Re: [TLS] TLS padding breaks ironport
Martin Thomson <martin.thomson@gmail.com> Thu, 17 April 2014 21:16 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77B131A0119 for <tls@ietfa.amsl.com>; Thu, 17 Apr 2014 14:16:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pY-4YzXS84Ev for <tls@ietfa.amsl.com>; Thu, 17 Apr 2014 14:15:51 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) by ietfa.amsl.com (Postfix) with ESMTP id 08DEF1A0054 for <tls@ietf.org>; Thu, 17 Apr 2014 14:15:50 -0700 (PDT)
Received: by mail-wi0-f181.google.com with SMTP id hm4so50929wib.2 for <tls@ietf.org>; Thu, 17 Apr 2014 14:15:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=GYOL6KH16PPJwybZEiVZq9AmcTmy6ITSh2B/pldwlTw=; b=N9QlVLv2nkYxWsJiIPp2ZdIXUIFygnWzeh7a7Ha/khkjpOSG3d8Ug+Dexh4tIlgZfN dMbJIv/b2dyB3478Noz2CV1lxXvp9xe2Ldoo5V6+MagWUZeSB9AwiKeP8lLPqYGaP0YK sGvpv5zeoRC/m1y6cDp3OIwYMDarAbA+ILjlxpOJDoXT/nS6F2wwhsGpLyJaqYOC1qSn TDYNeS/e4ce8lyZa/gI8xGwzT7Pw1r0gMmp0vx+ASvEjsHcCl56fyTmweLGFVTDwg9tg xdniqjAq3B/GbMkPPOUemGGlSHDQMZXzstdPNK6WMNlyIMhfuchUwXFW5PVV4zn8fdNU PLyQ==
MIME-Version: 1.0
X-Received: by 10.194.192.132 with SMTP id hg4mr13712585wjc.28.1397769346955; Thu, 17 Apr 2014 14:15:46 -0700 (PDT)
Received: by 10.227.144.132 with HTTP; Thu, 17 Apr 2014 14:15:46 -0700 (PDT)
In-Reply-To: <CAFewVt5QpM-Bg=3jab=5X2YJNYrehpjVx+hJfQFihLUwXsaaWg@mail.gmail.com>
References: <20140417203056.GA14753@roeckx.be> <CAFewVt5QpM-Bg=3jab=5X2YJNYrehpjVx+hJfQFihLUwXsaaWg@mail.gmail.com>
Date: Thu, 17 Apr 2014 14:15:46 -0700
Message-ID: <CABkgnnXF9TpHxQ73pMuNeW5MnzQo82N67sbq04-QBYJ-L062Jg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Brian Smith <brian@briansmith.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Qrj4xxOxOprKBE0JSKhiibzANWI
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] TLS padding breaks ironport
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2014 21:16:01 -0000
On 17 April 2014 13:47, Brian Smith <brian@briansmith.org> wrote: > (3) Don't use the padding extension at all, and instead include a fake > session ticket in the session ticket extension, when the ClientHello size is > in the danger zone and there's no session ticket to send. The assumption > here, which is almost certainly invalid, is that server implementations all > silently discard malformed session tickets sent by the client. Yes, that seems unlikely to work in the extreme, based on the description of the SSL2/TLS length bug we have. The only trigger there is the length of the ClientHello. I think that it might be OK to turn off padding if there is a session ticket. This might be conditional, as you describe, but I'm guessing that the only cases where we enter the 256-511 range is as a result of the session ticket, so there is probably no difference between (1) and (2) in practice.
- [TLS] TLS padding breaks ironport Kurt Roeckx
- Re: [TLS] TLS padding breaks ironport Adam Langley
- Re: [TLS] TLS padding breaks ironport Brian Smith
- Re: [TLS] TLS padding breaks ironport Martin Thomson
- Re: [TLS] TLS padding breaks ironport Kurt Roeckx