Re: [TLS] Encryption of TLS 1.3 content type

Yoav Nir <ynir.ietf@gmail.com> Mon, 28 July 2014 07:41 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CC971A017C for <tls@ietfa.amsl.com>; Mon, 28 Jul 2014 00:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q9Pjn4GYdY-L for <tls@ietfa.amsl.com>; Mon, 28 Jul 2014 00:41:10 -0700 (PDT)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4099C1A023F for <tls@ietf.org>; Mon, 28 Jul 2014 00:41:09 -0700 (PDT)
Received: by mail-wi0-f176.google.com with SMTP id bs8so3898000wib.3 for <tls@ietf.org>; Mon, 28 Jul 2014 00:41:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PbKusKfDTZFM3AhJ9YGZK2LhVQXm8FdZQzM/kilOv+w=; b=A75cdf7bcVqg8boNs1QURMrWM1x1PetiZMEgxNvN1F5r7m4AGWHEdZYW28nw82D6y7 yRlx6MU+qA1MXP00TQBm6lxBypiM0OycPibgE3b8KicvS6B4+FzBzTdMo98v//kSXyLs 81GfWF2cbwwh3BEErb+q58e27GDEQiRS1sEtRkVWZj7xtchymcws4pIlRs9QM/C/Lk17 KNRPEPcO72GYFCpJwMNI/3z4XxOKLkDmj4OpgxyKmPiEsypAVI++cKCy0ECKh3a+cE8P QoTyDEgvCCVUtzTB50Y95vom1tu3dX491DC48rWypH4mP02agXCNBPAmj70bCPG8L9KI uJqQ==
X-Received: by 10.180.149.161 with SMTP id ub1mr28390550wib.32.1406533267838; Mon, 28 Jul 2014 00:41:07 -0700 (PDT)
Received: from [172.24.248.227] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id wu6sm47449118wjb.46.2014.07.28.00.41.06 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 28 Jul 2014 00:41:07 -0700 (PDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C738EFB1969@uxcn10-5.UoA.auckland.ac.nz>
Date: Mon, 28 Jul 2014 10:40:03 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <673161E8-BD26-47D5-B27B-1C6430DCD0BA@gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C738EFB1969@uxcn10-5.UoA.auckland.ac.nz>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/LhWzqaQWaZ51O5xSNaN71RQp4rI
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Encryption of TLS 1.3 content type
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jul 2014 07:41:12 -0000

On Jul 28, 2014, at 7:08 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:

> Yoav Nir <ynir.ietf@gmail.com> writes:
> 
>> I believe that changing the 5-byte record header will cause us trouble. 
>> Passive IDS/IPS devices follow TLS streams to detect certain attacks. They 
>> will cut connections. 
> 
> Is it really up to the TLS WG to break (or at least constrain) our designs
> in order to accomodate broken middleboxes?  They're not going to understand
> any of TLS 1.3 anyway and will need to be updated when it comes along, so why
> keep this legacy header just for them?

It is up to the TLS WG to design something that works on the Internet. And the Internet is full of middleboxes.

When they were updated to tolerate TLS 1.1/1.2, some may have version tolerance for forward versions as long as the first byte in 0x03. In looking for abnormally long or short records or for a malformed stream, they may drop any new TLS 1.3 header that doesn’t look like a TLS header.  That kind of thing made WebSockets far less viable than people hoped.

And these middleboxes are not always updated in a timely manner.

Yoav