[TLS] Future interoperability issues for HRR for new extensions; Was: UPDATED Last Call: <draft-ietf-tls-tls13-24.txt> (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard
Hubert Kario <hkario@redhat.com> Wed, 21 February 2018 11:46 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6ABA4126CF6 for <tls@ietfa.amsl.com>; Wed, 21 Feb 2018 03:46:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, T_SPF_HELO_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sd5rdt-PA_TE for <tls@ietfa.amsl.com>; Wed, 21 Feb 2018 03:46:39 -0800 (PST)
Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43BB212426E for <tls@ietf.org>; Wed, 21 Feb 2018 03:46:39 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8232E7C6A0 for <tls@ietf.org>; Wed, 21 Feb 2018 11:46:38 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (unknown [10.43.21.223]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4220F2026E03 for <tls@ietf.org>; Wed, 21 Feb 2018 11:46:35 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Wed, 21 Feb 2018 12:46:30 +0100
Message-ID: <8306658.5F4S3bOxA1@pintsize.usersys.redhat.com>
In-Reply-To: <151880080195.1349.14035524657942875385.idtracker@ietfa.amsl.com>
References: <151880080195.1349.14035524657942875385.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart4434139.M75dIATD6A"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Wed, 21 Feb 2018 11:46:38 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Wed, 21 Feb 2018 11:46:38 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'hkario@redhat.com' RCPT:''
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KW7yNt-vAFRPCyodArUusvvIVVE>
Subject: [TLS] Future interoperability issues for HRR for new extensions; Was: UPDATED Last Call: <draft-ietf-tls-tls13-24.txt> (The Transport Layer Security (TLS) Protocol Version 1.3) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2018 11:46:40 -0000
On Friday, 16 February 2018 18:06:41 CET The IESG wrote: > The IESG has received a request from the Transport Layer Security WG (tls) > to consider the following document: - 'The Transport Layer Security (TLS) > Protocol Version 1.3' > <draft-ietf-tls-tls13-24.txt> as Proposed Standard Section 4.1.2 currently states that the only changes allowed to the second ClientHello message (in HelloRetryRequest case) are: - replacing key_share - removing early_data - adding cookie - updating pre_shared_key - adding, removing or changing padding What about extensions undefined now? What if in the future we have another extension like the PSK extension that needs to be updated for the second ClientHello? Do we accept that the above list is set in stone and will never change (except for new protocol versions), requiring all future extensions to also require the same extension payload for first and second ClientHello? -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
- [TLS] UPDATED Last Call: <draft-ietf-tls-tls13-24… The IESG
- Re: [TLS] UPDATED Last Call: <draft-ietf-tls-tls1… Sean Turner
- [TLS] Future interoperability issues for HRR for … Hubert Kario
- Re: [TLS] Future interoperability issues for HRR … Benjamin Kaduk
- [TLS] external PSK identity enumeration Re: UPDAT… Hubert Kario
- Re: [TLS] Future interoperability issues for HRR … Eric Rescorla
- Re: [TLS] external PSK identity enumeration Re: U… Eric Rescorla
- Re: [TLS] external PSK identity enumeration Re: U… Hubert Kario
- Re: [TLS] external PSK identity enumeration Re: U… Eric Rescorla
- Re: [TLS] external PSK identity enumeration Re: U… Martin Thomson
- Re: [TLS] external PSK identity enumeration Re: U… Tony Putman
- Re: [TLS] external PSK identity enumeration Re: U… Hubert Kario
- Re: [TLS] external PSK identity enumeration Re: U… Hubert Kario