IETF Logo Mail Archive

Re: [TLS] DTLS 1.3

Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 05 July 2016 08:42 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D32812D18F for <tls@ietfa.amsl.com>; Tue, 5 Jul 2016 01:42:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.521
X-Spam-Level:
X-Spam-Status: No, score=-2.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rDGSuUHGEgbT for <tls@ietfa.amsl.com>; Tue, 5 Jul 2016 01:42:12 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8725312D188 for <tls@ietf.org>; Tue, 5 Jul 2016 01:42:11 -0700 (PDT)
Received: from [192.168.10.132] ([80.92.121.176]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0Ltqb7-1bU13z3XUr-011A9E; Tue, 05 Jul 2016 10:42:07 +0200
To: Ilari Liusvaara <ilariliusvaara@welho.com>, Eric Rescorla <ekr@rtfm.com>
References: <577A38A2.2090209@gmx.net> <20160704140312.GC4287@LK-Perkele-V2.elisa-laajakaista.fi> <577ABCE2.9050409@gmx.net> <20160704204603.GA4837@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBMYQ=SWfEwFVjpmO3Pzh78VTrdqXKF26TDnSA-nR-k=rQ@mail.gmail.com> <20160704211805.GC4837@LK-Perkele-V2.elisa-laajakaista.fi>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
X-Enigmail-Draft-Status: N1110
Message-ID: <577B72E0.4090102@gmx.net>
Date: Tue, 05 Jul 2016 10:42:08 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <20160704211805.GC4837@LK-Perkele-V2.elisa-laajakaista.fi>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="DQLvE1C8FAINHTKUdj2mXRFUxOXHVfJ3b"
X-Provags-ID: V03:K0:Po8QtaWN5HiTE7Rtntl4ROdGLmNxpEoNzFA5JEmeeo4rRFuMHS2 H6v9uiKKOHG/UWuQpc0UaPd0phrjzgxOhQV+SE2i/bdKP37y2fXUlKVTDVqEVG9KgyWILHc e4eb2SviK3Njuu0vWnlAAWsEcb/FQri1i0a0eYWxFA+uh3h6siokaryFxOsq6r7BEesKrkh e/jx0nR9CFtUum8xbi1Rg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:lRWP9Tk2dq0=:v1rtgnE3YFGOyUE8Fooflz xdVtv+5zKYk6bYC6HiUC8/A/pQawvQnQQAg4NQH9Ga32VhrBgpL5OT3kZ81aPtYG4/RmPBBio QMWplKxCK8Ol9CnTqyODHOGyiROiPVj+U9gD6udSZP0Eqb/2RHB1ASxgH4IkxTB6uFcoFkiuD 4G/KbkbyddTm8TBcNNJ9dKcc/vzzsI45vQxIIZj9Y4yxVSoKqYPoV2zzNdJla0lHwra0NWZBL a0i+XVQnmEOC+MN9XrtS9143gjcZ5IiAb069e6TnE8pfTmsZZoPuhuU3AqzwSI7XMHQ8a8Mz2 iTTCC5JjCi/WEm0JzJsw2HGES4ai6JznFuGcwd25EaYYwKdzfiLKAoUn8qbHKE41YYSu/55FS 3UkcmFc02p1hbzhzHXUIsIkacECrEQiLTELyIB9eKvZmnwM5WM7mBowh31dm0Eh4BLqaVDEjJ fuUl1fc9hi3OF9MUTVxA8LjwRmnDLhsjwjvrSkApRyrP+MmSmhfE+mPxk998K57IIS0luD4Xb xbOzZH+6Wk8YttdkX26eQnUNR73zH1+mf99toYuO0ypfgi9BM+TU1pSv/ETy69ZaI/LgKR6Pn vIro0NXvegHcqx6K7Y1qvKdvHadzLeA9qyCLwx3RTgNdIJv3Zf0kZJvrVdkPqU+VyXUvOEtCe ZF/MOnI5grh1JHMRnTa1IGtrOTx9nq6xNp8XEs1KPMcyL3ENIoSABb3YEE94kmObfA1FAPnKH 5yKdTqaTblE3xWN+e9lQWywXtK4tQjCt0eBK5QETU541j2IT8eAMWQhBTDo=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Pi-4JozIerhDZSmfheColFccrkc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] DTLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2016 08:42:13 -0000

Hi Ilari,

On 07/04/2016 11:18 PM, Ilari Liusvaara wrote:
>> > IMO we should just forbid HVR for DTLS 1.3. I.e., you should just send
>> > HRR.
> Yes, DTLS 1.3 servers can't send HVR, but that doesn't mean DTLS 1.3
> clients can't receive HVR (and then need to handle it somehow).
> 
> And if downnegotiation is to be possible, then that way should be
> compatible with DTLS 1.2 (sticking the cookie into legacy cookie
> field and clearing the hash should be compatbile enough).
> 

Consider the following three cases:

* Client supports DTLS 1.2 / 1.3 but the server supports only DTLS 1.2.

If the client starts the exchange with DTLS 1.3 then the server could
return a HelloVerifyRequest as defined in DTLS 1.2 and the exchange can
continue. For the client it is not a problem to deal with the HVR since
it supports both stacks.

* Client supports only DTLS 1.3 and server supports DTLS 1.2/1.3.

Here the client starts with a DTLS 1.3 exchange and the server will only
reply with a HelloRetryRequest as defined in TLS 1.3. It should bother
dealing with the DTLS 1.2 functionality when interacting with a DTLS 1.3
client.

* Client supports only DTLS 1.2 and the server supports DTLS 1.2/1.3.

In this case, the client starts with the regular ClientHello and the
server will determine based on the version that it has to proceed with
DTLS 1.2.

I believe that this could work fine.

Ciao
Hannes

v2.23.0 | Report a Bug | By Email