IETF Logo Mail Archive

Re: [TLS] Impact of draft-ietf-mptcp-api on TLS

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 28 November 2012 23:26 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E04921F841C for <tls@ietfa.amsl.com>; Wed, 28 Nov 2012 15:26:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.598
X-Spam-Level:
X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NORMAL_HTTP_TO_IP=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L41HA4NKhGgl for <tls@ietfa.amsl.com>; Wed, 28 Nov 2012 15:26:31 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 33F5C21F8319 for <tls@ietf.org>; Wed, 28 Nov 2012 15:26:31 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 34226BE65; Wed, 28 Nov 2012 23:26:08 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X2c3hniWmjCw; Wed, 28 Nov 2012 23:26:07 +0000 (GMT)
Received: from [10.87.48.10] (unknown [86.44.77.127]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 12187BE4D; Wed, 28 Nov 2012 23:26:07 +0000 (GMT)
Message-ID: <50B69D8E.2050309@cs.tcd.ie>
Date: Wed, 28 Nov 2012 23:26:06 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Geoffrey Keating <geoffk@geoffk.org>
References: <20121128153650.7A2971A3BD@ld9781.wdf.sap.corp> <50B6333C.50606@cs.tcd.ie> <m2624ptshs.fsf@localhost.localdomain>
In-Reply-To: <m2624ptshs.fsf@localhost.localdomain>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Florian Weimer <fweimer@redhat.com>, tls@ietf.org
Subject: Re: [TLS] Impact of draft-ietf-mptcp-api on TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2012 23:26:33 -0000

Hi Geoffrey,

On 11/28/2012 07:52 PM, Geoffrey Keating wrote:
> Stephen Farrell <stephen.farrell@cs.tcd.ie> writes:
> 
>> Hi Martin,
>>
>> We're trying to figure out if the mptcp API document needs
>> to say anything about tls, and if so, what. And I'd like
>> to do that so mptcp doesn't have to fall back to just tcp
>> for all cases where you need tls, if that's ok, so that
>> mptcp has a chance to get used. (I figure its hard enough
>> being a new transport these days, but being a new transport
>> that is useless under TLS seems like a bit of a killer.)
> 
>> On 11/28/2012 03:36 PM, Martin Rex wrote:
>>> The IP-address
>>> that the socket shows after connection establishment is
>>> completely irrelevant to the security of TLS, even when
>>> Server-Certificates with IP-Addresses in the SubjectAltName
>>> are used for server endpoint identification according to
>>> rfc2818 section 3.1.
>>
>> Well, 2818 is just http/tls/tcp and the context here is
>> anything/tls/mptcp so I'm not sure that solves the problem
>> of what to say.
>>
>> I think its true that there's no security issue, but there
>> might be an interop issue, if different folks implement
>> tls/mptcp differently. If the tls code just uses the normal
>> socket api then there's nothing to say, but it won't get
>> the benefit of mptcp. If the tls code uses the basic api
>> then it can see which subflows are being used and different
>> folks might do different comparisons to the certs used.
> 
> Maybe a related example will help: suppose the user is trying to
> connect to https://198.51.100.3.  There is an HTTP proxy configured,
> so what the browser actually does is make a TCP connection to
> 192.0.2.99, send 'CONNECT https://198.51.100.3', and then start the
> SSL negotiation.  The certificate still has to mention 198.51.100.3,
> and doesn't have to mention 192.0.2.99.
> 
> So, in MPTCP, if the user asks for mphttps://198.51.100.3 (or
> whatever), then 198.51.100.3 is the address that has to appear in the
> certificate, even if the connection is redirected to some other
> endpoint, even if the redirection happens before any data is actually
> sent on the connection.

Right. And I think that ignoring excludedSubtrees that's all
fine and the right thing is to say that the TLS implementation
ought only compare the address of with which it chose to connect
for a client or the 1st subflow for a server against certs, if
it needs to bother with that.

I'm not sure what to say about excludedSubtrees though. Maybe,
given that nobody uses 'em or wants to use 'em for TLS (correct?)
we can just say its a potential problem and that you need to
use an advanced API if you care about that. (You couldn't be
sure not to have missed some IP address with the basic API I
think.)

I think that might be ok and will provide that feedback to
the mptcp folks unless someone else has more to say.

Cheers,
S.

v2.23.0 | Report a Bug | By Email