Re: [TLS] Proposed text for removing renegotiation

Martin Thomson <martin.thomson@gmail.com> Thu, 19 June 2014 15:28 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31C2F1A026F for <tls@ietfa.amsl.com>; Thu, 19 Jun 2014 08:28:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3qIfNdAwMg0l for <tls@ietfa.amsl.com>; Thu, 19 Jun 2014 08:28:21 -0700 (PDT)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com [IPv6:2a00:1450:400c:c00::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 931801A026E for <tls@ietf.org>; Thu, 19 Jun 2014 08:28:21 -0700 (PDT)
Received: by mail-wg0-f50.google.com with SMTP id x13so2426999wgg.21 for <tls@ietf.org>; Thu, 19 Jun 2014 08:28:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=47ab3z24/LYqyuH8oZ3PmoR2KwkI0KpX7vfZ5Mhj2kI=; b=vJNkPEXPERQx7rWyU0HQH0UHavkJTFhgGgKUQSLwPZVFVwH8vWv2Ns3UziKys//LOE H0MDSpvACip/UtNdHjK6RKR3vSDmPRivRTSV2iv+mcq9dhGwwbKfkfusciPUIl1F+n60 KXL5XZxZKNXRhb9tBvA4+XZzvxXgDZ74Lp+s2wa5+zybWG/csHl9TEpS5pUUhxBrxRvL a0dNCmGdvBTRERxZos3ZnjudrOeOY8/io8rH7EbdReNDuVbfsxRakPneH0gwmFwRSRfi KWfFu4ogJEXm9JnJr2m3WAkS2JgEmpW+o1vr3DsCyIfv0RdjgjBjoHNjOqRXI/H3VEEy gOQQ==
MIME-Version: 1.0
X-Received: by 10.180.96.6 with SMTP id do6mr7562897wib.44.1403191700264; Thu, 19 Jun 2014 08:28:20 -0700 (PDT)
Received: by 10.194.51.134 with HTTP; Thu, 19 Jun 2014 08:28:20 -0700 (PDT)
In-Reply-To: <1403173608.5825.6.camel@dhcp-2-127.brq.redhat.com>
References: <CAFewVt65X1V6=A_HP_pcg=6nXNVFLxQmSsPB2rq1KvmGPRz+og@mail.gmail.com> <20140606223045.3B5AF1AD46@ld9781.wdf.sap.corp> <CACsn0cmcc6kXvOuqkZaDj7+QPdpY9qqQ58bs3s-JBGXdNJSZyw@mail.gmail.com> <CABcZeBPe45BM-uXd7DEBD_BBn=jhk8KkYB=facp+NMb2e4nBiw@mail.gmail.com> <1402299260.2427.2.camel@dhcp-2-127.brq.redhat.com> <CABkgnnX5+fXNDy1o7Pu60rp8vSx7XfKbt337e_q=+3fb8fXHJw@mail.gmail.com> <1402388399.2369.5.camel@dhcp-2-127.brq.redhat.com> <CACsn0cm5OzzjOh5nSXcu-cx+ZYFeJiJ5eGvgwjsWPUeX4ozz2g@mail.gmail.com> <1402476304.2305.8.camel@dhcp-2-127.brq.redhat.com> <CACsn0cmM4KpMgwXo0iTygsQ+En6N3J46jPY-Q3hfwzqG431M1w@mail.gmail.com> <1402648977.6191.36.camel@dhcp-2-127.brq.redhat.com> <CACsn0ck6OxPm8BwuNeAn+wpayaefkAzZtiyjkaQ1sB_4hp0C_Q@mail.gmail.com> <1402990596.2335.18.camel@dhcp-2-127.brq.redhat.com> <53A0AB7E.4050706@fifthhorseman.net> <1403173608.5825.6.camel@dhcp-2-127.brq.redhat.com>
Date: Thu, 19 Jun 2014 08:28:20 -0700
Message-ID: <CABkgnnVuTauFLeto3KebbMDFysjpd7rg_dHrTQVZBeS8BktmoA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/K4LkyMrfTeG9qlzbQYxJKNYqfa4
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Proposed text for removing renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jun 2014 15:28:23 -0000

On 19 June 2014 03:26, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote:
> My counter-proposal would be:
> 1. Removing the Note "If a rehandshake occurs while data is flowing on a
> connection, the communicating parties may continue to send data using
> the old CipherSpec."
>
> 2. Adding the text: "During the handshake process implementations SHALL
> NOT allow application protocol data exchange. Implementations SHALL
> terminate the session if application protocol data is received." (in
> DTLS that data may arrive due to network errors so they should be
> quietly discarded.
>
> 3. Adding the text "Since the authentication credentials may change
> during a renegotiation the upper layers must be notified of either the
> new negotiation process or any identity change."
>
> That would make renegotiation a strictly inband process, and
> applications would be able to distinguish traffic before and after a new
> negotiation.

That sounds strictly worse than what we have today.

Points 1&2 render the connection unusable, something that many
applications can't have.  In many respects - other than TCP congestion
window warmup perhaps - this is equivalent to Brian's proposal to
remove renegotiation and replace it with nothing, forcing people to
make new connections.

And the main point, which is that it's not the lack of a notification
API for renegotiation that causes the issue, it's the fact that it can
happen at all.