Re: [TLS] PR#1091: Changes to provide middlebox robustness

Martin Thomson <martin.thomson@gmail.com> Wed, 08 November 2017 00:41 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFBA612D0C3 for <tls@ietfa.amsl.com>; Tue, 7 Nov 2017 16:41:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NxhFwumdCQAU for <tls@ietfa.amsl.com>; Tue, 7 Nov 2017 16:41:21 -0800 (PST)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28C72129C3E for <tls@ietf.org>; Tue, 7 Nov 2017 16:41:17 -0800 (PST)
Received: by mail-oi0-x235.google.com with SMTP id g125so789746oib.12 for <tls@ietf.org>; Tue, 07 Nov 2017 16:41:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Q+HER7ynNI//2Ymb5lpZWdX2g8UcOO5K4+zhAzmjQAo=; b=i60oA24R+45ZaDKikexHiAHOTMc6JBWXN3TkE1tJm0Tqn8RSpk0XCtP6IDRms/lM2L NprNF4z1zb+5DwpS4YpvfnzzdEtKV0LmdNCbVavCrx8xu9d0IeSdQdhkm5UwRu1hInXf 3lE2hsCcEp+GB8LvQQzbGaByFFq83uhi3X549Cl+jAL8CAp0NINa/EwJ6QZJ/+9fadTy 0Kzsd5w0Zu4z8NGmoY3s/5bA0w++JQN8I9EHI0jKzMhin2JNT2R6FOfrZSjmsoYB5vcI DcOdieC2kDjD6Wuz54WvNCEE5g3bTRujDPAEMCEiyFGMJl0aKhkUPsbIk+HeneGNyvp+ bG4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Q+HER7ynNI//2Ymb5lpZWdX2g8UcOO5K4+zhAzmjQAo=; b=mFaYUVA9YnUtMchlOV9M245PxmIxeZMcLmMiF58AtOc6kbOWsbgCnl0crfd1hg7jey /5CX5ycwmqTtJHZccMGYYrF6rfvgLw2nEjMh3XhJ3r8OjHT0Ac8Kpihi3qhFwEt8uVD2 asbMYBYD0+ndRy2K2kp3lVUAaClYtc/qSFKIXh86VTJE1/ZJ/i6S6pMw/+M6G3QC3VeS uLyKGc1DKx1R1AutWAWxQAQvqOqNXwAHWz4/I027WgNl1TiDYAtssY9mTE3MLP1Z2CoP zn8N6yWdDXmonjmSCmP1P1DwS0zqGdS1ogFSDSRAWnHBrb2Q4GwXuNkD+HNPpk58RYaq 2X9w==
X-Gm-Message-State: AJaThX7wgni9RtmBfAjrUaj/dze/q8TYnmDuyBjLikUJQnrc2gVs6Hp2 Xk0NJc22hps1GSvpZHB3WQnrcrjdRcOpZCsYuGc=
X-Google-Smtp-Source: ABhQp+THlJ8nJz8z2cnoPpVklVZV52YxAOXai0eTXdOdM12HM0/6n8wsLANwqjRcawx1Yn/qjIjSN/BlNI6KXSXL7ys=
X-Received: by 10.202.75.216 with SMTP id y207mr337023oia.282.1510101676465; Tue, 07 Nov 2017 16:41:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.15.155 with HTTP; Tue, 7 Nov 2017 16:41:15 -0800 (PST)
In-Reply-To: <CABcZeBNm4bEMx0L6Kx-v7R+Tog9WLXxQLwTwjutapRWWW_x9+w@mail.gmail.com>
References: <CABcZeBNm4bEMx0L6Kx-v7R+Tog9WLXxQLwTwjutapRWWW_x9+w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 8 Nov 2017 11:41:15 +1100
Message-ID: <CABkgnnV34_h1ANeAzG5s0D=RvFK066RLE1zzA84PHZDWrhRLng@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OprAsM9V5eATP3LanH-3BFgVCFI>
Subject: Re: [TLS] PR#1091: Changes to provide middlebox robustness
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 00:41:24 -0000

On Tue, Nov 7, 2017 at 5:19 AM, Eric Rescorla <ekr@rtfm.com>; wrote:
> - The client sends a fake session_id and the server echoes it

One friendly amendment.  I think that we should insist (with a MUST)
that the server send CCS in the case that it receives a non-empty
session_id.  That gives clients the ability to insist on use of the
compatibility hack by a server.

Evidence shows that the server can't ensure that these (expletive
deleted) middleboxes don't mess with the connect unless the client
takes the steps that are outlined here, so it has no way to control
the use of the compatibility mode.  On the other hand, having the
server not send CCS when compatibility mode was needed would somewhat
undermine the client's efforts.