Re: [TLS] Connection ID in TLS

Benjamin Kaduk <kaduk@mit.edu> Tue, 20 March 2018 23:57 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96CFF1205F0 for <tls@ietfa.amsl.com>; Tue, 20 Mar 2018 16:57:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.789
X-Spam-Level:
X-Spam-Status: No, score=0.789 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_SUMOF=5, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LLIJK271-VOQ for <tls@ietfa.amsl.com>; Tue, 20 Mar 2018 16:57:48 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 319DB1200B9 for <TLS@ietf.org>; Tue, 20 Mar 2018 16:57:48 -0700 (PDT)
X-AuditID: 1209190e-b47ff70000003980-d0-5ab19ffa6ee2
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 40.29.14720.BFF91BA5; Tue, 20 Mar 2018 19:57:47 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w2KNvjXh027707; Tue, 20 Mar 2018 19:57:46 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w2KNvgV4025790 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 20 Mar 2018 19:57:44 -0400
Date: Tue, 20 Mar 2018 18:57:42 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: John Mattsson <john.mattsson@ericsson.com>
Cc: Stephen Checkoway <s@pahtak.org>, "TLS@ietf.org" <TLS@ietf.org>
Message-ID: <20180320235742.GW55745@kduck.kaduk.org>
References: <1C32782E-02E4-4743-9E26-E5C0593C1BCF@ericsson.com> <6964A867-2406-4190-AFFE-E52C15A10A8A@pahtak.org> <EF62879E-C621-4E51-8006-727328E69BF7@ericsson.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <EF62879E-C621-4E51-8006-727328E69BF7@ericsson.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprPKsWRmVeSWpSXmKPExsUixCmqrPt7/sYogyM/+SxOzdzNZPHm6CYm i0/nuxgdmD1+fb3K5rFkyU8mj65Fn1gCmKO4bFJSczLLUov07RK4Mrp+fWUvmCtW0Tt5G3sD 41WBLkZODgkBE4kFmy4zg9hCAouZJKbPMeli5AKyNzJKHFl/ghXCucoksaVjNxNIFYuAqsTd H+vZQWw2ARWJhm6IbhEBPYlTbS8ZQWxmAWeJSd+vsYDYwgLqEncONYDV8wJtmzbnHxvE0JWM EvdnnmGGSAhKnJz5hAWiWV3iz7xLQHEOIFtaYvk/DoiwvETz1tlg5ZwCDhL/f/1nBbFFBZQl 9vYdYp/AKDgLyaRZSCbNQpg0C8mkBYwsqxhlU3KrdHMTM3OKU5N1i5MT8/JSi3SN9XIzS/RS U0o3MYJDXZJvB+OkBu9DjAIcjEo8vBMkNkYJsSaWFVfmHmKU5GBSEuUNVAQK8SXlp1RmJBZn xBeV5qQWH2KU4GBWEuE9FAGU401JrKxKLcqHSUlzsCiJ87qbaEcJCaQnlqRmp6YWpBbBZGU4 OJQkeO2BMS0kWJSanlqRlplTgpBm4uAEGc4DNDwBpIa3uCAxtzgzHSJ/itGY48/Dl23MHDde vG5jFmLJy89LlRLn7QApFQApzSjNg5sGSlcS2ftrXjGKAz0nzHtyHlAVDzDVwc17BbSKCWhV 9swNIKtKEhFSUg2MvnUprLVT4t7t/F93UaFxeUhV/OzciaK3/rfuMWMOibAMSW+TvP57weyU gA+vz59aWyRz7+KvRxzL6kwZ1if/23Eiduf18s2/pi8+H3g2r+DgpW/2AhcynLhD0orSWCbf TjjS+q+ufK2sbYjZS8Octr6QgJNVigJ//4YfUD5W18R6Mbwz+kOwEktxRqKhFnNRcSIAq/Gi jDIDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ItZqjY1yXWfg77Imv9gsMQ4iY4Q>
Subject: Re: [TLS] Connection ID in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 23:57:49 -0000

The issue is that the "TLSCiphertext.length" is the same field as
the "uint16 length", so you are saying that this field has the value
of "cid_length plus itself", which is impossible in integers modulo
[a value larger than cid_length].  In the "formal" grammar, you'd
need to define a new field.

-Ben

On Tue, Mar 20, 2018 at 11:45:59PM +0000, John Mattsson wrote:
> Correct, I just copied pasted the length of the arrays, should be length = cid_length + encrypted_record.length.
> 
> The example was taken from draft-ietf-tls-tls13-27. If I understand correctly, It seems like the same circular definition is done there as well....
> 
> -----------------------------------------------------
>       struct {
>           ContentType opaque_type = application_data; /* 23 */
>           ProtocolVersion legacy_record_version = 0x0303; /* TLS v1.2 */
>           uint16 length;
>           opaque encrypted_record[TLSCiphertext.length];
>       } TLSCiphertext;
> -----------------------------------------------------
> 
> Shouldn't this be...
> 
> -----------------------------------------------------
>       struct {
>           ContentType opaque_type = application_data; /* 23 */
>           ProtocolVersion legacy_record_version = 0x0303; /* TLS v1.2 */
>           uint16 length;
>           opaque encrypted_record[encrypted_record.length];
>       } TLSCiphertext;
> -----------------------------------------------------
> 
> Does this mean the 
> ´╗┐On 2018-03-20, 19:29, "Stephen Checkoway" <s@pahtak.org>; wrote:
> 
>     
>     
>     > On Mar 20, 2018, at 11:38, John Mattsson <john.mattsson@ericsson.com>; wrote:
>     > 
>     > I think Connection ID is an important enabler for end-to-end security with (D)TLS. There seems to be important use cases for connection ID in TLS as well, see https://www.ietf.org/mailman/listinfo/atlas. At the Monday afternoon TLS session, it was stated that Connection ID in TLS was unemployable in the wild due to middleboxes. Couldn't that be solved by placing the cid field after the length field? E.g.
>     > 
>     >   struct {
>     >      ContentType opaque_type = application_data; /* 23 */
>     >      ProtocolVersion legacy_record_version = 0x0303; /* TLS v1.2 */
>     >      uint16 length;
>     >      opaque cid[cid_length];               // New field
>     >      opaque encrypted_record[TLSCiphertext.length];
>     >   } TLSCiphertext;
>     > 
>     >   length  The sum of cid_length and TLSCiphertext.length
>     
>     This defines length in terms of itself since length is TLSCiphertext.length.
>     
>     -- 
>     Stephen Checkoway
>     
>     
>     
>     
>     
>     
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls