IETF Logo Mail Archive

Re: [TLS] First TLS cached information draft posted

Simon Josefsson <simon@josefsson.org> Fri, 05 June 2009 11:38 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC7BA3A6CBA for <tls@core3.amsl.com>; Fri, 5 Jun 2009 04:38:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nwyxYOgim+BU for <tls@core3.amsl.com>; Fri, 5 Jun 2009 04:38:29 -0700 (PDT)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id 81C2F3A6BA8 for <TLS@ietf.org>; Fri, 5 Jun 2009 04:38:28 -0700 (PDT)
Received: from mocca.josefsson.org (c80-216-29-127.bredband.comhem.se [80.216.29.127]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5) with ESMTP id n55BcO9G024881 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 5 Jun 2009 13:38:27 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Stefan Santesson <stefan@aaa-sec.com>
References: <C64DD3D3.2714%stefan@aaa-sec.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:090605:tls@ietf.org::DcPCVVl5lPHNI9wR:EHFX
X-Hashcash: 1:22:090605:stefan@aaa-sec.com::tymxI0ax7Y2GLcsG:kP8B
Date: Fri, 05 Jun 2009 13:38:24 +0200
In-Reply-To: <C64DD3D3.2714%stefan@aaa-sec.com> (Stefan Santesson's message of "Thu, 04 Jun 2009 19:41:07 +0200")
Message-ID: <87fxeerjv3.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Cc: TLS wg <TLS@ietf.org>
Subject: Re: [TLS] First TLS cached information draft posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2009 11:38:30 -0000

Stefan Santesson <stefan@aaa-sec.com> writes:

> I have finally incorporated the agreed changes to what previously was called
> the cached certs extension, now changed to the cached information extension,
> and submitted the first (00) TLS draft.
>
> The draft is available from the following staging URL until it¹s made
> available as a TLS draft.
> http://www.ietf.org/proceedings/staging/draft-ietf-tls-cached-info-00.txt

I support this.  I've seen 40kb handshakes due to the server return a
list of acceptable CAs, and that has generated some interop problems
with GnuTLS [1].

The document appears to be in good shape.  I believe I could implement
the document if two (minor) concerns were resolved.

First, this paragraph:

   Servers that receive an extended client hello containing a
   "cached_information" extension, MAY indicate that they support one or
   more of the cached information objects by including an extension of
   type "cached_information" in the (extended) server hello, which SHALL
   contain at least one CachedObject received from the client.

The intention here appears under-specified.  What does it mean if the
client sent two CachedObject's and the server just returned one of them?
One plausible interpretation would be that the server did not support
the hash/type-combination that were not returned.  Enforcing that
interpretation is needed to resolve my second concern.

I suggest to add a sentence:

   The CachedObject's returned by the server MUST include the types the
   server supports and has accepted to replace with cached data.

Secondly, this paragraph:

   After negotiation of the use of cached certificates has been
   successfully completed (by exchanging hello messages including
   "cached_certs" extensions), the server MAY replace the cached
   information objects in its handshake messages with a corresponding
   hash_value from CachedInformationHash that was included in the
   cached_information extension of the server hello message.

Why a MAY here?  How would a client distinguish whether the server did
replace the data or not?  Why not use the extended server hello to
return the supported types (as suggested above)?  This appears to add
complexity for no particular reason, at least as far as I can
understand.

I suggest to replace MAY with MUST here.

Thanks,
/Simon

[1] GnuTLS refuses large handshakes due to DoS concerns, and we had to
increase the limit.

v2.23.0 | Report a Bug | By Email