Re: [TLS] Comments on TLS extension mechanism

"Kyle Hamilton" <> Sat, 24 June 2006 21:42 UTC

Received: from [] ( by with esmtp (Exim 4.43) id 1FuFtC-0005h1-SE; Sat, 24 Jun 2006 17:42:02 -0400
Received: from [] ( by with esmtp (Exim 4.43) id 1FuFtC-0005gw-5l for; Sat, 24 Jun 2006 17:42:02 -0400
Received: from ([]) by with esmtp (Exim 4.43) id 1FuFtA-00085r-QE for; Sat, 24 Jun 2006 17:42:02 -0400
Received: by with SMTP id d4so705419nfe for <>; Sat, 24 Jun 2006 14:42:00 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta;; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=pvA+BhvbBFrXtoPMierPoOQIL/tKrOKcOsCMsaz1BLaNr60t41aNLL0Vurr3UCxhAmJTi/jMvQ/bcW36GHPFgyR29bRJDAEBTQAW9Yx6gS5SH2EKl8xecptsCpsL+jnlldFAR20frVZ8hDRDo4DMNBeXAABjErOCF15c7IFnggA=
Received: by with SMTP id f10mr3639434nfl; Sat, 24 Jun 2006 14:42:00 -0700 (PDT)
Received: by with HTTP; Sat, 24 Jun 2006 14:41:59 -0700 (PDT)
Message-ID: <>
Date: Sat, 24 Jun 2006 14:41:59 -0700
From: "Kyle Hamilton" <>
Subject: Re: [TLS] Comments on TLS extension mechanism
In-Reply-To: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <> <>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 25620135586de10c627e3628c432b04a
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

Because, as I understand it, within every protocol (including IP)
there has been a specific item dedicated to research.  There is
certainly no current shortage of IDs... but there's also nothing in
place to provide a mechanism when resource exhaustion occurs.  There's
also nothing in place to keep experimental IDs from trampling on each
other.  (In this particular case, I'd like to inform the other end of
what security policy this computer must implement, and determine if
there is a compatible mapping before continuing the connection.  This
determination is not something that any current protocol does, and I
want to research the security issues with such an action as this
before I make any kind of proposal about it.)

If you're worried about "increasing the complexity of the current
parser", put a length integer just after the extension ID so the
parser knows how much to skip if it doesn't understand the extension.
Which is, as I understand it, approximately how the extensions are
supposed to work anyway.


-Kyle Hamilton

On 6/24/06, David Hopwood <> wrote:
> Kyle Hamilton wrote:
> > I would like to request that a specific TLS extension number, say
> > 65534, be used as a means of negotiating arbitrary TLS extensions for
> > specific application and research purposes, with the express
> > understanding that this mechanism SHOULD NOT be used unless no other
> > option presents itself, AND the implementor is aware of any potential
> > security issues that may be introduced.  The format I propose would be
> > akin to:
> >
> > struct {
> >   int extension_ID,
> >   OID arbitrary_extension,
> >   int extension_data_length(65535)
> >   opaque(arbitrary_extension_data)
> > } TlsArbitraryExtensionType;
> >
> > Since section 5 of RFC4366 (and predecessors) states that new
> > extensions shall ONLY be approved through RFCs approved by the IESG,
> > this is the only logical place to propose such that I can find.
> Why would we want to approve an extension that essentially bypasses
> the current approval policy, which was agreed by concensus of the
> TLS WG, and that also increases the parsing complexity of such extensions
> for no good reason?
> There is no extension ID scarcity problem. The policy for approval of
> new extensions is exactly as intended, and the lack of an experimental
> ID range is quite deliberate:
>    The list of extension types, as defined in Section 2.3, is maintained
>    by the Internet Assigned Numbers Authority (IANA).  Thus, an
>    application needs to be made to the IANA in order to obtain a new
>    extension type value.  Since there are subtle (and not-so-subtle)
>    interactions that may occur in this protocol between new features and
>    existing features that may result in a significant reduction in
>    overall security, new values SHALL be defined only through the IETF
>    Consensus process specified in [IANA].
>    (This means that new assignments can be made only via RFCs approved
>    by the IESG.)
> --
> David Hopwood <>
> _______________________________________________
> TLS mailing list

TLS mailing list