Re: [TLS] CH padding extension

Christopher Wood <christopherwood07@gmail.com> Tue, 12 June 2018 18:00 UTC

Return-Path: <christopherwood07@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7627130F96 for <tls@ietfa.amsl.com>; Tue, 12 Jun 2018 11:00:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U73uEvc_nn9e for <tls@ietfa.amsl.com>; Tue, 12 Jun 2018 11:00:53 -0700 (PDT)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F520130E79 for <tls@ietf.org>; Tue, 12 Jun 2018 11:00:53 -0700 (PDT)
Received: by mail-yw0-x22d.google.com with SMTP id w13-v6so7813946ywa.5 for <tls@ietf.org>; Tue, 12 Jun 2018 11:00:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jl5KnomardttOIADxw8lUIcmyOIgk1zjhJIVO1JXUPg=; b=mLQtxGwoK0lnjecwg5uC4vFmxaAprdJfiRYDoz2c894tRa4YFL1ctAnOq20nCvpc7U YRaN9Xy3acWphdoXFtQ+ghp4KJKZx6blcaQbxwESoVRR0Np27esZilmOzdDA4KtNH3av Pev00RE4De7wxdSoGJ/KGDYBXljels0vSKgowaxkGEUNHl4pZzSDUx7q+x2zAZredrzi ZDt2C8bLhU59qakGJHh6i6PIR2cHBPr2JKr6Qbcw7HUCGu/rCZzQqUB2rPs9ub6nQgea 7LrEF8ZXy1QjWhnJzFj0m4bdj8IZFzqzE1pkwrseTwY9+cYap9uIt9V+EqPYu8MKGk2a dXwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jl5KnomardttOIADxw8lUIcmyOIgk1zjhJIVO1JXUPg=; b=PnwKk0RwpbfAF4Uvovti0QKmVPf2hhj3+tieWrTXh1HW+c0KKOaAQSNV7by2KZXXKi efbTvqgBBtfOMQb6Xj7jqJopA/lpxaheT2DvTkGtYIXwsT3eZmMrcB5dnwXa0aYqHmBJ U7nw4woH/BC8d470glnQ6fIQkW72xfW7I0qgPdVt+2gkDUwdOWlojfkjpnbRR4+sdM5K xVd+dWsRt3yUgrL2B8BY9Z4/XVy6dID6lTBqy3CgpSPaldG60OG8xoxeZret6JJriqXZ LA7Q1q0u3atCOPV8vZCbVzJ1G+/Q4oH9km4qdFjwk4IZXJoL40rsBFUQ4cl9jHBSTo5c e5yg==
X-Gm-Message-State: APt69E3VSa5wMuEovocVJes8wdJ8Gy01n/CwK23TpUXCRbi1IuJ0365y qXKjqWJLgKPiVFdeFFGGtdePCG8t+7t6D2TWDS0=
X-Google-Smtp-Source: ADUXVKJutryL8EHRa9Fy3G1aYtLhlHPcCbDmoklIMvx7nKx0nmXk9jUiQIyAV6qeKOvCx/0K6kgrP91ezfPxWXQw98E=
X-Received: by 2002:a81:e82:: with SMTP id 124-v6mr675340ywo.79.1528826452432; Tue, 12 Jun 2018 11:00:52 -0700 (PDT)
MIME-Version: 1.0
References: <CAO8oSXmMY6JzKrbBqqRp2KvW1qET9qTjfNhwNQ_M3PAFSBbeuQ@mail.gmail.com> <MWHPR15MB1504272D9A44F7D361DF54D2AF7F0@MWHPR15MB1504.namprd15.prod.outlook.com>
In-Reply-To: <MWHPR15MB1504272D9A44F7D361DF54D2AF7F0@MWHPR15MB1504.namprd15.prod.outlook.com>
From: Christopher Wood <christopherwood07@gmail.com>
Date: Tue, 12 Jun 2018 11:00:40 -0700
Message-ID: <CAO8oSXnnXfo0U1vhN40bm87Riy726hgXMD_XF0aS2FqvXmz7Pg@mail.gmail.com>
To: Kyle Nekritz <knekritz@fb.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PSNKmn2stwaWiAmiTRbGUu_jQec>
Subject: Re: [TLS] CH padding extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2018 18:00:56 -0000

On Tue, Jun 12, 2018 at 10:55 AM Kyle Nekritz <knekritz@fb.com>; wrote:
>
> Since the Certificate message is sent in an encrypted record, the normal record padding mechanism (section 5.4) can be used, rather than sending the padding as actual handshake data.

Of course, and that requires padding on the fly and some way for the
sender to know what is the correct amount of padding per Certificate.
Plumbing up that API seems non-trivial. In comparison, one could
imagine pre-padding wire-encoded Certificate messages a priori using
the extension. So I still think restricting padding to CH is a bit
extreme.

Best,
Chris