IETF Logo Mail Archive

Re: [TLS] Text for draft-ietf-tls-rfc4366-bis

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Fri, 21 May 2010 22:01 UTC

Return-Path: <jsalowey@cisco.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CAF0A3A68C0 for <tls@core3.amsl.com>; Fri, 21 May 2010 15:01:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.738
X-Spam-Level:
X-Spam-Status: No, score=-8.738 tagged_above=-999 required=5 tests=[AWL=-0.739, BAYES_50=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jCwER53NKMLx for <tls@core3.amsl.com>; Fri, 21 May 2010 15:01:02 -0700 (PDT)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id 7B21B3A68B1 for <tls@ietf.org>; Fri, 21 May 2010 15:01:02 -0700 (PDT)
Authentication-Results: sj-iport-4.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAPSf9kurRN+J/2dsb2JhbACeFXGlOplThRIEg0E
X-IronPort-AV: E=Sophos;i="4.53,280,1272844800"; d="scan'208";a="133250478"
Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-4.cisco.com with ESMTP; 21 May 2010 22:00:56 +0000
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-3.cisco.com (8.13.8/8.14.3) with ESMTP id o4LM0u5F027692; Fri, 21 May 2010 22:00:56 GMT
Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 21 May 2010 15:00:56 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 21 May 2010 15:00:51 -0700
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE50A782CE1@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <AC1CFD94F59A264488DC2BEC3E890DE50A7828B9@xmb-sjc-225.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Text for draft-ietf-tls-rfc4366-bis
Thread-Index: Acr4R9Gvyg7jXV7qRN+VZMquRXZYUQAGZzFAADNmxnA=
References: <AC1CFD94F59A264488DC2BEC3E890DE50A67D0FA@xmb-sjc-225.amer.cisco.com>from "Joseph Salowey" at May 20, 10 08:29:21 am <201005201810.o4KIAx6L005366@fs4113.wdf.sap.corp> <AC1CFD94F59A264488DC2BEC3E890DE50A7828B9@xmb-sjc-225.amer.cisco.com>
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, mrex@sap.com
X-OriginalArrivalTime: 21 May 2010 22:00:56.0254 (UTC) FILETIME=[16AB9DE0:01CAF931]
Cc: tls@ietf.org
Subject: Re: [TLS] Text for draft-ietf-tls-rfc4366-bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 May 2010 22:01:03 -0000

After an offline discussion with Martin I think we really should remove
the sentence " The client MAY omit the extension..." Omitting the
extension seems like a really bad idea, because if the session is not
resumed the client may establish a session with different
characteristics than what was intended. So now we have:

"When the server is deciding whether or not to accept a request to
resume a session, the contents of a server_name extension MAY be used in
the lookup of the session in the session cache.  The client SHOULD
include the same server_name extension in session resumption request as
it did in the full handshake that established the session.  A server
that implements this extension MUST NOT accept the request to resume the
session if the server_name extension contains a different name. Instead,
it proceeds with a full handshake to establish a new session. When
resuming a session, the server MUST NOT include a server_name extension
in  the server hello." 

I think it is also worthwhile to include the guidance from section
7.4.1.4 in RFC 5246 in the paragraph at the end of section 1.1.:

"Note also that all the extensions defined in this document are
relevant only when a session is initiated.  A client that requests
session resumption does not in general know whether the server will
accept this request, and therefore it SHOULD send the same extensions as
it would send if it were not attempting resumption. When a client
includes  one or more of the defined extension types in an extended
client  hello while requesting session resumption:

	-  The server name indication extension MAY be used by the 
         server when deciding whether or not to resume a session 
         as described in section 3.

      -  If the resumption request is denied, the use of the extensions
         is negotiated as normal.

      -  If, on the other hand, the older session is resumed, then the
         server MUST ignore the extensions and send a server hello
         containing none of the extension types.  In this case, the
         functionality of these extensions negotiated during the
         original session initiation is applied to the resumed session."

Joe

> -----Original Message-----
> From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of
> Joseph Salowey (jsalowey)
> Sent: Thursday, May 20, 2010 2:22 PM
> To: mrex@sap.com
> Cc: tls@ietf.org
> Subject: Re: [TLS] Text for draft-ietf-tls-rfc4366-bis
> 
> Hi Martin,
> 
> Thanks, I think I captured your suggestion below.
> 
> "When the server is deciding whether or not to accept a request to
> resume a session, the contents of a server_name extension MAY be used
in
> the lookup of the session in the session cache.  The client SHOULD
> include the same server_name extension in session resumption request
as
> it did in the full handshake that established the session.  A server
> that implements this extension MUST NOT accept the request to resume
the
> session if the server_name extension contains a different name.
> Instead, it proceeds with a full handshake to establish a new session.
> The client MAY omit the extension, in which case, if  the server
chooses
> to resume the session, it must use the server name cached from the
> original full handshake. When resuming a  session, the server MUST NOT
> include a server_name extension in  the server hello."
> 
> > -----Original Message-----
> > From: Martin Rex [mailto:mrex@sap.com]
> > Sent: Thursday, May 20, 2010 11:11 AM
> > To: Joseph Salowey (jsalowey)
> > Cc: ietfc@btconnect.com; tls@ietf.org
> > Subject: Re: [TLS] Text for draft-ietf-tls-rfc4366-bis
> >
> > Joseph Salowey wrote:
> > >
> > > Good suggestion, thanks for the text, here is the text reworked:
> > >
> > > "When the server is deciding whether or not to accept a request to
> > >  resume a session, the contents of a server_name extension may be
> used
> > >  in the lookup of the session in the session cache.  The client
> SHOULD
> > >  include the same server_name extension in session resumption
> > >  request as it did in the full handshake that established the
> > >  session.  If the server_name extension contains a different name,
> > >  the server MUST NOT accept the request to resume the session.
> > >  Instead, it proceeds with a full handshake to establish a new
> > >  Session.  The client MAY omit the extension, in which case, if
> > >  the server chooses to resume the session, it must use the server
> > >  name cached from the original full handshake. When resuming a
> > >  session, the server MUST NOT include a server_name extension in
> > >  the server hello."
> >
> > The requirements appear somewhat imbalanced to me.
> > In order to conform to the requirement
> >
> >    If the server_name extension contains a different name,
> >    the server MUST NOT accept the request to resume the session.
> >
> > every server must (a) implement server_name extension and (b)
> > memorize the content from the initial handshake in the TLS session
> > cache.  At that point the "may be used in the lookup of the session"
> > effectively becomes a MUST be used in the lookup of the session,
> > because the contents will always have to be verified before agreeing
> > a session resumption, even if the server_name contents isn't
> > technically used as a "lookup key" into the cache.
> >
> >
> > This MUST NOT would need to be scoped to the implementors of the
> > "MAY be used in the lookup of the session", and the MAY in the
> > first sentence probably be uppercased.
> >
> >
> > From the architecture point of view, I see the following issues
> > to consider about interaction of ClientHello parameters and
> > session resumption:
> >
> >  -  ClientHello parameters from the session resumption request
> >     MUST NOT affect the session within the session cache at all
> >     (except possibly deleting the session on a failed resumption)
> >
> >  -  ClientHello parameters from the session resumption request
> >     MUST affect connection parameters only in documented fashion
> >     (derivation of keying material e.g. through additional PRF
input,
> >      renegotiation_info extension)
> >
> >  -  ClientHello parameters MUST be checked for compatibility with
> >     the characteristics of the cached session before resumption,
> >     but this check is limited to those parameters that the server
> >     actually implements/supports.
> >
> >  -  In addition, a server may decide that ClientHello parameters
> >     provides characteristics that the server would prefer over the
> >     characteristics of the cached session and go for a full
handshake
> >
> >
> > -Martin
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email