IETF Logo Mail Archive

Re: [TLS] Connection ID Draft

Nikos Mavrogiannopoulos <nmav@redhat.com> Fri, 13 October 2017 06:21 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DC4F1345A7 for <tls@ietfa.amsl.com>; Thu, 12 Oct 2017 23:21:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ELlCE8UCXQbn for <tls@ietfa.amsl.com>; Thu, 12 Oct 2017 23:21:11 -0700 (PDT)
Received: from mail-wm0-f53.google.com (mail-wm0-f53.google.com [74.125.82.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 088C2134519 for <tls@ietf.org>; Thu, 12 Oct 2017 23:21:10 -0700 (PDT)
Received: by mail-wm0-f53.google.com with SMTP id l68so18728437wmd.5 for <tls@ietf.org>; Thu, 12 Oct 2017 23:21:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=GhdR2Ym9zuU6vjUlDr1LdLRnYIkVZxkjbBrOdlo2PX4=; b=RNxe/7Udd3ev/ASAlTQin2bYm8NJ9KXeuhmnYUcG/5vWJkF573ZGxuO/3vaJyqdPjd /mfSe5VvYobDKXHNVvewGoWtkr8cGN6P+KDiEsGCHrYpuls9CKbRXcroaHoIWq+378mC hpWDZAEaqlbu+o3fcidmjnIa5eznAuFUfPDOxc4yWulDMdA5jdSnWvihFj9O40G/DdVN h8a3Q6/t2HTfhbGJgLvUNncwo6Hv8tJ3/wWSjMpt6SMkxEE7EP9d0GLxpB40/7xtAZRI 3T1mhUpbeCkF/2hqy7IXwIvMCB7rs+BaMStKPWcusJT6InQtCuD0CAYhx1eh5IouGLPO odFQ==
X-Gm-Message-State: AMCzsaUDxCA3azOqLbkL1pX5OLCL1CwSStt8hZaVAQaAJwaj24+T4inm YJaUEiGsRLFtepl/3sHpwOkCVUCbcJo=
X-Google-Smtp-Source: ABhQp+RNQcp45vY2BKfYP1TrWYl0zkSatqojTCWnzfe/cHDHfyqflnQfXthgI4XZJWK/z0Rl0uC5KA==
X-Received: by 10.28.111.206 with SMTP id c75mr508340wmi.123.1507875669184; Thu, 12 Oct 2017 23:21:09 -0700 (PDT)
Received: from dhcp-10-40-1-102.brq.redhat.com ([2a02:214d:8007:2600:c819:dbd5:903d:344d]) by smtp.gmail.com with ESMTPSA id r1sm565551wrr.56.2017.10.12.23.21.07 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 12 Oct 2017 23:21:08 -0700 (PDT)
Message-ID: <1507875665.3178.19.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Eric Rescorla <ekr@rtfm.com>, "tls@ietf.org" <tls@ietf.org>
Date: Fri, 13 Oct 2017 08:21:05 +0200
In-Reply-To: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com>
References: <CABcZeBPXB6cOSztzDHtKSWUCJrgET+9cF_rAiiE8CYCUSY_uLA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.24.6 (3.24.6-1.fc26)
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/K0N_bI7jcEcma5rC36-0guSE2xM>
Subject: Re: [TLS] Connection ID Draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Oct 2017 06:21:13 -0000

On Thu, 2017-10-12 at 16:13 -0700, Eric Rescorla wrote:
> Hi folks,
> 
> I have just posted a first cut at a connection ID draft.
> https://tools.ietf.org/html/draft-rescorla-tls-dtls-connection-id-00

I believe the major issue with that is the fact that the record packet
format changes, but there is no way for a party in between to be able
to determine the record packet format without keeping session state.
Think not only of middle boxes, but of super-servers which may receive
of a stray udp packet which they have to forward to the appropriate
server [0]. With that change, they cannot figure whether the packet
contains the CID or not in a deterministic way for a random CID.

One can hack around that limitation by providing a CID which starts
with 0xffff which is an illegal size currently for TLS or DTLS, but
would have to worry with future extensions to the protocol which may
increase the maximum size.


Another worrying feature is that the client can make the server send up
to 255 verbatim bytes on the wire of his choice. Why was this feature
added? Are there use cases related with it (intro doesn't mention any),
or it was only thought as a make it as generic as possible approach? If
it is the latter, I'd recommend to provide a simple approach that
covers the described use cases.

The same argument applies to the server being able to set such a long
sequence of verbatim bytes to each of the client packets.

regards,
Nikos

[0]. That was exactly my use case for introducing the CID info, as in
openconnect server, the super-server receives the stray UDP packets
arriving after a NAT disassociates existing connections.

v2.23.0 | Report a Bug | By Email