[TLS] draft-davidben-tls-grease-01

Hubert Kario <hkario@redhat.com> Mon, 05 September 2016 11:07 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 635D712B0BD for <tls@ietfa.amsl.com>; Mon, 5 Sep 2016 04:07:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.41
X-Spam-Status: No, score=-8.41 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.508, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id mjj0wQYs4-ih for <tls@ietfa.amsl.com>; Mon, 5 Sep 2016 04:07:43 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE45912B0E5 for <tls@ietf.org>; Mon, 5 Sep 2016 04:07:42 -0700 (PDT)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3981FC056800; Mon, 5 Sep 2016 11:07:42 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (dhcp-0-191.brq.redhat.com []) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u85B7eGw020415 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 5 Sep 2016 07:07:41 -0400
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Mon, 05 Sep 2016 13:07:40 +0200
Message-ID: <8143099.xajr1xgLIA@pintsize.usersys.redhat.com>
User-Agent: KMail/5.2.3 (Linux/4.7.2-201.fc24.x86_64; KDE/5.25.0; x86_64; ; )
In-Reply-To: <CAF8qwaC5c1LTGVc+Li386JPs5oUyqK-wtbZZyA9ZgD0oZcu3jw@mail.gmail.com>
References: <CAF8qwaCaW2Q+z_JoDqzQZaGCWJ2aqUiyK8_J8_CO4Ck_cqtaSA@mail.gmail.com> <67E72566-5389-4AD2-8965-4FF85F9F42FD@sn3rd.com> <CAF8qwaC5c1LTGVc+Li386JPs5oUyqK-wtbZZyA9ZgD0oZcu3jw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1981851.TFVHOBDURc"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com []); Mon, 05 Sep 2016 11:07:42 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LIzZXWbYnLFUtc6VWQaY2rLSK8Q>
Subject: [TLS] draft-davidben-tls-grease-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Sep 2016 11:07:46 -0000

On Friday, 2 September 2016 18:53:45 CEST David Benjamin wrote:
> I've finally gotten to uploading
> https://tools.ietf.org/html/draft-davidben-tls-grease-01 which hopefully
> resolves the procedural issues (thanks again!). I've also revised the text
> slightly after some off-list feedback about the risks of non-deterministic
> failures.

   Clients SHOULD balance diversity in GREASE advertisements with
   determinism.  For example, a client which randomly varies GREASE
   value positions for each connection may only fail against a broken
   server with some probability.  This risks the failure being masked by
   automatic retries.  A client which positions GREASE values
   deterministically over a period of time (such as a single software
   release) stresses fewer cases but is more likely to detect bugs from
   those cases.

How about adding "In particular, it is RECOMMENDED that for a given browsing 
session, used GREASE values for a given server are constant."?

   Clients MUST reject GREASE values when negotiated by the server.
   When processing a ServerHello containing a GREASE value in the
   ServerHello.cipher_suite or ServerHello.extensions fields, the client
   MUST fail the connection.  When processing an ECParameters structure
   with a GREASE value in the ECParameter.namedcurve field, the client
   MUST fail the connection.

   Note that this requires no special processing on the client.  Clients
   are already required to reject unknown values selected by the server.

Don't the other RFCs just say that clients should reject values not advertised 
by client? Since GREASE values are advertised by clients, I don't think the 
"no special processing" applies. As such, handling how connections in which 
server selects GREASE values should be specified precisely.
(I haven't checked the RFCs for that so I may be mistaken, but still is a bit 
dicey to say that programmers don't need to check error handling in their 
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 99/71, 612 45, Brno, Czech Republic