it
	
	non-silently discarding it = log an error and proceed as if you had not
	                             not received it
	
	Terminating the connection with an alert means "processing it".
	


Unsurprisingly, I don't agree with this interpretation.

-Ekr

v2.23.0 | Report a Bug | By Email