IETF Logo Mail Archive

[TLS] Re: Errata 4800

Michael StJohns <msj@nthpermutation.com> Sat, 08 March 2025 19:00 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 4770192AB46 for <tls@mail2.ietf.org>; Sat, 8 Mar 2025 11:00:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EdDK791CNXJ4 for <tls@mail2.ietf.org>; Sat, 8 Mar 2025 11:00:14 -0800 (PST)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id B7A2C92AB30 for <tls@ietf.org>; Sat, 8 Mar 2025 11:00:14 -0800 (PST)
Received: by mail-qk1-x730.google.com with SMTP id af79cd13be357-7c0155af484so428698185a.0 for <tls@ietf.org>; Sat, 08 Mar 2025 11:00:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20230601.gappssmtp.com; s=20230601; t=1741460413; x=1742065213; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=VA+bupd0vBOnO+IECksvY00ymeZ89PZ4VE8uT83vw1A=; b=ojEMQ+3ssowd4ZJfWPv5XduwzcHGp1iRqtfpKYOGAcV7MD32IWEuomG3/HFLZRTcQT cGOvpfcD6Qv5swfK5xNAcKBYO8Te2pSi9RNoXE3dSLJ0E2q4gNAmStMvYoFSMf2EWScD 94gntcATdbAQ8z0+s1J/8LptT+Hqmc+2xwsCSwOtmBRYucMFI4LxE/jJU/M8rOWLw3AE U+5qrA5wg6rQkeh3Yuu8n0gkfzP7xPGjc/qp/DswYleRTXgAhepwcEWWRmyfmcvIYIxl 7RIwJrAm/cWE+Z1UNP17hCkwRwj7zhqZFUOlGjSoXwlEHA5doPPS1NJDQ4T1z4iqsiuj hJag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741460413; x=1742065213; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VA+bupd0vBOnO+IECksvY00ymeZ89PZ4VE8uT83vw1A=; b=RatBjiO4wvRCMPIjWsi0L/RlL79bXi10GfngytvnIUKYamdiIMY+BxyuwlCH45qUL8 P/mG49D0xGu7w61g8d4A46U6OmcrqDd8n0PWW5bEV9hDh+ynwKizCB9eo1i0nE7DqolU uh8HJb0JHpS6baSx4xJZtF10bLVtFbFP9CI1d64TRgcJcPvZxzWxrpAgFfiD9HfNyJbj qE333dnJeaIhibq1rPbi3LTFQVUoV/qqUFtFVA9EkQWPaxBbeZVPVeKzUikgpf2KIrug oPD3gOZn+pj1nz5nqL0DBfoHW51sYcRfYoxGwPxpu3PiOhHWmlN4ss4qL6c2+AGcuJoH Tdvg==
X-Gm-Message-State: AOJu0YwyjQyIwM9P2vtRnxObSFQQJZIttwM6HR7XwLXPs/YB4vmBZKS0 5g1qOmVBrHAnveF/BoY81RgO4p+UZiJ1hUSvlhhndGQ+uSglgo6j04nA1ffY2jPvdR0knsOg1mP c
X-Gm-Gg: ASbGncszmrkA5vYwgjR+6G2IGPA3KVSFKFzjfw0iPIFuWbhI4YJz5ttL6a9yhT/0gAx DkkuR/jKTjYIXn7/K+D5eLSwPXib93fXlJGp2nbkb11j6jO2iCugdO3PLyaHVeRNIaMB0wdvhEf j/H/HvkdEsKjmX2BaSwhAO8MutOxpfS9S0wPhomXY6O8brFVaZsLJm9AjtYH7GCnTFmxsW+Up5X 8UgBhKDzXMRBak7a1N/qHfij1Q/A1+6FyqJCprCK48ktSP40lr1R5NGKDZNvDYXpw1Zl8vxLhpB nBqFYLJqNg3XG/V8b8/I8LfWJK31hjk8yNlhfEYWD4ImL+SM/NEo1yEFiIvAiu+Ql9VUAKqzEEW LMc43O1aBgEynsKsfg+kH
X-Google-Smtp-Source: AGHT+IHtXnCAT2a0IuRURd42Kc5snyEprQ63wyWdyPQ1URWNIfbYZPYwR7x2knRE6DcvbnMoPCCXjA==
X-Received: by 2002:a05:620a:6848:b0:7c5:4463:29a8 with SMTP id af79cd13be357-7c544632c78mr272643385a.11.1741460413173; Sat, 08 Mar 2025 11:00:13 -0800 (PST)
Received: from [192.168.1.10] (pool-108-48-44-44.washdc.fios.verizon.net. [108.48.44.44]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7c45e28c86asm308146385a.16.2025.03.08.11.00.12 for <tls@ietf.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 08 Mar 2025 11:00:12 -0800 (PST)
Message-ID: <a2c52556-f913-4a04-98dd-9f4aec9e3247@nthpermutation.com>
Date: Sat, 08 Mar 2025 14:00:11 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: tls@ietf.org
References: <6cf868f7-5761-4791-bca1-0ac8b763f473@nthpermutation.com> <e7fb9468-8a9a-4e84-b5ac-35efcd226020@app.fastmail.com>
Content-Language: en-US
From: Michael StJohns <msj@nthpermutation.com>
In-Reply-To: <e7fb9468-8a9a-4e84-b5ac-35efcd226020@app.fastmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Antivirus: Norton (VPS 250308-4, 3/8/2025), Outbound message
X-Antivirus-Status: Clean
Message-ID-Hash: CJBJ4QQ3VLVFWYW6AV5SOFADSRQVXAG4
X-Message-ID-Hash: CJBJ4QQ3VLVFWYW6AV5SOFADSRQVXAG4
X-MailFrom: msj@nthpermutation.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Errata 4800
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LeiBjaZtIQSx4I3jQkiz4GgDy5o>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Hi Martin - you said:
> TLS is full of this sort of thing.  The point being that the maximum values exist to define the size of the length field, not the practical limits.

In that case, since this function is obsoleted, and there's nowhere to 
actually put an update to the document, I would suggest that "REJECTED" 
is correct.  I'm basing that on your comment above that this isn't 
actually a problem.  Is there a "TLS Style Guide" or something similar 
that captures this?   (I think I knew this as a background noise thing 
as being different from how ASN1 does length field encoding...)

In general, I'm using Verified for "Technical - this is something that 
needs to be fixed otherwise things break."; and HFDU for Editorial - 
"This is annoying, but nothing breaks" and I think that's consistent 
with general usage of the system.  In the current case, I'm still 
working my way through errata against old or very old documents and had 
a few where there was a valid errata, but that the downstream 
(updates/obsoletes) document fixed the problem.  I've started marking 
those as "Verified" because they were a problem in the document and 
that's the state I have available in the Errata system.  I'd rather mark 
them "OBE" or "Fixed".

In the current case, if I could use any set of words,  it would probably 
be "REJECTED/OBSOLETE" given your comment, and "HFDU" if this hadn't 
been removed from TLS1.3.

Mike

ps - isn't ClientIdentity where you'd put a PQ certificate chain?  And 
aren't some of those > 64K in length?   I'm glad this has been removed 
from TLS1.3 and we don't have to go back and fix it... :-).

On 3/8/2025 3:48 AM, Martin Thomson wrote:
> I don't think that Verified is quite right.
>
> It's true that the maximum possible length of a ClientIdentity doesn't fit into the structure defined.  But nor does it fit into handshake messages (though the overflow is potentially smaller).
>
> TLS is full of this sort of thing.  The point being that the maximum values exist to define the size of the length field, not the practical limits.
>
> In this particular case, the suggested ticket formulation simply doesn't work if the ClientIdentity is too large.  Good thing too, because I doubt that anyone would want a 16MB ticket.
>
> I'd put this down as HFDU instead.
>
> On Fri, Mar 7, 2025, at 20:21, Michael StJohns wrote:
>> https://www.rfc-editor.org/errata/eid4800
>>
>> RFC 5077 <https://www.rfc-editor.org/rfc/rfc5077>, "Transport Layer
>> Security (TLS) Session Resumption without Server-Side State", January
>> 2008
>>
>> I'm working through the list of errata and came across this one.
>>
>> This mechanism is obsolete in TLS1.3, but still exists in TLS1.2.
>>
>> The errata appears to be valid with respect to the wrapping length
>> issues of the indicated structures - (E.g. a 2^16-1 object can't
>> encode/wrap a 2^24-1 object).
>>
>> Someone should consider the structures defined here but carried to
>> TLS1.3 and verify length consistency and issue an errata if needed.
>>
>>
>>
>> If TLS1.2 is actually still live for development (and new RFCs), I'd
>> mark this errata as Verified.  Otherwise, if TLS1.2 is obsolete (and
>> not just its documents), I'd mark this errata as "Rejected" as there's
>> nowhere to apply the errata.
>>
>> I'll leave it to the chairs of TLS to figure out which is more appropriate.
>>
>> Mike
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> TLS mailing list -- tls@ietf.org
>> To unsubscribe send an email to tls-leave@ietf.org
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org

v2.29.0 | Report a Bug | By Email | System Status