Re: [TLS] Flags extension and announcing support

Nick Harper <ietf@nharper.org> Fri, 22 January 2021 09:55 UTC

Return-Path: <nharper@nharper.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52E263A11E8 for <tls@ietfa.amsl.com>; Fri, 22 Jan 2021 01:55:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TEqvY0qjfn5U for <tls@ietfa.amsl.com>; Fri, 22 Jan 2021 01:55:09 -0800 (PST)
Received: from mail-io1-f50.google.com (mail-io1-f50.google.com [209.85.166.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3FE13A0CED for <tls@ietf.org>; Fri, 22 Jan 2021 01:55:09 -0800 (PST)
Received: by mail-io1-f50.google.com with SMTP id e22so9886713iom.5 for <tls@ietf.org>; Fri, 22 Jan 2021 01:55:09 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fRJlFzoiJ01K56SpNGsthRZyxXHLc534/l5SEkUVQhg=; b=fPqYmwSEJ6n9g8Fg9CddtoxfFL+UX2UUaTJNBJHbghE8597j6VXB8/mtzi5z7+/kZe I7WI+GA/cnjOdbWxH0i3ZpWZyxl5qs+av6f3ajAd8dD8PLNiQt3gUxZkCtDJ1na3TL/T 4QabDHsWB30TMNTjttUajfFJxhpnQlGy7mhxbrv0+2ZCoKaTKKcupbTCtiCE3wQ0x+Eu F6UamXxm5+GAO3SYeDmQVW2eQMPMk2KNBko3EISlI0k0pU7fsbbsgmGKvhOZMTJ2sgZd AUqHsJJbXyWB1iZ4lbCCiEH7rCOgXUBCgKiF/Ra5k+i8C4zNXFSCISN6YtVQW6yWFkdY LyQQ==
X-Gm-Message-State: AOAM533zl8b2EQQYoxe2JNK38kG0J0Vcw7E5SnJ3oZFy83iyn6YWJCB/ 3b6T6Vflf/cM8cmuQR8tKIRGdQXThVdUIZ66LnZHmLrnz2cz6A==
X-Google-Smtp-Source: ABdhPJzWEivDBTWjwLpCYFVHygenepVj5UhE9fK2JRWB9DcDIPxANVKble02pcEbDMa0HdGjO7J0d8wXQB6fzkeomyg=
X-Received: by 2002:a92:1f9b:: with SMTP id f27mr437458ilf.190.1611309308871; Fri, 22 Jan 2021 01:55:08 -0800 (PST)
MIME-Version: 1.0
References: <A7A1AB60-6E20-4F84-A36D-EA9BD8D9C990@gmail.com> <a1ca4368-ed59-426b-8d27-a700aa5af10f@www.fastmail.com>
In-Reply-To: <a1ca4368-ed59-426b-8d27-a700aa5af10f@www.fastmail.com>
From: Nick Harper <ietf@nharper.org>
Date: Fri, 22 Jan 2021 01:54:58 -0800
Message-ID: <CACcvr=k9j0xu6pUHXQbmCBX6gR_z06NDCQf1JwAn8VCK1BJ4VA@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: tls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000fa9afc05b97a2e70"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LFBetPCGGiMK7DpKkx08qFKgt5I>
Subject: Re: [TLS] Flags extension and announcing support
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 09:55:11 -0000

On Thu, Jan 21, 2021 at 9:46 PM Martin Thomson <mt@lowentropy.net> wrote:

> In other words, each flag is treated just like an empty extension: you can
> initiate an exchange with it, but you can only answer with it if it was
> initiated with it.
>
> I agree that this is the correct guiding principle for handling flags. We
should allow unsolicited flags in the same places we allow unsolicited
extensions. Going by section 4.2 of RFC 8446, that would be ClientHello,
CertificateRequest, and NewSessionTicket.