Re: [TLS] Suspicious behaviour of TLS server implementations

"Andreas Walz" <andreas.walz@hs-offenburg.de> Wed, 21 September 2016 09:45 UTC

Return-Path: <andreas.walz@hs-offenburg.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A656D12B133 for <tls@ietfa.amsl.com>; Wed, 21 Sep 2016 02:45:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.315
X-Spam-Level:
X-Spam-Status: No, score=-4.315 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-2.316] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hs-offenburg.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H4Xk2X3OhgaR for <tls@ietfa.amsl.com>; Wed, 21 Sep 2016 02:45:20 -0700 (PDT)
Received: from mx.hs-offenburg.de (mx.hs-offenburg.de [141.79.11.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E6612B029 for <tls@ietf.org>; Wed, 21 Sep 2016 02:45:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx.hs-offenburg.de (Postfix) with ESMTP id E6E34E7F33B for <tls@ietf.org>; Wed, 21 Sep 2016 11:45:16 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hs-offenburg.de; h=content-type:content-type:mime-version:in-reply-to:references :subject:subject:from:from:date:date:x-mailer:message-id :received:received:received; s=default; t=1474451116; x= 1475315117; bh=JwNnif3L/5NDSBL1G5sCwFh2s71KxKUi+JhE4mT0J9U=; b=b G5snXJipfUQpSqX4rGyUDYM/4Em98xe0puL26I8M8rhuXT5iUZu2MULRIj5q8Lcz 54YUiOaV58dR8ZNZTVWO6W65qOk378Ow9XhoKllnAFxMXcaLxuxP1EcPdAyu9rH7 s3sWRaj3uqbCrAZfHXZjCed+kQoRkt5qkHNATaNx7I=
X-Virus-Scanned: amavisd-new at hs-offenburg.de
Received: from mx.hs-offenburg.de ([127.0.0.1]) by localhost (mx.hs-offenburg.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a3_oGeO5Zmb2 for <tls@ietf.org>; Wed, 21 Sep 2016 11:45:16 +0200 (CEST)
Received: from gwia2.rz.hs-offenburg.de (gwia2.rz.hs-offenburg.de [141.79.10.30]) by mx.hs-offenburg.de (Postfix) with ESMTPS id 334FFE7F32E for <tls@ietf.org>; Wed, 21 Sep 2016 11:45:16 +0200 (CEST)
Received: from gw_dom-gwia2-MTA by gwia2.rz.hs-offenburg.de with Novell_GroupWise; Wed, 21 Sep 2016 11:45:16 +0200
Message-Id: <57E272CB020000AC0011BF63@gwia2.rz.hs-offenburg.de>
X-Mailer: Novell GroupWise Internet Agent 14.2.1
Date: Wed, 21 Sep 2016 11:45:15 +0200
From: Andreas Walz <andreas.walz@hs-offenburg.de>
To: martin.thomson@gmail.com
References: <57D2E218020000AC0011B17E@gwia2.rz.hs-offenburg.de> <20160909152901.9008C1A552@ld9781.wdf.sap.corp> <1473853106532.3256@cs.auckland.ac.nz> <57D96E34020000AC0011B73F@gwia2.rz.hs-offenburg.de> <57E25106020000AC0011BF3A@gwia2.rz.hs-offenburg.de> <CABkgnnX7X+21wjChxkW-uhd8WXAMyp5f1F74H5ja=1mui4POiQ@mail.gmail.com>
In-Reply-To: <CABkgnnX7X+21wjChxkW-uhd8WXAMyp5f1F74H5ja=1mui4POiQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=__Part300688BB.2__="
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/I_GijEfOpWrP4FAmWmXkLkWEi_Y>
Cc: tls@ietf.org
Subject: Re: [TLS] Suspicious behaviour of TLS server implementations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2016 09:45:25 -0000

Ok, thanks. This is close to my sense of it. Actually, I wasn't aware of the fact that
 the TLS 1.3 draft now  explicitly addresses this in the Presentation Language section:

     "Peers which receive a message which cannot be parsed according to the syntax
     (e.g., have a length extending beyond the message boundary or contain an
     out-of-range
length) MUST terminate the connection with a "decoding_error" alert."

Cheers,
Andi


>>> Martin Thomson <martin.thomson@gmail.com> 09/21/16 9:25 AM >>>
On 21 September 2016 at 17:21, Andreas Walz
<andreas.walz@hs-offenburg.de> wrote:
> Do you see any argument why ignoring such trailing data would be acceptable
> (or even desirable)?

No.

Well, we exploited that to add extensions to the protocol once, so I
won't categorically rule it out, but in the case of
supported_groups/supported_curves, no good can come of ignoring
rubbish.  Of course, it's hard to point to this being harmful as well
:)