Re: [TLS] draft-thomson-tls-snip-01
Ben Schwartz <bemasc@google.com> Wed, 06 January 2021 17:02 UTC
Return-Path: <bemasc@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 273E13A1010 for <tls@ietfa.amsl.com>; Wed, 6 Jan 2021 09:02:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.971
X-Spam-Level:
X-Spam-Status: No, score=-17.971 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.373, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TzZEYA5Pka9J for <tls@ietfa.amsl.com>; Wed, 6 Jan 2021 09:02:33 -0800 (PST)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 463FA3A100F for <tls@ietf.org>; Wed, 6 Jan 2021 09:02:33 -0800 (PST)
Received: by mail-io1-xd2f.google.com with SMTP id w18so3402546iot.0 for <tls@ietf.org>; Wed, 06 Jan 2021 09:02:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=n3mUoMQ+CMXNEJU+/FaE3kXC6CdY7XZ/rWg33e8wY4Q=; b=n1IWxJd231my65pr9bmtTyZoWPxOCT5qbISidzgHmmmSEzfrpQ89q8pf6/RFwhytGr p88fb7JSHqErPpJCuVy68vXyokxO+KTTDCpVDSpRSvzpOrsobSRMPcdtotiN7IsEzkfm Y0Pl2mhfanILzWG8QtGYq7dffZf26AU13nL3/z+ak95BakW+tc7SFxFTr67Z3ZFL9afX fPu2U7Bv7myCMqUmT1OR2+A89PSrgZkrbx/a82iq5QlL69nL2yhsbk+vb9akd5XYGwsT G4mvtNCgloKkRW275fn94hpsyxkgT82x25T6O6rRgbv8zkq4/bENKFkExW1ozsmUmb6i RE9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=n3mUoMQ+CMXNEJU+/FaE3kXC6CdY7XZ/rWg33e8wY4Q=; b=jSTD0kxiIpU5SGVJhN09PMpg0oG3fGMFIhrUhSxAjwLwfRxESPhpOGLWsipe51SWXI KZJ90s+iEXczbCevC+xL4gPXyxbrrnz6iLxdZTVA/AxzfEXa6t++lsVI82rCEpoAHqc0 B8sF8ZPBotBiSg+8q4zICfMrCd+aJdOST+idQ8Cav/iIoJR79EyNKMHJfp816Myc6h4g 8t5ykHqjdcHX1FT8HzV0SAs5jILcfgh7JvjU6i8NVoOF4rONBg4TIrIs1SjehuM+mYCV xa0IA9qdLbwu9eGCwgMy8hn4w3hzQhqmq1hrp+MHIRv/B+BZdwkxjZTrLvV2Jwj+tAEh 5AKw==
X-Gm-Message-State: AOAM530mNomXM96r+VIOK0I1PuVT0aCzHcGIVAIow+ZEO+mLWMX0VAwN ytBTqGGy8bLva9TQqlvk7Xrt6rk0BAdg56RGn+7l4V01D4QRVw==
X-Google-Smtp-Source: ABdhPJyffqNrBQ8Ak/xV3ZDE4zxO+J/zG1JIAYgPcl8cWcCw6e94ChOwZpE2DuvHDLWr0homaVe8kQ9WnZwcr2aoxsQ=
X-Received: by 2002:a02:856d:: with SMTP id g100mr4482742jai.10.1609952551623; Wed, 06 Jan 2021 09:02:31 -0800 (PST)
MIME-Version: 1.0
References: <3408a291-92b5-43f3-8295-eea5e5d22a19@www.fastmail.com>
In-Reply-To: <3408a291-92b5-43f3-8295-eea5e5d22a19@www.fastmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Wed, 06 Jan 2021 12:02:20 -0500
Message-ID: <CAHbrMsBAb-XNop1Ot8s9WjdJShGydKtUaD6vx5Xeq7JSqzojjA@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000000293905b83e4a07"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/L8pzyfNcpC403tM1VWYdDXUfENA>
Subject: Re: [TLS] draft-thomson-tls-snip-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2021 17:02:35 -0000
Hi Martin, Thanks for the update. I agree this is clearer. I'm having trouble understanding the "default authentication scope". How can this be a useful construct, if clients and servers are both forbidden from using it? Section 7 says that ordinary connection to a service by its AAAA record and a well-known port "does not provide enough information to locate other incompatible protocols". That seems like a convention, rather than a matter of fact. Overall, I still think SNIP would be more useful if it focused on the scope of "same IP and port number", which would minimize coordination problems and increase utility in most use cases. That happens to be the effect of the "QUIC" scope anyway. I would call this the "default" scope. BTW, Section 6.2 seems to assume that all ServiceMode (formerly "ServiceForm") SVCB records in an RRSet have the same TargetName (formerly "SvcDomainName"), but that is not required. The scope as currently defined is effectively "same IP", which is narrower. On further consideration, I think a SVCB scope may be unworkable. Consider a CDN customer who copies the CDN's ServiceForm RRSet into their own domain, and (alas) fails to keep it up to date. If the CDN adds a new incompatible protocol, everything will work fine, but SNIP will flag this as an attack, possibly making the customer's site unreachable. The problem is that the SVCB scope doesn't identify _which_ SVCB RRSet it's referring to, and it's not always easy to enumerate all the SVCB RRSets that include a particular endpoint. On Mon, Jan 4, 2021 at 1:45 AM Martin Thomson <mt@lowentropy.net> wrote: > Hi all, > > I've refreshed this draft: > > https://datatracker.ietf.org/doc/draft-thomson-tls-snip/ > > Synopsis: This describes a method for protecting against downgrade attack > when protocols are in some way incompatible such that ALPN cannot provide > that protection. > > This revision is an attempt to more fully and clearly describe how this > works. I'm still not entirely happy with how this explains itself, but it > should be marginally clearer now. > > Cheers, > Martin > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] draft-thomson-tls-snip-01 Martin Thomson
- Re: [TLS] draft-thomson-tls-snip-01 Ben Schwartz
- Re: [TLS] draft-thomson-tls-snip-01 Martin Thomson