[TLS] Flags extension and announcing support

Yoav Nir <ynir.ietf@gmail.com> Fri, 22 January 2021 05:16 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4789F3A10C7 for <tls@ietfa.amsl.com>; Thu, 21 Jan 2021 21:16:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Llh9OFSWlunb for <tls@ietfa.amsl.com>; Thu, 21 Jan 2021 21:16:24 -0800 (PST)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA5323A10C0 for <tls@ietf.org>; Thu, 21 Jan 2021 21:16:24 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id bx12so5137157edb.8 for <tls@ietf.org>; Thu, 21 Jan 2021 21:16:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:date:to; bh=jtnhfrMF0xma7MgpN1rJ55+kbUcRd9AiRjppvlHt700=; b=muc34zt3n6dGGIbDDCoML2+50UiPSN7Fjqwi/Clr/81EVRACqKb6ZLc7j+urH4bz3k abMh0623hZrnYMOk1K2zxy7UTUtIt+lzrpsPTrYquGQDKl4fE814Dq1QJh/7dt4YaM1f OUNlB3WQGPHb1905LUxVxm3V9EOCiap+qZoRENGTGcu2K+HBSAHrBRH15uQDJgdRbWGD qtSDoeyUoi272xj0f/QUGulego1w8RezIWImCEpKhFvSjw/9szGM51beHw2tgx3bMN/n es/ak17OTKCgniac1HFLnFbUfEV5yaA4G9V2PXqo2UOWVf/Zu/6P1j+V5x1bO++NTxbC M6sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=jtnhfrMF0xma7MgpN1rJ55+kbUcRd9AiRjppvlHt700=; b=QJKmb739WeZJhGRTlMdVOllac6CiFgqGn0Aty5fNLd6j6vXrboMlRw2H1FjjmK9asY oXU+28uauwNQZbUmkD7B0il+HQGyxfCXn3LNPcgjhzsibs9z7iCkkozX7XJSfNLTq3hN oICU2QvMq6C711QpvqZXeKgU+BKjNfLhIYtBEZxAOB5MsZsw6STUC0GoZAJWuIpEJmS9 9Ee2xiJdvBen337cUfSRFXw90kjFEdavCN86YKpy91k6j1Zpv37KR4hq/o+5tICcpBax /0OWNaTTeV8Z8QLNh1Q4fGzOQIjDNV1W63BjPIXD88CVckTwJTielNiYFzLXFILqVFm5 kp3w==
X-Gm-Message-State: AOAM532EE5n3ycSL3XtDzC0w5YQ4uxh3uLczrtYMflnCxDn7ErXUpjE5 WKYsTfUMFV7FdYKw5f1lrOG1oqweD38=
X-Google-Smtp-Source: ABdhPJxq0eLS2VXZHZ++3kejV7xJ7D7wz8AOWrS65+klRAlEi6MO1DxWk2L35Zg++oDw2pCMWypWvw==
X-Received: by 2002:aa7:de99:: with SMTP id j25mr1858938edv.29.1611292582541; Thu, 21 Jan 2021 21:16:22 -0800 (PST)
Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id x20sm3519582ejv.66.2021.01.21.21.16.21 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Jan 2021 21:16:21 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_22ED209B-DC6A-41BB-856F-DB2D76530043"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.40.0.2.32\))
Message-Id: <A7A1AB60-6E20-4F84-A36D-EA9BD8D9C990@gmail.com>
Date: Fri, 22 Jan 2021 07:16:20 +0200
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3654.40.0.2.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PvqY71X0BqxoP6_VDJLFIUqOnEg>
Subject: [TLS] Flags extension and announcing support
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 05:16:26 -0000

Hi.

See this PR: https://github.com/tlswg/tls-flags/pull/5 <https://github.com/tlswg/tls-flags/pull/5>

The PR is for clarifying what TLS messages may carry the flags extension.  So any message that can carry an extension, can carry a flags extension (if there are flags defined for that message). These are:
ClientHello
ServerHello
EncryptedExtensions
Certificate
CertificateRequest
HelloRetryRequest
NewSessionTicket

All except the first are Server-side.

The controversy is about unsolicited flags. An unsolicited flag is a flag that is set in a Flags extension in a server-side message without having been first declared in the ClientHello extension.

There is no controversy about flags in ServerHello and EncryptedExtensions. Those cannot have unsolicited flags, because both messages are responses to the ClientHello. 

The question is about the other messages. especially the NST and CR.

What do other think?

Yoav