IETF Logo Mail Archive

Re: [TLS] TLSFlags ambiguity

David Benjamin <davidben@chromium.org> Mon, 18 March 2024 07:36 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E0B4C14F693 for <tls@ietfa.amsl.com>; Mon, 18 Mar 2024 00:36:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.258
X-Spam-Level:
X-Spam-Status: No, score=-14.258 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hurPMgqqaugU for <tls@ietfa.amsl.com>; Mon, 18 Mar 2024 00:35:56 -0700 (PDT)
Received: from mail-yw1-x1134.google.com (mail-yw1-x1134.google.com [IPv6:2607:f8b0:4864:20::1134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7533FC151099 for <tls@ietf.org>; Mon, 18 Mar 2024 00:35:36 -0700 (PDT)
Received: by mail-yw1-x1134.google.com with SMTP id 00721157ae682-609f1f97864so43774227b3.0 for <tls@ietf.org>; Mon, 18 Mar 2024 00:35:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1710747335; x=1711352135; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=bM57E6KnT69IQmRdGp/JxHvylu9ak3/wpuG6cFkEKh8=; b=jcKbcOlimoqcaLZ4fHWF4qlHEbyhCunyQlP0kjkqtn/weGaJCjSPsIm2PdAZ2mQdy2 G77rSJfKJUum2QkCYS5zGMsKTOtTcQG9okxLR2zyFUaGeXSEI60OjreMduycb4RBPCjx EKY/Nft+19aZ8aBHu4+2unkf5gC7wcDR0FYnU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710747335; x=1711352135; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=bM57E6KnT69IQmRdGp/JxHvylu9ak3/wpuG6cFkEKh8=; b=Trv/Mjv94iySFbiB6MGf6d9lqAQE7ChARYqr98CKN3dU1K2lpeTvdME+PX1QALgnn6 c0WTAT7WYaC8NpKscT3vG6d2oTkWbRy+BcIy/nNUAlVS9T+XZ0F6Pungu7uhmlUTyXw5 rMyot5nEM9qqp9UnW3lSNVOyU/HXnJYlQLy7YO2q3FaQ44WUF2QfuPQVf8bnzmHZeZ82 8NHoloTOvxStU0zeqdOB98o9hiAaaArXHcxoonsjmM7nv5W2JCCDgsIxbL4VMikw8p19 QP7hJa2bK7rhd4vdhwhYja5M6SuvJOTsg/Fjd7agjxzM9W6nhlXwCkOnMMQJuU5vFcYG 5yrw==
X-Forwarded-Encrypted: i=1; AJvYcCXEsl41siySJTReFEQvthRqXpLw+UIHj8ZZ50lA8Lznhi1JR5fKJM6HLIj4eu9O3WuZG+mN22aCReA+qdE=
X-Gm-Message-State: AOJu0YywVKwdjyJJ+74J7FbOo6wjaviHGBMCbON161h1gOMxhw3uGHxY MJq8wm4TOI1LDgyN37nQc+IQY8bkU84iAtA2yJ4HZC2lMCqS/u9brD+u4uZSdsW+c05guxiBk/Z 2W1WH5Zd6e9e2ALDSVkXGYpC7FnZzya3C3IU=
X-Google-Smtp-Source: AGHT+IE1/s2besHfF3yzr0xRMZzZ2E0f3uprqg12kPIuQkricrTHomU7s3pkUZM+IvUhC7Xb1c6UjclFb0sjQj5jSCM=
X-Received: by 2002:a0d:e891:0:b0:60c:a16b:6797 with SMTP id r139-20020a0de891000000b0060ca16b6797mr9308121ywe.21.1710747335060; Mon, 18 Mar 2024 00:35:35 -0700 (PDT)
MIME-Version: 1.0
References: <CACykbs2EtsmB-V0BjgYeo4GNeUSnZ1jKo6eKQMOVMwsShPaw8w@mail.gmail.com> <CAF8qwaCWVf=D+A1XkcJ5vaYjZ9PduzrakN5jEe3toHNfgQ-Txw@mail.gmail.com> <CAF8qwaDKNDYC4G1nA1i=yMthzxVYez9U-LsQHvfDHB5eY==vRA@mail.gmail.com> <723EEC28-1AC1-493E-8F89-CDB2ABCF0A81@sn3rd.com>
In-Reply-To: <723EEC28-1AC1-493E-8F89-CDB2ABCF0A81@sn3rd.com>
From: David Benjamin <davidben@chromium.org>
Date: Mon, 18 Mar 2024 17:35:16 +1000
Message-ID: <CAF8qwaBPDcovuFpMXD-mnV+pfYtXOgg9SdE3Hww8f+degPUgfA@mail.gmail.com>
To: Sean Turner <sean@sn3rd.com>
Cc: Jonathan Hoyland <jonathan.hoyland@gmail.com>, Yoav Nir <ynir.ietf@gmail.com>, TLS List <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000035b1b90613ea6734"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/JYMAHTpFYbVv5cqw-D_D-Z317ZU>
Subject: Re: [TLS] TLSFlags ambiguity
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 07:36:00 -0000

Oh, perfect! I was trying to find the GitHub repo to make the PR but missed
it somehow. Here's a PR: https://github.com/tlswg/tls-flags/pull/37

On Mon, Mar 18, 2024 at 5:01 PM Sean Turner <sean@sn3rd.com> wrote:

> I just threw in a couple of PRs to align this I-D with 8446bis & 8447bis,
> but forgot to add this issue.  I have corrected this now so that we won’t
> forget again:
> https://github.com/tlswg/tls-flags/issues/36
>
> spt
>
> > On Mar 17, 2024, at 13:53, David Benjamin <davidben@chromium.org> wrote:
> >
> > Did this ever get resolved? I noticed that there was a draft-13 cut, but
> the issue Jonathan pointed out was still there.
> >
> > Looking at Section 2 again, it's actually even goofier than the original
> email suggests. Section 2 first says:
> >
> > > The FlagExtensions field contains 8 flags in each octet. The length of
> the extension is the minimal length that allows it to encode all of the
> present flags. Within each octet, the bits are packed such that the first
> bit is the least significant bit and the eighth bit is the most significant.
> >
> > This is LSB first. Then there's an example, which is also LSB first:
> >
> > > For example, if we want to encode only flag number zero, the
> FlagExtension field will be 1 octet long, that is encoded as follows:
> > >
> > >    00000001
> >
> > So that's all consistent. But then the last paragraph of section 2 says:
> >
> > > Note that this document does not define any particular bits for this
> string. That is left to the protocol documents such as the ones in the
> examples from the previous section. Such documents will have to define
> which bit to set to show support, and the order of the bits within the bit
> string shall be enumerated in network order: bit zero is the high-order bit
> of the first octet as the flags field is transmitted.
> >
> > This says it's MSB first for some reason. But this is not only
> inconsistent, but also redundant with the text at the start of section 2.
> It seems to me we could simply delete the redundant text and move on:
> >
> > > Note that this document does not define any particular bits for this
> string. That is left to the protocol documents such as the ones in the
> examples from the previous section. Such documents will have to define
> which bit to set to show support.
> >
> > David
> >
> > On Wed, Sep 27, 2023, 17:50 David Benjamin <davidben@chromium.org>
> wrote:
> > Nice catch! I agree those don't match. I think bit zero should be the
> least-significant bit. That is, we should leave the examples as-is and then
> fix the specification text.
> >
> > Ordering bits MSB first doesn't make much sense. Unlike bytes, there is
> no inherent order to bits in memory, so the most natural order is the power
> of two represented by the bit. Put another way, everyone accesses bit N by
> ANDing with 1 << N and that's least-significant bits first. I can think of
> a couple systems (DER, GCM) that chose to order bits most-significant first
> and both have caused endless confusion and problems. (It's particularly bad
> for GCM which is actually representing a polynomial, but then messed up the
> order. Let's not repeat this blunder.)
> >
> > On Fri, Sep 15, 2023 at 1:37 PM Jonathan Hoyland <
> jonathan.hoyland@gmail.com> wrote:
> > Hi TLSWG,
> >
> > I'm working on implementing the TLS Flags extension, and I just wanted
> to clarify a potential ambiguity in the spec.
> >
> > In Section 2 the spec says:
> > Such documents will have to define which bit to set to show support, and
> the order of the bits within the bit string shall be enumerated in network
> order: bit zero is the high-order bit of the first octet as the flags field
> is transmitted.
> >
> > And also gives the example for encoding bit zero:
> > For example, if we want to encode only flag number zero, the
> FlagExtension field will be 1 octet long, that is encoded as follows:
> >    00000001
> > In which it seems that the low-order bit of the first octet represents
> zero.
> >
> > I have no preference either way, but when transmitted on the wire,
> should flag 0 be transmitted as
> > 0x01 or 0x80?
> >
> > Regards,
> >
> > Jonathan
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
>
>

v2.23.0 | Report a Bug | By Email